Android internals
Decompilation and runtime analysis uncover exported components, unsafe deep links, privileged WebViews, hardcoded secrets and client-side trust.
I reverse engineer Android apps, trace trust into their APIs and infrastructure, and find the logic flaws that automated testing cannot reason about.
$ whoami
Marius du Preez // security researcher
$ cat focus.json
$ ./status
● READY FOR TARGET
$
// CAPABILITY_MAP
Decompilation and runtime analysis uncover exported components, unsafe deep links, privileged WebViews, hardcoded secrets and client-side trust.
Authentication, authorization and multi-step product flows are tested manually for IDOR, account takeover, injection and logic abuse.
Eight years of infrastructure experience helps turn weak assumptions into concrete impact across identity, storage and internal services.
// HUMAN-LED TESTING
Production systems rarely fail in isolation. The interesting bugs emerge when mobile clients, APIs, identity, cloud services and business rules interact in ways nobody planned for.
My background in infrastructure and building businesses provides the technical and commercial context to recognize those failures.
open full research archive →Available for focused Android and web penetration testing, security consulting and independent research engagements.
send_message() ↗