Current Members


jduck, Group Founder

Joshua J. Drake is the VP of Platform Research and Exploitation at Zimperium and Lead Author of the Android Hacker's Handbook. Joshua focuses on original research such as reverse engineering and the analysis, discovery, and exploitation of security vulnerabilities. He has over 10 years of experience in the field and regularly speaks at top industry conferences. Joshua was previously a Director of Research Science at Accuvant, where he headed up a team of elite vulnerability researchers. Prior to Accuvant, Joshua also worked with Rapid7’s Metasploit and VeriSign’s iDefense Labs. Additional notable accomplishments include exploiting Oracle’s JVM for a win at Pwn2Own 2013, successfully compromising the Android browser via NFC with Georg Wicherski at BlackHat USA 2012, and winning the DefCon 18 CTF with the ACME Pharm team in 2010. Stagefright?


quine, Sr. Research Scientist

Zach Lanier is a Director of Research with Cylance, specializing in various bits of network, application, mobile, and embedded security. Prior to joining Cylance, Zach most recently served as a Senior Research Scientist with Accuvant Labs, and prior to that as a Senior Security Researcher with Duo Security. He has spoken at a variety of security conferences, such as Black Hat, DEF CON, CanSecWest, INFILTRATE, Countermeasure, and SummercCon, and is a co-author of the "Android Hackers' Handbook" (Wiley, 2014).


pof, Unicorn Consultant

Pau Oliva is a Mobile Security Engineer with NowSecure. He has 10 years of experience working as R+D Engineer in a Wireless Service Provider. His passion for smartphones started back in 2004 when he had his first PocketPC phone with the Windows Mobile operating system and started reverse engineering and hacking HTC devices. He has been actively researching security aspects on the Android operating system since its debut with the T-Mobile G1 on October 2008. Pau has spoken at a variety of security conferences, including DefCon and RSA in USA and LaCon and NoConName in Spain, and is co-author of the upcoming Wiley's Android Hacker's Handbook.


jacobsoo, Couch Potato


jcase, Security Researcher

Very opinionated mobile security researcher.


0xroot, Security Researcher

I like to break things.


saidelike, Security Researcher



thomc, Security Researcher

Thomas is a penetration tester and security researcher with a focus on improving the security of mobile.


diff, Security Researcher

Tim Strazzere is a Lead Research and Response Engineer at Lookout Mobile Security. Along with writing security software, he specializes in reverse engineering and malware analysis. Some interesting past projects include having reversing the Android Market protocol, Dalvik decompilers and memory manipulation on mobile devices. Past speaking engagements have included DEFCON, BlackHat, SyScan, HiTCON and EICAR.


marcograss, Security Researcher

Senior Security Researcher at KEEN Lab (previously known as KEEN Team).


utkanos, Security Consultant/Researcher

Breaking things at Matasano, contributor to cyanogenmod, photographer, and craft beer snob.


anwarelmakrahy, Vuln Miner

21-year-old security researcher, gained his experience over nine years working on security-related tools and frameworks. In this time he has become skilled with a number of languages including C/C++, Java, Python & Assembly. His qualifications includes reverse engineering and detailed knowledge of security tools, technologies and best practices.


nanotechz9l, Free Diver

Rick is a Software security test engineer, and penetration tester at a software company. His focuses in both hardware/software security to include vuln research, exploit dev, malware analysis, and detection/intell automation. He's a student of ruby, c, and x86/x64/arm asm. He's also an avid follower of metasploit-framework, nanoelectronics, and embedded systems. Rick has presented his exploit dev workshop at ToorCON 13 in San Diego, and BSidesLV 2012 in Las Vegas.


vesh, Chimney Sweep

Angelo Vescio spends most of his time trying to figure out how to get obscure devices in places they aren't supposed to be...also wolfman


imcom, Developer

Yu Jin is a web developer at a network security company. He is interested in network security and Android security. Specifically he is keen on cryptography, protocols and Android security.


corrupt, Security Consultant

Prashant Mahajan is a Security Researcher and Consultant. He is interested in mobile device (OS and application) security.


cocaman, Security Officier

Working for a Bank in IT Security. Also breaking other stuff in job and free time. And I code.


k3170makan, Security Analyst

I Fight for the users


insitusec, Senior Security Engineer @ NowSecure

Security Engi-nerd


aDroidman, Software Engineer

Software Developer, SharePoint/Salesforce Admin. Spend my free time dabbling in web development.

Subho Halder

Subho Halder, Co-Founder and Security Researcher @ XYSec Labs

Programmer, Entrepreneur, Freelancer, Pentester and Exploiter. Loves to exploit Android. Lead Programmer and Creator of AFE.


Rex, Security Researcher, Vuln Miner

20 year old hacker. Peace, love, beer, zeroday!


warlord, (in)security

Animal lover.. hacking for fun & profit.


mspreitz, Security Researcher

Mobile security consultant and free time researcher in the field of Android malware analysis and forensics. Lead developer of the MobileSandbox system. Additionaly, giving talks and trainings in the afore mentioned topics.


cryptax, Security Researcher

Fighting malware that get on strange stuff. Talked at VB, ShmooCon, BlackHat Europe, Insomni'Hack,


fuzion24, Security Researcher @ NowSecure

I like to break things. I enjoy offensive security especially for Android/Linux.


scottyab, Developer/consultant

App Developer, trainer, speaker and co-author of the Android Security Cookbook.


adi0x90, Android Hacker @ Attify

Co-Founder and Droid Ninja at Attify. Author of "Learning Pentesting for Android Devices" . Speaker & Trainer at BlackHat, OWASP AppSec, Toorcon, Syscan, Nullcon etc. Co-Creator of AppWatch - The Mobile Security Platform. Found vulnerabilities in Google, Facebook, Twitter, Paypal, Skype, Webkit, Apple etc. in the past.


Zenofex, Research Scientist

Research Scientist @ Accuvant Labs. Founder of . Speaker 3 x @ DEFCON, 1 x @ Infosec Southwest, and 2 x @ BSides Austin


uberlaggydarwin, Security Researcher

Independent security researcher from Australia.. Likes reversing bootloaders. Does CyanogenMod dev in spare time.


revskills, Security Engineer

Security Engineer at Red Hat (Czech Republic) & Fedora Security Team. Hardware Hacking, Biker, PGP 0xE2E64DCA


oguzhantopgul, Security Researcher

Mobile Security Researcher


dmc, Security Researcher

Does computering for @MDSecLabs, lead author for the Mobile App Hacker's Handbook


virqdroid, Security Researcher

Nikolaos Chrysaidos is Mobile Malware & Security Analyst at Avast Virus Lab. Personal motto is "Whatever goes around, unlocks around"


linkdead13, Security Researcher / Student

Horrible @ Self Writing


haykuro, Security Researcher, Software Engineer

Good at computers. "He can unjam the printer really fast."


citypw, Security consultant, Coder

Doing FLOSS( Free/Libre & Open Source) security consulting by building defensive solution for GNU/Linux/Android security. Founder of HardenedLinux(


None yet.