Applied reverse engineering techniques to unveil and patch numerous security vulnerabilities and exploits within a mobile app with over 500,000 all-time users, and learned in the presence of experienced engineers and executives of a growth-stage company based in Seattle, WA.
Spearheaded the successful 2.0 release of a browser extension, driving a substantial increase in the company's Twitter followers to 30,000, monthly customer base to 2,000, and achieving a peak of $50,000 MRR.
An app that automates Duo Push MFA login requests for college students, and allows them to replace Duo with other MFA providers, such as Authy and Google Authenticator.
Was meant to be a VALORANT highlight-clipping application. Domain is currently lended to my friends Aayush and Akash, who are building something similar with Twitch clip extraction.
Chrome extension that automated checkout across hundreds of retailers. Accrued over 6,500 users, $5000 MRR, and 7,500 Twitter followers, operated by a team of 10 teenagers from the US, Malaysia, and Bulgaria. Shutdown abruptly due to personal health-related reasons.
Desktop automation software designed to purchase extremely limited sneakers from retailers such as Shoe Palace, Footlocker, and more. Eventually focused full-time on Sythe.
Desktop automation software to purchase high-value sneakers from Nike's SNKRS platform. Attained 2,500+ beta waitlist signups and 1,000 Twitter followers, followed by a 2-week lifespan before pursuing other ventures instead.
Reverse engineered the Veo Micromobility scooter mobile application (that's a nasty sentence). I found an extremely severe vulnerability that I'm currently working on disclosing.
Reverse engineered the TransitGo app, a mobile application that allows users to pay for Seattle's public transportation. I found an amusing method that allows users to ride for free. I may or may not have used this to commute to work for free over the course of my internship in Seattle. To be fair the drivers don't really care.
Reverse engineered the DuoSecurity mobile app, created my own script to auto-approve my login requests whenever I want. This is directly tied to my little project, Pushmate, which is listed above!
Aimed to create study guides and flashcards for students using LLM technology and OCR. The project was abandoned due to the lack of a viable business model. Worked on this with James Xu, Elizabeth Qiu, and Nico (sorry heh I don't know your last name). I've observed many similar projects since then, best of luck to those!
Reverse engineered Fetch Rewards, a mobile application that allows users to submit receipts for cash and gift card rewards. I have discovered some things, but I cannot reveal what they are due to legal reasons. All work will be disclosed to Fetch.
A social hub for friends and family to monitor finance, a simple and secure platform for lending and spending, and a non-destructive companion to one's buying experience. Spending other people's money has never been easier and more secure. Built for the Bitcamp 2022 hackathon. Devpost
GOAT is a sneaker marketplace that hosts a Black Friday sale every year where they release extremely valuable sneakers in a FCFS release style. I extracted the API endpoints from the mobile app and used them to create a bot that automatically detected the release in milliseconds, solved the CAPTCHA challenge, submitted the purchase, and polled the enqueued order's status.
My first ever foray into reverse engineering Android apps. Veve is a digital collectibles marketplace that hosts a variety of NFTs, including Marvel, DC, and more. My plan was to build a bot for their releases which would net me collectibles which I could then exchange for gems, and eventually cash! I eventually gave up, thanks to Kasada's bot mitigation technology.
A privacy-forward Chrome Extension that allows users to monitor where their data is being sent and how it is being used. Built for the TeenhacksLI 2021 hackathon and won the People's Choice award. Devpost
A prototype comprised of a Chrome extension and a Node script to automate the process of solving Google ReCAPTCHAs (y'know, the thing that asks you to select traffic lights). I whiteboarded all the logic for correlating bounding box data with the correct image tiles, which was super fun. Object detection technology provided by AWS Rekognition. Demo
Aimed to create study guides and flashcards for students using LLM technology and OCR. The project was abandoned due to the lack of a viable business model.
created my first website using html/css and coding in the now-retired atom text editor! :)
Last updated: June 13, 2024.
Copyright 2024. Andy Guo