Conducting penetration tests and reverse engineering on mobile/web apps, APIs, cloud environments, enterprise systems, and embedded devices for medium to large clients in the mobility sector. Involved throughout the entire process, including customer consultation, proposal preparation, project planning, assessment execution, detailed technical reporting, and providing remediation advice on both strategic and technical levels.
Performed manual source code audits in C, C++, Java/Kotlin, and JavaScript, with a focus on identifying vulnerabilities in security-critical components and recommending improvements. Expertise ranges from low-level authentication mechanisms in resource-constrained embedded systems to validation and quality-of-service (QoS) checks in protocol-rich application-layer systems with fundamentally different architectures and use cases.
As Mobile Security Topic Lead, I am responsible for advancing the mobile security testing service by developing and applying new testing methodologies. I ensure alignment with industry standards such as OWASP MSTG, conduct in-depth security assessments and reverse engineering. Test results and newly discovered techniques are contributed back to the OWASP MSTG, helping to improve and evolve the industry standard.
Topic lead for an internally developed Capture-the-Flag (CTF) workshop. Responsible for both strategic and technical development, including customer acquisition, planning, and hands-on delivery of workshops.
Enhanced a password-cracking platform based on Hydra and John the Ripper with features like automatic hash identification, optimized configurations, intelligent wordlist/rule selection, result visualization, and performance improvements.
Red teaming campaign for a critical infrastructure client, including the execution of a spear phishing operation to achieve initial compromise.
For my bachelor's thesis, I worked on a device to simplify the forensic process of disk imaging for mobile devices. The goal was to convert an inexpensive and portable single-board computer into a performant and reliable forensic duplicator.
Creating risk assessments and security concepts as Security Manager in Process (SMP) in the automotive context. Working as Software Developer mainly on Java backend components.
Android and iOS with a focus on native app frameworks
Reverse Engineering, Binary Analysis, Malware Analysis with JADX, Ghidra, Radare and Frida
Python, C++, C, Java/Kotlin, Go
Backend, Cloud, Web App, API with BurpSuite, Bruno and more
Hardware, IoT, Automotive
QNX, Linux, Cloud (Azure), Webserver