Available for engagements
TRIMPHUS

Security Researcher / Penetration Tester

Offensive security  ·  vulnerability research  ·  bug bounty

I focus on web application security, vulnerability research and offensive testing. Most of my work involves access control flaws, authentication logic issues, API security and exploit chaining. I have also spent several years doing bug bounty and responsible disclosure work alongside personal lab projects.

70+ proof-of-concept and exploit implementations
28 findings with CVE assignment
5+ years of bug bounty and responsible disclosure work
Approach

Manual analysis first. Automated tooling second.

Most impactful findings tend to appear in authorization logic, authentication flows and API boundaries — not in automated scan results. The interesting issues usually require understanding how a system is supposed to work before looking for where it doesn't.

My work focuses on mapping access control surfaces, tracing data flows across service boundaries and building exploit chains from individually low-risk findings.

Research Focus
Web Application Security
Access control flaws, IDOR, broken authentication, session issues, SSRF and injection. Focus on how authorization logic breaks across multi-step flows and API boundaries — the kinds of issues that require manual analysis to find.
IDOR Auth bypass SSRF API abuse SQLi
Offensive Testing
Penetration testing and red team work. Post-exploitation, privilege escalation, lateral movement and evasion in realistic environments. OSCP, OSEP and OSWE certified.
Privilege escalation Exploit chains Evasion Red team
Vulnerability Research
Finding issues in real-world software through code review, black-box testing and manual analysis. Particular interest in logic vulnerabilities, race conditions and authentication edge cases that automated tooling tends to miss.
Logic flaws Race conditions Manual analysis
Methodology
01Surface mapping and reconnaissance
02API boundary exploration and endpoint analysis
03Authorization logic testing across user roles and states
04State machine analysis in multi-step flows
05Exploit chain construction from low-risk primitives
06Responsible disclosure and coordinated reporting
Responsible Disclosure

Several years of bug bounty work across HackerOne and Bugcrowd. The work covers access control problems, authentication flaws, business logic vulnerabilities and general web application issues — mostly the kind that require manual testing rather than running a scanner.

Reports have gone to a range of larger internet-facing services: social media platforms, domain registrars and infrastructure providers, and other web-based services. Findings ranged from lower-severity issues to critical vulnerabilities with real-world impact. Several resulted in CVE assignments.

A significant part of the work involves access control and IDOR-class issues — cases where object references in APIs or web flows can be manipulated to reach resources belonging to other users. The most impactful finding was a critical IDOR in account functionality that allowed direct cross-user data access, resolved through coordinated disclosure.

IDOR — account data accessible via predictable object reference in API endpoint
fixed
Authentication logic flaw — multi-step flow bypassable through out-of-order request manipulation
fixed
Broken object-level authorization — API parameter accepted arbitrary user IDs without ownership check
fixed
Access control issue — privileged actions reachable via undocumented endpoint after session downgrade
fixed
Business logic flaw — rate limiting absent on sensitive operation; exploitable without authentication
fixed
Bug bounty activity
Active researcher on HackerOne and Bugcrowd
Multiple accepted vulnerability reports across programs
Several findings resulting in CVE assignments

All vulnerabilities were reported responsibly and fixed before any public discussion.

Selected Work
Critical IDOR in account management API
Cross-user data exposure through predictable object reference — direct access to account data across user boundaries via unauthenticated parameter manipulation.
Authentication state bypass
Multi-step verification flow could be skipped by replaying requests out of sequence. Verification state was not enforced server-side between steps.
Broken authorization boundary in distributed service
Inconsistent permission checks across internal API endpoints — one service enforced ownership, a downstream endpoint did not.
Privilege escalation via role transition flaw
Improper validation of account ownership during role update allowed escalation to higher-privilege state without administrative approval.
Business logic flaw in rate limiting
Sensitive operation reachable without authentication throttling — no rate limit applied to credential-bearing requests on an undocumented endpoint.
Certifications
OSCP
Offensive Security — PEN-200
OSEP
Offensive Security — PEN-300
OSWE
Offensive Security — WEB-300
HTB CPTS
HackTheBox — Certified Penetration Testing Specialist
Tooling
Nmap / Masscan Burp Metasploit Hashcat Ghidra ffuf sqlmap dirsearch Amass
Selected Research Topics
API authorization flaws — missing or inconsistently enforced ownership checks on object-level operations
Authentication flow bypasses — out-of-order step execution and state manipulation in multi-step processes
Access control in distributed systems — authorization gaps introduced by service-to-service communication and shared session state
Logic bugs in account management flows — privilege changes, ownership transfers and role assignments that bypass intended restrictions
Research Interests
Authorization logic and how it fails under non-standard usage patterns
Authentication flows — state handling, session management, step-order enforcement
API security boundaries — ownership checks, object-level access control, parameter trust
Exploit chaining — combining individually low-severity issues into meaningful impact
Distributed system access control — permission consistency across service boundaries
Logic vulnerabilities in account management and role/permission systems
Contact

For vulnerability disclosure or encrypted communication, use the PGP key below. You can also reach me via Mastodon or GitHub.

PGP Public Key
Fingerprint D736 974D 0614 3ADB 0D10   EC45 4358 B732 F4EC 52E7
-----BEGIN PGP PUBLIC KEY BLOCK----- mQENBGm1LXwBCADMKTiJjmVnVeWZsNg3JC2siwOX7M1gSGj0MqxOjYvbJK3KBvrV ayP72sCPOIXApydZhkkYP7gy4lqApLSuzFwgbxDMObNL9TYXPJKtf9+xIqbxiQZl eV6OWWNFNuwmvxzJMeVc/aQu1czOH4+5oKIaI66noPUl77b3COVz5kHom+XVJHja w9YSmuNksJ9L2VOajjWo380S8V/k4wbe/U0mK9kUevNWd6bFx9131FyPnRl2jmF4 fxDobX3WIeH+oeIDkEgVwBS0D2HpaCwotQXSGLqhFamI1tHtVMZRhtlfuRmlxG6D 2kilIjJLk8Z1A75XLduU9RSHsoupa9tQ4igXABEBAAG0JE1VLUxhYnMgPHJvdW5k LnNhaWw4NTY4QG11LWxhYnMuZGV2PokBcwQTAQgAXRYhBNc2l00GFDrbDRDsRUNY tzL07FLnBQJptS18GxSAAAAAAAQADm1hbnUyLDIuNSsxLjExLDIsMQIbAwUJCafw pAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRBDWLcy9OxS57QMB/4l8TtL DC9TWPOs4iKozUns0pDEYbuJxDWOIELA0WLmUWoqpohHgsRBGVl8hMLjkb72l1rE +3fqY4J3yQqe2XuIRetwVxYgKDxORVl1jCusvH5DSsDUIRuttl8PI+xuZxwJo8wm N6xSes16o2qXqeM1YNWyDG/CO3LwX5/AzgZUTNNjYwEqxfgOs1aXVmwK7LNKfz+5 LMEZXV/30pKZrTJpjNZhay258/+71dMgDXXDkLBqc3C/0JHdebgI+Qx25VFN0Wg/ BIJWQgBefNUkkaJKtA8je5CShSMpbv89xFjPK0G+oiCBDlg1X2xaN/fToQGbwrp uUqKbpcxVBcFvnFTuQENBGm1LXwBCADVyA9r6kqVgAn3yVzeEoTV8VBERbbZqEhn cTVjcHw12HKs53CE+/Ns/OzhudNLPbCIbP7WmIOV39p05cp7p9wgZEP/JramPVRZ HH59kT4T4u6xV5GZEe9qIxqsK3o/CddkVC730oxZGv5lQ5OvybVYYk99R97gUeXw OoRBIKDZ38oXln4Ypq9Ay9DNpfvRYiXRXOW8AFfQX4bfqmM8/M6n35SOkFwQI4Re Mruso9lvm/2pG1TKnclcLBWoXUHyI7+6dVxA2ifRWEw37jWAVbErtD3gQwzialVt cB/SMyMVbv58VuvvWKuT+wARieGz/0kh3bbb4s17DKp5Ed121wOZABEBAAGJAVgE GAEIAEIWIQTXNpdNBhQ62w0Q7EVDWLcy9OxS5wUCabUtfBsUgAAAAAAEAA5tYW51 MiwyLjUrMS4xMSwyLDECGwwFCQmn8KQACgkQQ1i3MvTsUudRVQgAwzO3jGMWn+Du bKneIrcKJJnoaG/o8FE35hykJhE0pU/58Rg4xY6lBWrAwNsXzPoYdTiHmYLTVfAH Ks5rJIjLqni9v1141ztrtDEhmFtThsuR8D/MZyl3MqWUzaqviEMXFYkj5FRxjkSz dWokTKrURPB7urcrNdMaeykko7Gr/rO5DxZLnRWhoWgeHFKZkBx1IZmPOfASjcO1 CmAU4h4yNjoGCzx/hCC/zAB2TrB81w8yH+WzilyIWht+CQ/TjbO+bEurw1s2vOjp YPzyMA9H+05Ig6XofJG5iT1KRlPtfZJpEdJ0jQSg96p0jKnInWW7OQ92vQ4Sc7bk 7ylInFVReQ== =ofcO -----END PGP PUBLIC KEY BLOCK-----
@Trimphus@mastodon.social github.com/Trimphus
Personal Lab
MU-LABS
Non-commercial / Hobby

A personal homelab environment used for research and experimentation. Not a product or company — just a dedicated space to test things properly. Currently running experiments with authentication systems, self-hosted infrastructure and various networking setups. Some of the work involves post-quantum cryptographic primitives and hardware-bound authentication flows, mostly out of curiosity.

Authentication
Experimenting with hardware-bound 2FA, FIDO2 and masked identity flows
Cryptography
Testing ML-KEM and other post-quantum primitives in practice
Infrastructure
BGP, anycast routing, self-hosted services, custom DNS setups
ROCKY_PRIMARY
Rocky Linux Docker Nginx
PROX_CLUSTER
Proxmox VE KVM / LXC
ARCH_DEV
Arch Linux Research workstation
Legal
This domain is operated as a private homelab and personal research environment. Non-commercial, no affiliation with any company.

solve this challenge to access the disclosure data.