Mateo Fumis

Security Researcher — Mobile & Web Penetration Tester

www.mfumis.com mateofumis@mfumis.com linkedin.com/mateo-gabriel-fumis GitHub: github.com/mateofumis Twitter: twitter.com/hackermater11

Executive Summary

Independent Security Researcher with a deep focus on Mobile Application Offensive Security. Specialized in identifying complex vulnerability chains in Android and iOS environments. Active contributor to Bug Bounty programs, focused on high-impact research involving API security and mobile exploit development.

Certifications & Training

eLearnSecurity Mobile Application Penetration Tester (eMAPT)

Feb 2026 (Expected)

eLearnSecurity / INE

Advanced professional certification focused on Android and iOS reverse engineering, dynamic instrumentation, and secure coding analysis.

API Penetration Tester

APIsec University • Aug 2024

Expertise in testing RESTful APIs for BOLA, IDOR, and logic flaws.

Practical Ethical Hacking (PEH)

TCM Security • Jul 2023

Comprehensive training in network exploitation, Active Directory, and web security.

Introduction to Network Analysis

Security Blue Team • Mar 2025

Protocol analysis and threat detection using Wireshark and Tshark.

Advanced Open Source Intelligence and Privacy

EC-Council • Aug 2023

Advanced data gathering and digital footprinting for reconnaissance.

Technical Arsenal

Mobile & Reverse

Frida Objection Jadx-GUI MobSF ADB Android Studio

Web & API

Burp Suite Pro Postman OWASP ZAP FFUF

Infrastructure

Wireshark Docker Linux (Kali) Python / JavaScript / Bash / PHP

Experience & Impact

Independent Security Researcher

2023 — Present

Bug Bounty Platforms (HackerOne / Bugcrowd)

  • Focused on Mobile Pentesting: Conducted deep analysis on Android/iOS binaries, identifying Intent Redirections, Deep Link vulnerabilities, and insecure data storage.
  • Bug Bounty Hunter: Successfully identified and responsibly disclosed high-impact vulnerabilities in paid programs, including BOLA (Broken Object Level Authorization) and IDOR (Insecure Direct Object Reference) flaws.
  • Leveraged Automation: Developed custom Python wrappers for recon and asset discovery, reducing manual scanning time significantly.

CTF Player

2022 — 2023

CTF platforms (Hack The Box TryHackMe)

  • Successfully compromised over 20+ Linux and Android machines, mastering techniques in privilege escalation and lateral movement.
  • Focused on Web & API Exploitation: Solved advanced challenges involving SQLi, SSRF, XSS and JWT bypasses in simulated enterprise environments.
  • Developed deep proficiency in Reverse Engineering through individual lab challenges, utilizing static and dynamic analysis to deconstruct obfuscated Android binaries.

Research & Projects

Cybersecurity Blog • www.mfumis.com

A curated collection of technical write-ups covering HTB lab penetrations, in-depth cybersecurity articles, and detailed Bug Bounty vulnerability disclosures.

DumpDork

DumpDork is a powerful command-line tool for performing Google dorking, allowing users to uncover hidden information and vulnerabilities using advanced search queries directly from the terminal.

fridaDownloader

fridaDownloader is a command-line tool that streamlines downloading the Frida Gadget or Server for Android, enabling developers and security researchers to quickly access the components needed for dynamic instrumentation.

Offensive Cybersecurity (by hackermater)

Gitbook of Cheat Sheets for Mobile and Web Pentesting, and also about Red Teaming and OSINT.

English: EF SET B1 Intermediate Native: Spanish