https://github.com/dweinstein/dweinstein
https://github.com/dweinstein/dweinstein
Last synced: 4 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/dweinstein/dweinstein
- Owner: dweinstein
- Created: 2023-03-19T03:33:54.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2025-06-13T20:14:54.000Z (about 1 year ago)
- Last Synced: 2025-06-13T21:25:04.345Z (about 1 year ago)
- Size: 43 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
[](https://github.com/dweinstein)
[](https://twitter.com/insitusec)
[](https://www.linkedin.com/in/dweinst/)

## CTO, Researcher, Developer, Security, Privacy, AI, and product development enthusiast
Hi there! I'm David, a passionate developer, early adopter, and team builder. I love solving hard problems at any scale or part of the stack.
### π§ Projects & Contributions
* π± At [NowSecure](https://www.nowsecure.com/), I work with the product management, development, engineering, and research teams to enable automated application security and risk management solutions at scale.
* :tophat: Although a significant portion of my work is for private companies, I enjoy contributing to communities while hacking on various hobby projects. I also like exploring radical new approaches to knowledge and code management e.g., [Glamorous Toolkit](https://github.com/feenkcom/gtoolkit), or fixing less maintream, more niche technical things like [Erlang](https://www.erlang.org/) client generation for the [openapi-generator](https://github.com/OpenAPITools/openapi-generator) project. In the past, I developed a [Node.js API client](https://github.com/dweinstein/node-google-play) for the Google Play Store to download APKs. I rewrote that client in Rust [here](https://github.com/dweinstein/rs-google-play), which was [forked by EFF](https://github.com/EFForg/rs-google-play).
* ποΈ [db_sampler](https://github.com/dweinstein/db_sampler): An Elixir tool for sampling rows from PostgreSQL databases and exporting to NDJSON. Supports table sampling with limits/ordering and SQL templates with EEx. Built with the adapter pattern for testability. [Docs](https://dweinstein.github.io/db_sampler/)
* π [deps_checker](https://github.com/dweinstein/deps_checker): A Python tool for identifying vulnerable dependencies in mobile applications by analyzing SBOM data. Targets npm supply chain attacks and cross-references against known vulnerable package versions. Zero external dependencies, CI/CD friendly.
* π I particularly like working in areas where I can leverage a broad set of skills ranging from AI, APIs, mobile technologies, reverse engineering, security, and privacy. I enjoy working with product and technology teams, collaborating on all sorts of challenging problems and projects within an enterprise B2B organization.
* π οΈ Lately I use a lot of tools especially [Glamorous Toolkit](https://github.com/feenkcom/gtoolkit), [Frida](https://github.com/frida/frida), [Radare](https://github.com/radareorg/radare2), and working on projects involving iOS or Android, [mitmproxy](github.com/mitmproxy/mitmproxy), and more.
* π³ I've been an early adopter of many new technologies and like to rediscover old technologies and make them new. Sometimes I document my learnings through blog posts, e.g., [some handy docker articles from 2014](http://bitjudo.com/blog/2014/03/13/building-efficient-dockerfiles-node-dot-js/), which was back in the early days when everyone was learning how best to use containerization with development projects.
* π§ Currently thinking a lot about things interconnected with AI, product management, cybersecurity, development, and operations.
### π‘οΈ Resources & Blog Posts
* π I try and maintain [awesome-frida](https://github.com/dweinstein/awesome-frida): A curated list of awesome projects, libraries, and tools powered by Frida.
* π [OWASP Crackme Solution solved with Frida](https://www.nowsecure.com/blog/2017/04/27/owasp-ios-crackme-tutorial-frida/): I wrote this a long time ago to provide a comprehensive guide on solving a OWASP Crackme challenge for mobile app security enthusiasts while showcasing some of the amazing tools we've built.
* π©οΈ [Cloudbleed Vulnerability and its Impact on Mobile App Security](https://www.nowsecure.com/blog/2017/02/23/cloudflare-cloudbleed-bugs-impact-mobile-apps/): An example that demonstrates the type of data I've worked with a deep dive into the Cloudbleed vulnerability and its implications for mobile app security at the time.
* [Post-Quantum Cryptography: Security in Mobile Apps](https://www.linkedin.com/pulse/post-quantum-cryptography-security-mobile-apps-david-weinstein?utm_source=rss&utm_campaign=articles_sitemaps) An article I wrote about quantum's impact on mobile apps.
* [September 8, 2025 - Major NPM Supply-Chain Attack: Potential Impact on Mobile Applications](https://www.nowsecure.com/blog/2025/09/08/major-npm-supply-chain-attack-potential-impact-on-mobile-applications/)): Attackers compromised popular packages like `chalk`, `debug`, and `ansi-styles` with over 2 billion weekly downloads, injecting malware designed to intercept cryptocurrency transactions and steal credentials.
* [September 16, 2025 - New NPM Supply Chain-Attack Hits 187 Packages β Hereβs Why Mobile Apps Are Still at Risk](https://www.nowsecure.com/blog/2025/09/16/new-npm-supply-chain-attack-hits-187-packages-heres-why-mobile-apps-are-still-at-risk/): 187 additional packages were compromised, some even poossibly targeting mobile development ecosystems including NativeScript, Angular mobile components, and React Native adjacent packages.
### π My Skills & Expertise
* π I enjoy helping customers solve challenges, discussing growth opportunities, entrepreneurship.
* π Proficient in TypeScript/JavaScript/Node.js, Smalltalk/Pharo, Rust, Erlang, Python, C/C++, and other languages with a REPL, hot code loading, and convenient FFI.
* π€ Experienced with various product management tools, frameworks, and platforms... I'm always eager to learn and adopt or adapt old and new technologies.
* π Skilled in fostering collaboration and building strong relationships with my team members and business stakeholders ranging from super technical to non-technical alike.