mario roberto fortunato
Android Engineer turned Offensive Security Practitioner, with 4+ years of experience building production mobile applications and a growing specialization in mobile penetration testing. Deep familiarity with Android internals, Kotlin/Java codebases, and mobile architecture patterns supports more thorough and developer-aware security assessments.
Certifications
- CAPT (Certified Associate Penetration Tester) - Hackviser (2026)
- PMPA (Practical Mobile Pentest Associate) - TCM Security (Expected July 2026)
Skills
- General: Linux (Ubuntu/Kali), Bash scripting, VirtualBox/KVM, network enumeration, CVE research
- Penetration Testing & Tooling: Metasploit, Meterpreter, Burp Suite, Wireshark, Nmap, Netcat, ffuf, Gobuster
- Mobile Security: JADX, Frida, apktool, MobSF, ADB, split APK analysis
- Android Development: Kotlin, Jetpack Compose, Coroutines, Flow, Dependency Injection, Retrofit, Room, MVVM, MVI, Clean Architecture
Projects
Physical Key Device Protocol (PKDP)
A session-binding protocol layered on OpenSSH that cryptographically ties the lifetime of an SSH session to the continuous physical presence of a USB device. Designed as a hardware-enforced access control mechanism against unattended session hijacking.
Horizon Pattern
Designed a custom architectural pattern to extend traditional MVI approaches, enabling cleaner separation between UI and business logic in Jetpack Compose applications.
Contact
- Email: dev@mariorobertofortunato.com
- LinkedIn: linkedin.com/in/mariorobertofortunato
- GitHub: github.com/mariorobertofortunato