Shay Mordechai

Android Malware Researcher · Reverse Engineer · AI Security

I reverse engineer Android malware to understand how modern threats evade analysis, execute before application initialization, and abuse operating system internals. I investigate where security assumptions break—across OS boundaries and AI systems.
[ Malware Analysis ] [ Reverse Engineering ] [ Android Internals ] [ Frida / DBI ] [ AI Security ]
Digital Whisper #187 · Android Malware OpenAI / Bugcrowd · Session Quota Bypass CERT-IL #11265 · Compiler 0-Days
[ACTIVE LAB] CURRENT RESEARCH: Reverse-engineering libbinder.so (ARM64) extracted from a physical Samsung S20 to analyze /dev/binder ioctl transaction flows, investigating the structural boundaries of UI allocation during the application bootstrap and how early-stage malware hooks these processes.

📈 Research Evolution & Milestones

Feb 2024
Desktop RE
Jul 2025
Compiler 0-Days
Dec 2025
V8 Engine Security
Apr 2026
LANjack Mitigation
May 2026
Android Bootstrap Hijacking
Jun 2026
OpenAI Disclosure
// Active Research & Malware Analysis
Featured Publication: Android Bootstrap Hijacking Digital Whisper

Abstract: The Android security model assumes applications behave predictably once the framework loads. But what happens if malware injects itself into the Zygote process before the UI is even allocated? This research explores Bootstrap Hijacking, analyzing the precise timing races between OS initialization and dynamic analysis tools like Frida.

Focuses on advanced evasion techniques used by modern Android Banking Trojans and the abuse of attachBaseContext().

🔗 Read the Publication
Android Internals & Mobile Reverse Engineering Lab Dynamic Instrumentation
📖 View Mobile Reverse Engineering Labs on GitHub
// AI Security & Responsible Disclosure
Session Quota Enforcement Bypass — ChatGPT OpenAI · Bugcrowd

Finding: Identified a session-state desynchronization flaw in ChatGPT's backend that allows established in-flight API streams to persist and consume GPU/CPU resources after an account has been officially quota-locked at the UI layer.

// Vulnerability Research
0-Day Research: Breaking Compiler Boundaries CERT-IL #11265

Abstract: A deep dive into the underlying logic of compilation pipelines. Utilizing AI-augmented semantic fuzzing, this research exposed critical scope isolation anomalies and memory crash conditions within the SBCL compiler. Disclosed to CERT-IL and MITRE.

🔬 View Compiler Fuzzing Showcase
// Infrastructure & Diagnostics
Secure AI SaaS Architecture & Diagnostics Architecture

Built experimental workflows and secure infrastructure designs emphasizing zero-trust and execution isolation.