> For the complete documentation index, see [llms.txt](https://www.cyanide.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://www.cyanide.net/about/about-me.md).

# About me

**Discord: cyanidee.**

**Email: <admin@cyanide.net>**

**Bugcrowd: cy4n1de**

**HackerOne: cy4n1de**

{% embed url="<https://craftigames.net/security/hall-of-fame>" %}
Hall of fame listing on craftigames.net
{% endembed %}

{% embed url="<https://www.4chan.org/security#thanks>" %}
Hall of fame listing on 4chan.org
{% endembed %}

## Bounties & honorable mentions:

### NASA - U.S. Space Agency

* **Critical Security Vulnerability (Priority P1 – Highest Severity)**
* Confirmed and acknowledged by NASA's security team.
* Official recognition on a top security platform [**Bugcrowd's Hall of Fame**](https://bugcrowd.com/cy4n1de/crowdstream)

<figure><img src="/files/kHxZ2fph92X55lY0Zkby" alt=""><figcaption></figcaption></figure>

### **Xenforo Software**

* Found **zero day** vulnerability in **XenForo (Jan, 2025)**&#x20;
* Verified by **XenForo team (Mar, 2025)**
* <https://xenforo.com/community/threads/security-issue.228884/#post-1731581>

### **4chan**.org

* Local File Inclusion via double-encoded path traversal **(Apr, 2025) (Critical severity)**
* **Listed on** [**hall of fame**](https://www.4chan.org/security#thanks)

<figure><img src="/files/4LgrXfDFI2M7J9OERi6y" alt=""><figcaption></figcaption></figure>

### pika-network.net, jartex-network.net

* Both domains are part of craftigames.net
* SQL injection **(2021)**
* Hidden virtual host and bypassing CloudFlare firewall with warp **(2025) ($250 bounty reward)**
* **Listed on** [**hall of fame**](https://craftigames.net/security/hall-of-fame)

<figure><img src="/files/dkJ3KDgXxAC7ORs7n7dA" alt=""><figcaption><p><strong>Cyanide listed on</strong> <a href="https://craftigames.net/security/hall-of-fame"><strong>hall of fame</strong></a></p></figcaption></figure>

### **Banknorwegian**

* Cross site scripting (XSS) in Banknorwegian (index page) (2024):&#x20;
* banknorwegian.dk, banknorwegian.no, banknorwegian.fi,  banknorwegian.fi, banknorwegian.de

### **ascension**.gg

* Personal Github Token leak **($2.5k bounty reward) (2024)**

### manacube.net

* SQL injection **(2022) ($200 usd bounty reward)**

### mc-complex.net

* SQL injection **(2024)** and LFI **(2025)**

### luckyblock.com (crypto casino)

* RCE webshell escalated from SQLi **(2024)**

### Offensive Security & Vulnerability Research

* **Hack The Box Certified Penetration Testing Specialist (HTB CPTS)** – trained in full-scope adversarial assessment methodologies. [HTB Academy](https://academy.hackthebox.com/preview/certifications/htb-certified-penetration-testing-specialist)
* **Web-application exploitation** – experienced in finding and exploiting injection flaws, authentication weaknesses, logic errors and misconfigurations during bug-bounties.
  * SQL-injection testing and automation (Boolean-based, time-based, stacked queries, even second order). [OWASP Foundation](https://owasp.org/www-community/attacks/SQL_Injection)
  * Command-injection discovery and post-exploitation workflow.
  * Local File Inclusion / directory traversal and buffer-overflow proof-of-concept development. [Fortinet](https://www.fortinet.com/resources/cyberglossary/buffer-overflow)
* **Zero-day research & exploit authoring** – design custom fuzzers, triage crashes into root-cause flaws, build reliable exploits that slip past modern mitigations (ASLR, DEP, stack canaries), and steer the whole coordinated-disclosure cycle through patch diffing and proof-of-fix validation. [Wikipedia](https://en.wikipedia.org/wiki/Zero-day_vulnerability)

### Network-Layer & Wireless Attack Techniques

* **Evil-Twin Wi-Fi compromise** – creation of rogue APs for credential theft and traffic interception.&#x20;
* **ARP-spoofing and man-in-the-middle implants** within local subnets.
* **SS7 signalling attacks** targeting mobile voice/SMS interception and geolocation.&#x20;
* **DNS-cache poisoning** for upstream redirection and phishing campaigns.

### Privilege Escalation & Post-Exploitation

* **Linux privilege-escalation tooling** – enumeration, kernel exploit adaptation, capability and misconfiguration abuse.&#x20;
* **Firewall / IDS evasion** – traffic obfuscation, packet-fragmentation, decoys, manual TCP packets and rule-set manipulation to maintain persistence.

### Programming & Secure Software Development

* **Python** – rapid scripting for reconnaissance, exploit automation, and tooling integration.
* **C and x86-64 assembly** – low-level payload crafting, reverse-engineering and buffer overflows.
* **Full-stack web development (secondary focus)** – Build and harden Django/Next.js back-ends, manage relational databases (Such as **PostgreSQL/MySQL**) and non relational databases such as **MongoDB**. Craft modern **TailwindCSS** front-end interfaces, design **RESTful APIs**, and code that follows secure-coding best practices into every layer.

### Platforms, Tooling & Virtualisation

* **Advanced Linux administration** – hardened server configuration, kernel-module management, SELinux/AppArmor policy tuning.
* **Docker-based lab orchestration** – containerised test environments for reproducible exploits and CI security checks.
