About me
Last updated
Last updated
Discord: cyanidee.
Email: admin@cyanide.net
Bugcrowd: cy4n1de
HackerOne: cy4n1de
Critical Security Vulnerability (Priority P1 β Highest Severity)
Confirmed and acknowledged by NASA's security team.
Found zero day vulnerability in XenForo (Jan, 2025)
Verified by XenForo team (Mar, 2025)
Local File Inclusion via double-encoded path traversal (Apr, 2025) (Critical severity)
Both domains are part of craftigames.net
SQL injection (2021)
Hidden virtual host and bypassing CloudFlare firewall with warp (2025) ($250 bounty reward)
Cross site scripting (XSS) in Banknorwegian (index page) (2024):
banknorwegian.dk, banknorwegian.no, banknorwegian.fi, banknorwegian.fi, banknorwegian.de
Personal Github Token leak ($2.5k bounty reward) (2024)
SQL injection (2022) ($200 usd bounty reward)
SQL injection (2024) and LFI (2025)
RCE webshell escalated from SQLi (2024)
Web-application exploitation β experienced in finding and exploiting injection flaws, authentication weaknesses, logic errors and misconfigurations during bug-bounties.
Command-injection discovery and post-exploitation workflow.
Evil-Twin Wi-Fi compromise β creation of rogue APs for credential theft and traffic interception.
ARP-spoofing and man-in-the-middle implants within local subnets.
SS7 signalling attacks targeting mobile voice/SMS interception and geolocation.
DNS-cache poisoning for upstream redirection and phishing campaigns.
Linux privilege-escalation tooling β enumeration, kernel exploit adaptation, capability and misconfiguration abuse.
Firewall / IDS evasion β traffic obfuscation, packet-fragmentation, decoys, manual TCP packets and rule-set manipulation to maintain persistence.
Python β rapid scripting for reconnaissance, exploit automation, and tooling integration.
C and x86-64 assembly β low-level payload crafting, reverse-engineering and buffer overflows.
Full-stack web development (secondary focus) β Build and harden Django/Next.js back-ends, manage relational databases (Such as PostgreSQL/MySQL) and non relational databases such as MongoDB. Craft modern TailwindCSS front-end interfaces, design RESTful APIs, and code that follows secure-coding best practices into every layer.
Advanced Linux administration β hardened server configuration, kernel-module management, SELinux/AppArmor policy tuning.
Docker-based lab orchestration β containerised test environments for reproducible exploits and CI security checks.
Official recognition on a top security platform
Listed on
Listed on
Hack The Box Certified Penetration Testing Specialist (HTB CPTS) β trained in full-scope adversarial assessment methodologies.
SQL-injection testing and automation (Boolean-based, time-based, stacked queries, even second order).
Local File Inclusion / directory traversal and buffer-overflow proof-of-concept development.
Zero-day research & exploit authoring β design custom fuzzers, triage crashes into root-cause flaws, build reliable exploits that slip past modern mitigations (ASLR, DEP, stack canaries), and steer the whole coordinated-disclosure cycle through patch diffing and proof-of-fix validation.
