📌 Status
Searching for 2025 internships!

Andy Guo

Software Engineer at Stackline and undergraduate computer science student at the University of Maryland who is passionate about building and breaking things. I'm currently exploring software, security, design, and product!
My Experience

Click on a position to learn more.

stackline Logo
seoulspice Logo
tbb Logo
sythe Logo
SDE I at Stackline
Jun 2023 to Present

I worked as a SDE Intern at Stackline, a retail intelligence company, during the Summer of 2023 and 2024 in downtown Seattle, WA. I'm currently working part-time, remotely from college.

During my Summer 2023 internship, I primarily explored the security side of things, peforming audits and pentesting on the Brandclub mobile app, which is a popular customer loyalty program that has been used by over 880K people. To summarize, I discovered and patched numerous API vulnerabilities, some of which allowed denial-of-service and unauthorized financial transactions.

In the Summer of 2024, I worked mostly on the backend of the mobile app, focusing on improving our web automation services. Much of this work involved reverse engineering and evading various bot protection vendors, such as Akamai BMP, Shape Security, and Amazon Metadata1. This was done in collaboration with my great friend and co-intern James Xu.

Since then, I've been continuing to research and implement methods to enhance the Brandclub Checkout and Sync user experience. Thank you to the wonderful Jonny Reiss for his help and guidance as a mentor, recuiter, and manager throughout my time at Stackline.

Other Projects

Failed ventures and other little adventures!

VeoRide ExplorationJun 2023 to Present

Reverse engineered the Veo Micromobility scooter mobile application (that's a nasty sentence). I found an extremely severe vulnerability that I'm currently working on disclosing.

TransitGo ExplorationJul 2023 to Present

Reverse engineered the TransitGo app, a mobile application that allows users to pay for Seattle's public transportation. I found an amusing method that allows users to ride for free. I may or may not have used this to commute to work for free over the course of my internship in Seattle. To be fair the drivers don't really care.

DuoSecurity Mobile ExplorationJul 2023 to Present

Reverse engineered the DuoSecurity mobile app, created my own script to auto-approve my login requests whenever I want. This is directly tied to my little project, Pushmate, which is listed above!

TelliApr 2023 to May 2023

Aimed to create study guides and flashcards for students using LLM technology and OCR. The project was abandoned due to the lack of a viable business model. Worked on this with James Xu, Elizabeth Qiu, and Nico (sorry heh I don't know your last name). I've observed many similar projects since then, best of luck to those!

Fetch Rewards ExplorationFeb 2023 to May 2023

Reverse engineered Fetch Rewards, a mobile application that allows users to submit receipts for cash and gift card rewards. I have discovered some things, but I cannot reveal what they are due to legal reasons. All work will be disclosed to Fetch.

MusePayMay 2022 to Aug 2022

A social hub for friends and family to monitor finance, a simple and secure platform for lending and spending, and a non-destructive companion to one's buying experience. Spending other people's money has never been easier and more secure. Built for the Bitcamp 2022 hackathon. Devpost

GOAT Black FridayNov 2021 to Aug 2021

GOAT is a sneaker marketplace that hosts a Black Friday sale every year where they release extremely valuable sneakers in a FCFS release style. I extracted the API endpoints from the mobile app and used them to create a bot that automatically detected the release in milliseconds, solved the CAPTCHA challenge, submitted the purchase, and polled the enqueued order's status.

Veve ReversalOct 2021 to Jan 2021

My first ever foray into reverse engineering Android apps. Veve is a digital collectibles marketplace that hosts a variety of NFTs, including Marvel, DC, and more. My plan was to build a bot for their releases which would net me collectibles which I could then exchange for gems, and eventually cash! I eventually gave up, thanks to Kasada's bot mitigation technology.

ProtegoMay 2021 to Aug 2021

A privacy-forward Chrome Extension that allows users to monitor where their data is being sent and how it is being used. Built for the TeenhacksLI 2021 hackathon and won the People's Choice award. Devpost

VisumMay 2021 to Aug 2021

A prototype comprised of a Chrome extension and a Node script to automate the process of solving Google ReCAPTCHAs (y'know, the thing that asks you to select traffic lights). I whiteboarded all the logic for correlating bounding box data with the correct image tiles, which was super fun. Object detection technology provided by AWS Rekognition. Devpost

spiritbrowserDec 2019 to May 2020

Aimed to create study guides and flashcards for students using LLM technology and OCR. The project was abandoned due to the lack of a viable business model.

my first ever websiteAug 2018 to Present

created my first website using html/css and coding in the now-retired atom text editor! :)

Hello! I'm currently reworking my site (like, right now right now). I have a lot to add~ please contact me if anything is urgent!

Last updated: October 22, 2024.