Security research
from first principles
No CS degree. No certification shortcuts. Years of reading code as terrain.
How I got here
I started with MBBS — a medical degree built on failure-mode thinking. The question a doctor asks about a body is the same question a security auditor asks about a system: where does this break, and how badly?
I left medicine and spent the next decade teaching myself systems programming, vulnerability research, and exploit development. No degree. No bootcamp. Just code, CVE writeups, and the discipline to question every assumption.
What I built: the VMF Engine — a geometric vulnerability scanner that projects code through 5 observation dimensions. The 5-Dimension Method is what I apply in every PotatoBullet audit.
The Error Principle is my original contribution: a formal framework showing that unhandled errors in security-critical paths create quantifiable information debt (D_e) that compounds across trust boundaries. Whitepaper available on request.
Platforms researched
Android AOSP
Deep analysis of Binder IPC — Parcel serialization, raw pointer patterns, capacity/size confusion across system services.
Chrome / Chromium
Mojo IPC layer — exploit chain mapping across native struct serialization and data pipe dispatch paths.
Meta / Instagram
Android APK reverse engineering — ad integrity flows, authentication bypass paths, cross-app token handling.
Amazon
API surface analysis — credential exposure, authentication flow review, network configuration assessment.
Cash App
Java decompilation across DEX files — resource leak chains, error debt analysis in payment and database flows.
Indian Fintech
Paytm, Zerodha and others — API misconfiguration, hardcoded credential patterns, network security review.
The 5-Dimension Method
Structure
What the code says. Types, control flow, function signatures. Most real vulnerabilities are invisible here alone.
Data Flow
Where data comes from, every transformation, every destination. Stale provenance is the most commonly missed class.
Memory Geometry
Adjacency, layout assumptions, pointer arithmetic, lifecycle misalignment. Memory corruption exploits are geometry problems.
Error State
What happens when things go wrong. The happy path is tested millions of times. Attackers live in the error path.
Chain Potential
What can an attacker do after the bug? A vulnerability without a chain is a bug. With a chain — it’s a weapon.
Every finding passes the Feynman Gate
What would disprove this? Am I overstating severity? Is it reproducible? Would I bet my reputation on it? Fail any — it doesn’t go in.
Request a Free Sample →