# About me

**Discord: cyanidee.**

**Email: <admin@cyanide.net>**

**Bugcrowd: cy4n1de**

**HackerOne: cy4n1de**

{% embed url="<https://craftigames.net/security/hall-of-fame>" %}
Hall of fame listing on craftigames.net
{% endembed %}

{% embed url="<https://www.4chan.org/security#thanks>" %}
Hall of fame listing on 4chan.org
{% endembed %}

## Bounties & honorable mentions:

### NASA - U.S. Space Agency

* **Critical Security Vulnerability (Priority P1 – Highest Severity)**
* Confirmed and acknowledged by NASA's security team.
* Official recognition on a top security platform [**Bugcrowd's Hall of Fame**](https://bugcrowd.com/cy4n1de/crowdstream)

<figure><img src="https://2671202406-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FLnzJBuU26QJLNDKvx3Rf%2Fuploads%2FRotcPumBBfmf1fxpdD1n%2Fimage.png?alt=media&#x26;token=4859e0a8-6747-40b0-8c59-0ca8ad3ac676" alt=""><figcaption></figcaption></figure>

### **Xenforo Software**

* Found **zero day** vulnerability in **XenForo (Jan, 2025)**&#x20;
* Verified by **XenForo team (Mar, 2025)**
* <https://xenforo.com/community/threads/security-issue.228884/#post-1731581>

### **4chan**.org

* Local File Inclusion via double-encoded path traversal **(Apr, 2025) (Critical severity)**
* **Listed on** [**hall of fame**](https://www.4chan.org/security#thanks)

<figure><img src="https://2671202406-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FLnzJBuU26QJLNDKvx3Rf%2Fuploads%2FrQmFDQPOH7jBumMdo5ow%2Fimage.png?alt=media&#x26;token=9e956f0c-554a-4831-918b-514663cd5a5d" alt=""><figcaption></figcaption></figure>

### pika-network.net, jartex-network.net

* Both domains are part of craftigames.net
* SQL injection **(2021)**
* Hidden virtual host and bypassing CloudFlare firewall with warp **(2025) ($250 bounty reward)**
* **Listed on** [**hall of fame**](https://craftigames.net/security/hall-of-fame)

<figure><img src="https://2671202406-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FLnzJBuU26QJLNDKvx3Rf%2Fuploads%2FTYxfwyDPT9acWbXR94su%2Fimage.png?alt=media&#x26;token=30d5cc12-d923-4ef9-aa70-eaa0bada247a" alt=""><figcaption><p><strong>Cyanide listed on</strong> <a href="https://craftigames.net/security/hall-of-fame"><strong>hall of fame</strong></a></p></figcaption></figure>

### **Banknorwegian**

* Cross site scripting (XSS) in Banknorwegian (index page) (2024):&#x20;
* banknorwegian.dk, banknorwegian.no, banknorwegian.fi,  banknorwegian.fi, banknorwegian.de

### **ascension**.gg

* Personal Github Token leak **($2.5k bounty reward) (2024)**

### manacube.net

* SQL injection **(2022) ($200 usd bounty reward)**

### mc-complex.net

* SQL injection **(2024)** and LFI **(2025)**

### luckyblock.com (crypto casino)

* RCE webshell escalated from SQLi **(2024)**

### Offensive Security & Vulnerability Research

* **Hack The Box Certified Penetration Testing Specialist (HTB CPTS)** – trained in full-scope adversarial assessment methodologies. [HTB Academy](https://academy.hackthebox.com/preview/certifications/htb-certified-penetration-testing-specialist)
* **Web-application exploitation** – experienced in finding and exploiting injection flaws, authentication weaknesses, logic errors and misconfigurations during bug-bounties.
  * SQL-injection testing and automation (Boolean-based, time-based, stacked queries, even second order). [OWASP Foundation](https://owasp.org/www-community/attacks/SQL_Injection)
  * Command-injection discovery and post-exploitation workflow.
  * Local File Inclusion / directory traversal and buffer-overflow proof-of-concept development. [Fortinet](https://www.fortinet.com/resources/cyberglossary/buffer-overflow)
* **Zero-day research & exploit authoring** – design custom fuzzers, triage crashes into root-cause flaws, build reliable exploits that slip past modern mitigations (ASLR, DEP, stack canaries), and steer the whole coordinated-disclosure cycle through patch diffing and proof-of-fix validation. [Wikipedia](https://en.wikipedia.org/wiki/Zero-day_vulnerability)

### Network-Layer & Wireless Attack Techniques

* **Evil-Twin Wi-Fi compromise** – creation of rogue APs for credential theft and traffic interception.&#x20;
* **ARP-spoofing and man-in-the-middle implants** within local subnets.
* **SS7 signalling attacks** targeting mobile voice/SMS interception and geolocation.&#x20;
* **DNS-cache poisoning** for upstream redirection and phishing campaigns.

### Privilege Escalation & Post-Exploitation

* **Linux privilege-escalation tooling** – enumeration, kernel exploit adaptation, capability and misconfiguration abuse.&#x20;
* **Firewall / IDS evasion** – traffic obfuscation, packet-fragmentation, decoys, manual TCP packets and rule-set manipulation to maintain persistence.

### Programming & Secure Software Development

* **Python** – rapid scripting for reconnaissance, exploit automation, and tooling integration.
* **C and x86-64 assembly** – low-level payload crafting, reverse-engineering and buffer overflows.
* **Full-stack web development (secondary focus)** – Build and harden Django/Next.js back-ends, manage relational databases (Such as **PostgreSQL/MySQL**) and non relational databases such as **MongoDB**. Craft modern **TailwindCSS** front-end interfaces, design **RESTful APIs**, and code that follows secure-coding best practices into every layer.

### Platforms, Tooling & Virtualisation

* **Advanced Linux administration** – hardened server configuration, kernel-module management, SELinux/AppArmor policy tuning.
* **Docker-based lab orchestration** – containerised test environments for reproducible exploits and CI security checks.