CS student at BINUS. I spend most of my free time breaking web apps — mostly logic flaws, broken access control, and the kind of bugs that show up when an app is built in a hurry.

I try to learn the stack I'm attacking instead of just running tools at it. That means reading source when I can, understanding the protocol, and writing my own scripts when the off-the-shelf ones don't fit.

Right now I'm deep in web exploitation, Linux privesc, and whatever vulnerable box HackTheBox or TryHackMe drops this week.