🧸About me

Discord: cyanidee.

Email: [email protected]

Bugcrowd: cy4n1de

HackerOne: cy4n1de

LogoHall of fame - CraftiGames
Hall of fame listing on craftigames.net
https://www.4chan.org/security#thankswww.4chan.org
Hall of fame listing on 4chan.org

Bounties & honorable mentions:

NASA - U.S. Space Agency

  • Critical Security Vulnerability (Priority P1 – Highest Severity)

  • Confirmed and acknowledged by NASA's security team.

  • Official recognition on a top security platform Bugcrowd's Hall of Fame

Xenforo Software

4chan.org

  • Local File Inclusion via double-encoded path traversal (Apr, 2025) (Critical severity)

  • Listed on hall of fame

pika-network.net, jartex-network.net

  • Both domains are part of craftigames.net

  • SQL injection (2021)

  • Hidden virtual host and bypassing CloudFlare firewall with warp (2025) ($250 bounty reward)

  • Listed on hall of fame

Cyanide listed on hall of fame

Banknorwegian

  • Cross site scripting (XSS) in Banknorwegian (index page) (2024):

  • banknorwegian.dk, banknorwegian.no, banknorwegian.fi, banknorwegian.fi, banknorwegian.de

ascension.gg

  • Personal Github Token leak ($2.5k bounty reward) (2024)

manacube.net

  • SQL injection (2022) ($200 usd bounty reward)

mc-complex.net

  • SQL injection (2024) and LFI (2025)

luckyblock.com (crypto casino)

  • RCE webshell escalated from SQLi (2024)

Offensive Security & Vulnerability Research

  • Hack The Box Certified Penetration Testing Specialist (HTB CPTS) – trained in full-scope adversarial assessment methodologies. HTB Academy

  • Web-application exploitation – experienced in finding and exploiting injection flaws, authentication weaknesses, logic errors and misconfigurations during bug-bounties.

    • SQL-injection testing and automation (Boolean-based, time-based, stacked queries, even second order). OWASP Foundation

    • Command-injection discovery and post-exploitation workflow.

    • Local File Inclusion / directory traversal and buffer-overflow proof-of-concept development. Fortinet

  • Zero-day research & exploit authoring – design custom fuzzers, triage crashes into root-cause flaws, build reliable exploits that slip past modern mitigations (ASLR, DEP, stack canaries), and steer the whole coordinated-disclosure cycle through patch diffing and proof-of-fix validation. Wikipedia

Network-Layer & Wireless Attack Techniques

  • Evil-Twin Wi-Fi compromise – creation of rogue APs for credential theft and traffic interception.

  • ARP-spoofing and man-in-the-middle implants within local subnets.

  • SS7 signalling attacks targeting mobile voice/SMS interception and geolocation.

  • DNS-cache poisoning for upstream redirection and phishing campaigns.

Privilege Escalation & Post-Exploitation

  • Linux privilege-escalation tooling – enumeration, kernel exploit adaptation, capability and misconfiguration abuse.

  • Firewall / IDS evasion – traffic obfuscation, packet-fragmentation, decoys, manual TCP packets and rule-set manipulation to maintain persistence.

Programming & Secure Software Development

  • Python – rapid scripting for reconnaissance, exploit automation, and tooling integration.

  • C and x86-64 assembly – low-level payload crafting, reverse-engineering and buffer overflows.

  • Full-stack web development (secondary focus) – Build and harden Django/Next.js back-ends, manage relational databases (Such as PostgreSQL/MySQL) and non relational databases such as MongoDB. Craft modern TailwindCSS front-end interfaces, design RESTful APIs, and code that follows secure-coding best practices into every layer.

Platforms, Tooling & Virtualisation

  • Advanced Linux administration – hardened server configuration, kernel-module management, SELinux/AppArmor policy tuning.

  • Docker-based lab orchestration – containerised test environments for reproducible exploits and CI security checks.

NextHashcat - cracking hashes

Last updated