# About me

**Discord: cyanidee.**

**Email: <admin@cyanide.net>**

**Bugcrowd: cy4n1de**

**HackerOne: cy4n1de**

{% embed url="<https://craftigames.net/security/hall-of-fame>" %}
Hall of fame listing on craftigames.net
{% endembed %}

{% embed url="<https://www.4chan.org/security#thanks>" %}
Hall of fame listing on 4chan.org
{% endembed %}

## Bounties & honorable mentions:

### NASA - U.S. Space Agency

* **Critical Security Vulnerability (Priority P1 – Highest Severity)**
* Confirmed and acknowledged by NASA's security team.
* Official recognition on a top security platform [**Bugcrowd's Hall of Fame**](https://bugcrowd.com/cy4n1de/crowdstream)

<figure><img src="/files/kHxZ2fph92X55lY0Zkby" alt=""><figcaption></figcaption></figure>

### **Xenforo Software**

* Found **zero day** vulnerability in **XenForo (Jan, 2025)**&#x20;
* Verified by **XenForo team (Mar, 2025)**
* <https://xenforo.com/community/threads/security-issue.228884/#post-1731581>

### **4chan**.org

* Local File Inclusion via double-encoded path traversal **(Apr, 2025) (Critical severity)**
* **Listed on** [**hall of fame**](https://www.4chan.org/security#thanks)

<figure><img src="/files/4LgrXfDFI2M7J9OERi6y" alt=""><figcaption></figcaption></figure>

### pika-network.net, jartex-network.net

* Both domains are part of craftigames.net
* SQL injection **(2021)**
* Hidden virtual host and bypassing CloudFlare firewall with warp **(2025) ($250 bounty reward)**
* **Listed on** [**hall of fame**](https://craftigames.net/security/hall-of-fame)

<figure><img src="/files/dkJ3KDgXxAC7ORs7n7dA" alt=""><figcaption><p><strong>Cyanide listed on</strong> <a href="https://craftigames.net/security/hall-of-fame"><strong>hall of fame</strong></a></p></figcaption></figure>

### **Banknorwegian**

* Cross site scripting (XSS) in Banknorwegian (index page) (2024):&#x20;
* banknorwegian.dk, banknorwegian.no, banknorwegian.fi,  banknorwegian.fi, banknorwegian.de

### **ascension**.gg

* Personal Github Token leak **($2.5k bounty reward) (2024)**

### manacube.net

* SQL injection **(2022) ($200 usd bounty reward)**

### mc-complex.net

* SQL injection **(2024)** and LFI **(2025)**

### luckyblock.com (crypto casino)

* RCE webshell escalated from SQLi **(2024)**

### Offensive Security & Vulnerability Research

* **Hack The Box Certified Penetration Testing Specialist (HTB CPTS)** – trained in full-scope adversarial assessment methodologies. [HTB Academy](https://academy.hackthebox.com/preview/certifications/htb-certified-penetration-testing-specialist)
* **Web-application exploitation** – experienced in finding and exploiting injection flaws, authentication weaknesses, logic errors and misconfigurations during bug-bounties.
  * SQL-injection testing and automation (Boolean-based, time-based, stacked queries, even second order). [OWASP Foundation](https://owasp.org/www-community/attacks/SQL_Injection)
  * Command-injection discovery and post-exploitation workflow.
  * Local File Inclusion / directory traversal and buffer-overflow proof-of-concept development. [Fortinet](https://www.fortinet.com/resources/cyberglossary/buffer-overflow)
* **Zero-day research & exploit authoring** – design custom fuzzers, triage crashes into root-cause flaws, build reliable exploits that slip past modern mitigations (ASLR, DEP, stack canaries), and steer the whole coordinated-disclosure cycle through patch diffing and proof-of-fix validation. [Wikipedia](https://en.wikipedia.org/wiki/Zero-day_vulnerability)

### Network-Layer & Wireless Attack Techniques

* **Evil-Twin Wi-Fi compromise** – creation of rogue APs for credential theft and traffic interception.&#x20;
* **ARP-spoofing and man-in-the-middle implants** within local subnets.
* **SS7 signalling attacks** targeting mobile voice/SMS interception and geolocation.&#x20;
* **DNS-cache poisoning** for upstream redirection and phishing campaigns.

### Privilege Escalation & Post-Exploitation

* **Linux privilege-escalation tooling** – enumeration, kernel exploit adaptation, capability and misconfiguration abuse.&#x20;
* **Firewall / IDS evasion** – traffic obfuscation, packet-fragmentation, decoys, manual TCP packets and rule-set manipulation to maintain persistence.

### Programming & Secure Software Development

* **Python** – rapid scripting for reconnaissance, exploit automation, and tooling integration.
* **C and x86-64 assembly** – low-level payload crafting, reverse-engineering and buffer overflows.
* **Full-stack web development (secondary focus)** – Build and harden Django/Next.js back-ends, manage relational databases (Such as **PostgreSQL/MySQL**) and non relational databases such as **MongoDB**. Craft modern **TailwindCSS** front-end interfaces, design **RESTful APIs**, and code that follows secure-coding best practices into every layer.

### Platforms, Tooling & Virtualisation

* **Advanced Linux administration** – hardened server configuration, kernel-module management, SELinux/AppArmor policy tuning.
* **Docker-based lab orchestration** – containerised test environments for reproducible exploits and CI security checks.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.cyanide.net/about/about-me.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.