Hi, I'm a Bug Bounty Hunter | Penetration Tester | IT Security Enthusiast, also
I develop awesome Web based on PHP and HTML+CSS+JS.
SKILLS
- Web Backend
- PHP Native
- NodeJS
- Python
- SQL
- API
- Blockchain
- Cyber Security
- Incident response, Detection, and Investigations
- Deploying and Securing Web Applications
- Web, Windows, iOS and Android app pentester
Certifications, Awards and Honors
- Microsoft Technology Associate - Introduction to Programming using HTML and CSS
- Microsoft Technology Associate - Database Administration Fundamentals
- Certificate of Competence - Programming
- Google Bughunter Hall of Fame
- Google Code-in (2018)
- Tokopedia (Bug Bounty Certificate)
- Badan Siber dan Sandi Negara (VDP Certificate)
- Telkom Indonesia (Web Security Certificate)
- ...
Things I Found
- Selected bugs I've reported:
- 2021: Google: XSS
- 2022: Bibit: API endpoint exposed sensitive data, IDOR, XSS, Bypass PIN (also account takeover)
- 2022: Stockbit: Multiple XSS
- 2023: Mullvad: XSS, Open Redirect
- 2023: Unstoppabledomains: Race Condition unlimited credits
- 2024: Etherscan: Multiple XSS