GitHub Projects

Damn Vulnerable Bank App (DVBA)

An intentionally vulnerable Node.js-based banking application to help bug bounty hunters and developers understand common security flaws.

Vuldroid

A vulnerable Android application designed for learning and practicing mobile app exploitation techniques such as WebView XSS, intent hijacking, and insecure storage.

Patronus

A powerful Android runtime instrumentation framework focused on red team assessments and app analysis, designed to help identify and bypass runtime protections.

Talks Delivered

Attack Surface for Android Apps – Red Team Village

Delivered a technical session at Red Team Village covering attack vectors in Android applications, reverse engineering, and tooling approaches.

Discovering the Hidden Treasures in Mobile Apps – ThreatCon 2022

Spoke at ThreatCon Nepal on advanced mobile security issues and hands-on findings in real-world Android applications.

Black Hat Asia 2022 – Patronus

Showcased Patronus, an Android runtime instrumentation framework, at the Black Hat Arsenal stage in Singapore.

Black Hat Asia 2023 – Advanced Android Runtime Attacks

Returned to Black Hat Asia in 2023 to present advanced Android runtime vulnerability chains and exploitation paths using open-source tooling.