I reverse-engineer APKs for fun. The bug bounties are a bonus.
Identified exposed JavaScript bridge interfaces in the target’s Android application WebView implementation, enabling potential data exfiltration through malicious page injection.
Critical WebView configuration flaw in the supply-chain facing Android module allowing JavaScript execution in privileged context.
Improper validation in deep link routing mechanism could allow unauthorized navigation to privileged in-app screens.
Third-party API keys exposed in the production JavaScript bundle, accessible via standard APK reverse engineering.
APK download, version pinning, scope validation against program policy.
Decompile with jadx, review AndroidManifest for exported components, search for hardcoded secrets and misconfigurations.
Frida hooks for runtime inspection, Burp proxy for traffic interception, WebView JavaScript bridge enumeration.
Write clear reproduction steps, assess CVSS, submit through HackerOne with full PoC.
Researching since class 10th. Bypass techniques for lockscreens, ADB exploitation, bootloader manipulation, and forensic data extraction on Android devices.
Building knowledge bases covering Advanced Persistent Threat groups across multiple nation-states. TTPs, attribution indicators, and tooling analysis.