Hi, I'm ryuukhagetsu

Specialized in enterprise cybersecurity engineering, implementing robust security infrastructure and conducting comprehensive security assessments.

• Designed and implemented enterprise-level security architectures
• Conducted regular penetration testing and vulnerability assessments
• Developed security policies and incident response procedures
• Collaborated with development teams to integrate security best practices

Participated as a penetration testing team member in a Vulnerability Assessment and Penetration Testing (VAPT) engagement conducted by Linuxhackingid, focusing on API security testing for the cariilmu.co.id platform.

• Performed API security testing with emphasis on OTP-related endpoints
• Identified a race condition vulnerability caused by dynamically adjustable OTP rate limiting
• Demonstrated that parallel request manipulation could trigger multiple OTP deliveries and extend subsequent cooldown periods
• Evaluated potential impact including OTP spam, light denial-of-service (DoS), and increased brute-force risk
• Reported findings with clear reproduction steps and mitigation recommendations following responsible disclosure practices

Conducting comprehensive vulnerability assessment and penetration testing on critical financial systems for Indonesia's national postal service.

• Performed VAPT on PosPay mobile application and Core Giro System
• Identified critical vulnerabilities in authentication and authorization mechanisms
• Assessed Remittance System security and data protection controls
• Delivered detailed security reports with remediation recommendations

Executed advanced penetration testing on staging web applications, successfully achieving server access through critical vulnerability exploitation.

• Identified high to critical risk vulnerabilities enabling server compromise
• Conducted impact analysis and validated exploit chains
• Performed bypass testing and coordinated retesting with internal teams
• Provided strategic security recommendations and mitigation strategies

Specialized penetration testing of Visa product features within mobile banking application, focusing on payment security and user data protection.

• Conducted security assessment of Visa payment integration features
• Identified exploitable vulnerabilities affecting user security
• Analyzed Flutter/Dart mobile application security architecture
• Delivered comprehensive remediation guidance to development teams

Comprehensive security assessment of university IT infrastructure, covering both production and pre-launch educational systems.

• Performed VAPT across all IT-related subdomains and applications
• Assessed security of academic management systems and student portals
• Conducted pre-launch security testing for new educational platforms
• Established ongoing security monitoring and assessment protocols

Security assessment of academic information systems with focus on student data protection and system integrity.

• Conducted penetration testing on academic information system subdomains
• Identified critical vulnerabilities affecting active student data
• Performed manual testing and comprehensive vulnerability documentation
• Coordinated with university IT team for responsible disclosure and mitigation

Leading offensive security initiatives and overseeing advanced cybersecurity training programs.

• Designed and led offensive security training focused on real-world attack simulations
• Supervised penetration testing labs covering web, network, and infrastructure security
• Mentored instructors and analysts in advanced exploitation techniques
• Reviewed and validated security assessment methodologies and reports

Leading cybersecurity education and conducting advanced security assessments including network penetration testing and vulnerability analysis.

• Developed comprehensive cybersecurity curriculum and training materials
• Conducted network penetration testing to evaluate password strength and router security
• Performed security assessments to identify network vulnerabilities and unauthorized access points
• Delivered live cybersecurity training sessions and workshops

Active researcher on European bug bounty platform, focusing on advanced reconnaissance techniques and penetration testing methodologies.

• Conducted comprehensive security assessments for European enterprises
• Developed innovative reconnaissance methodologies and tools
• Contributed to platform community through knowledge sharing
• Maintained high-quality vulnerability reports with detailed remediation guidance

Active bug bounty hunter on one of the world's leading crowdsourced cybersecurity platforms, identifying critical vulnerabilities for global enterprises.

• Discovered and reported 100+ vulnerabilities across web applications
• Specialized in reconnaissance, penetration testing, and vulnerability research
• Maintained consistent top researcher ranking in multiple programs
• Contributed to securing Fortune 500 companies through responsible disclosure

Long-standing member of the HackerOne community, conducting security research and vulnerability assessments for major technology companies.

• Participated in 50+ private and public bug bounty programs
• Achieved recognition in multiple Hall of Fame programs
• Mentored junior researchers in responsible vulnerability disclosure
• Specialized in complex attack chains and business logic flaws

Developed LazyScan, an automated reconnaissance and vulnerability scanning framework designed to support penetration testing and bug bounty activities by integrating multiple popular security tools.

• Implemented subdomain discovery and live host enumeration using Subfinder and Httpx
• Automated URL discovery and classification, including JavaScript files and parameterized endpoints
• Integrated Nuclei for vulnerability scanning (general templates, JavaScript, and DAST scans)
• Built real-time Telegram notifications for scan progress and vulnerability findings
• Designed structured and readable output to streamline analysis and reporting

The project focuses on efficiency, automation, and operational visibility to accelerate recon workflows and improve testing productivity.

🔗 Repository: github.com/ryuukhagetsu/lazyscan

Developed an advanced subdomain enumeration tool designed to support penetration testers and security researchers during the reconnaissance and information gathering phase.

• Aggregated data from 8+ passive reconnaissance sources including Certificate Transparency, ThreatCrowd, DNSDumpster, and Wayback Machine
• Implemented high-performance DNS brute-force enumeration using customizable wordlists
• Performed technology fingerprinting for 20+ stacks including CMS, frameworks, and web servers
• Analyzed security headers, identified admin panels, and detected staging or development environments
• Provided risk scoring and actionable exploitation recommendations to support decision-making
• Generated scan results in multiple formats (interactive HTML, TXT, CSV, JSON) for reporting and documentation
• Optimized for multi-threaded execution with cross-platform support (Windows, Linux, macOS)

The tool emphasizes actionable intelligence by transforming raw reconnaissance data into structured, prioritized security insights.

🔗 Repository: github.com/ryuukhagetsu/subdomain-enumerator

seccomp-cli is a security compliance tool that performs static analysis on Android APKs and passive security checks on web applications. All findings are automatically mapped to ISO/IEC 27001:2022 controls with CVSS 4.0 scoring for compliance reporting.

• Android Static Analysis: Manifest checks, cryptographic analysis, WebView security
• Web Security Scanning: HTTP headers, TLS/SSL, CORS configuration
• Import from External Tools: MobSF and Nuclei report normalization
• CVSS 4.0 Scoring: Automatic vulnerability scoring per FIRST specification
• ISO 27001 Mapping: Comprehensive mapping to 70+ Annex A controls
• Risk Assessment: Severity scoring and compliance grading
• Multiple Output Formats: JSON, CSV, Markdown, HTML

🔗 Repository: github.com/ryuukhagetsu/seccomp-cli

Developed an educational platform designed to provide learning resources and interactive content for students and educators.

• Built responsive web interface with modern UI/UX principles
• Implemented interactive learning modules and content management
• Designed user-friendly navigation and accessible layout

🔗 Repository: github.com/ryuukhagetsu/shirai_education

Developed a business management application for a photocopy shop, providing features for transaction tracking, inventory management, and sales reporting.

• Implemented transaction management and point-of-sale functionality
• Built inventory tracking and stock management system
• Designed sales reporting and business analytics dashboard
• Created user-friendly interface for daily business operations

🔗 Repository: github.com/ryuukhagetsu/akbar_photocopy

Delivered keynote presentation on emerging cybersecurity trends and future threat predictions at National Seminar, featuring live cyber attack demonstrations.

• Presented cutting-edge cybersecurity trends and threat landscape analysis
• Conducted live cyber attack demonstrations on prepared targets
• Enhanced audience awareness of evolving cyber threats and countermeasures
• Engaged with 200+ students and faculty members

Invited speaker for cybersecurity career webinar series, sharing insights on industry opportunities and challenges facing the next generation of cybersecurity professionals.

• Discussed current cybersecurity career landscape and growth opportunities
• Shared practical insights from bug bounty and penetration testing experience
• Provided guidance on skill development and certification pathways
• Mentored aspiring cybersecurity professionals during Q&A sessions

Received multiple certificates of appreciation from government agencies and prestigious institutions for contributions to cybersecurity awareness and vulnerability research.

• Badan Siber dan Sandi Negara (BSSN) - National Cyber Security Agency
• Kementerian Komunikasi dan Informatika (Kominfo) - Ministry of Communication
• CSIRT Cimahi - Computer Security Incident Response Team
• Transjakarta Hall of Fame - White Hacker Recognition

Honored by multiple prestigious universities for cybersecurity contributions and educational support through vulnerability research and responsible disclosure.

• Universitas Brawijaya - Cybersecurity Research Contribution
• Universitas Bina Sarana Informatika (BSI) - Multiple recognitions
• Universitas Telkom - Bug Bounty Hall of Fame
• Educational platform partnerships and mentoring programs

Continuously advancing professional expertise through industry-leading certifications and specialized training programs.

• eLearnSecurity Junior Penetration Tester (eJPT)
• EC-Council Certified Ethical Hacker (CEH V13)
• CyberWarFare Labs Certified Red Team Analyst (CRTA)
• The SecOps Group Certified AppSec Practitioner (CAP)
• The SecOps Group Certified Network Security Practitioner (CNSP)
• CyberWarFare Labs Certified Process Injection Analyst (CPIA)
• Certified Computer Forensics Analyst (CCFA)
• Cybersecurity Awareness Professional Certification (CAPC)
• Scrum Foundation Professional Certification (SFPC)