Passionate cybersecurity professional specializing in penetration testing and vulnerability assessment. Active CTF player and security researcher dedicated to making the digital world safer.
$ whoami
> Penetration Tester | CTF Player | Security Researcher
> "Breaking things to make them stronger"- ๐ Specializing in Web Application & Network Penetration Testing
- ๐ฉ Active CTF player on HackTheBox, TryHackMe, and CTFtime
- ๐ Bug bounty hunter finding vulnerabilities to help secure applications
- ๐ Constantly learning and sharing cybersecurity knowledge
- ๐ป IT enthusiast exploring the latest security tools and techniques
Berpengalaman pada pengujian aplikasi web: authentication, authorization, session management, input validation, file upload, dan API security. Berminat pada bug hunting (responsible disclosure), threat modeling, dan penguatan pipeline CI/CD terhadap secret leakage. Prefer bekerja di lingkungan yang aman/terisolasi (Docker/VM) dan selalu mengikuti etika pen-test.
- Web App Testing: OWASP Top 10, XSS, SQLi, CSRF, IDOR, SSRF, RCE (analisis & mitigasi)
- Authentication & Authz: session fixation, JWT, password flows, SSO assessment
- API Security: API endpoints audit, rate limiting, token misuse, IDOR pada API
- Recon & Scanning: passive/active recon, subdomain enumeration, dirb, fuzzing
- Forensics & Remediation: log analysis, incident triage, secret rotation
- Coding/Automation: scripting untuk PoC & scanner (Python / Bash), CI pipelines
- Burp Suite (Professional / Community workflows)
- OWASP ZAP, Nmap, Nikto
- sqlmap, ffuf, dirbuster, wfuzz
- Gitleaks, TruffleHog, git-secrets
- Docker, Ghidra (untuk reverse engineering sederhana), Wireshark
- Python (requests, BeautifulSoup), Node.js (simple tooling)
- ๐ Web Application Security (OWASP Top 10)
- ๐ Network Security & Infrastructure Testing
- ๐ญ Social Engineering & OSINT
- ๐ Cryptography & Password Cracking
- ๐ฑ Mobile Application Security
- โ๏ธ Cloud Security (AWS, Azure)
- ๐ Advanced exploitation techniques
- โ๏ธ Cloud security and container security
- ๐ค AI/ML security and adversarial attacks
- ๐ฑ iOS/Android application security
"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards." - Gene Spafford