About

About

Security research
from first principles

No CS degree. No certification shortcuts. Years of reading code as terrain.

Background

How I got here

I started with MBBS — a medical degree built on failure-mode thinking. The question a doctor asks about a body is the same question a security auditor asks about a system: where does this break, and how badly?

I left medicine and spent the next decade teaching myself systems programming, vulnerability research, and exploit development. No degree. No bootcamp. Just code, CVE writeups, and the discipline to question every assumption.

What I built: the VMF Engine — a geometric vulnerability scanner that projects code through 5 observation dimensions. The 5-Dimension Method is what I apply in every PotatoBullet audit.

The Error Principle is my original contribution: a formal framework showing that unhandled errors in security-critical paths create quantifiable information debt (D_e) that compounds across trust boundaries. Whitepaper available on request.

Track Record

Platforms researched

🤖

Android AOSP

Deep analysis of Binder IPC — Parcel serialization, raw pointer patterns, capacity/size confusion across system services.

🌐

Chrome / Chromium

Mojo IPC layer — exploit chain mapping across native struct serialization and data pipe dispatch paths.

📸

Meta / Instagram

Android APK reverse engineering — ad integrity flows, authentication bypass paths, cross-app token handling.

🛒

Amazon

API surface analysis — credential exposure, authentication flow review, network configuration assessment.

💳

Cash App

Java decompilation across DEX files — resource leak chains, error debt analysis in payment and database flows.

📱

Indian Fintech

Paytm, Zerodha and others — API misconfiguration, hardcoded credential patterns, network security review.

Methodology

The 5-Dimension Method

01

Structure

What the code says. Types, control flow, function signatures. Most real vulnerabilities are invisible here alone.

02

Data Flow

Where data comes from, every transformation, every destination. Stale provenance is the most commonly missed class.

03

Memory Geometry

Adjacency, layout assumptions, pointer arithmetic, lifecycle misalignment. Memory corruption exploits are geometry problems.

04

Error State

What happens when things go wrong. The happy path is tested millions of times. Attackers live in the error path.

05

Chain Potential

What can an attacker do after the bug? A vulnerability without a chain is a bug. With a chain — it’s a weapon.

Every finding passes the Feynman Gate

What would disprove this? Am I overstating severity? Is it reproducible? Would I bet my reputation on it? Fail any — it doesn’t go in.

Request a Free Sample →