About me
Started hacking as a teenager for fun. I was reading forums, chatrooms etc back in the early 2000’s.
Getting familiar with backdoors, SQL Injections, web application security.
In 2010, I started university, but I was simply uninterested about the non-technical and electronical studies.
I liked all the software, network and security related lectures, and passed them with pretty good results.
I started learning IT security in a structured way, and I received a copy of CEH.
I was very happy with it, because I received a structured knowledge, and a lot of interesting idea to try.
Back in these days, BackTrack Linux was my friend, and spent long hours with it. Just sniffing my own network, testing backdoors on my mom’s pc and testing all the newly learned stuff.
In 2013, I applied as a system administrator at a local company, and was working there till 2015.
There was only a few workstations, with a few users, and I had to replace the printer cartridge and even had to resolve network issues.
I learnt a lot during my time there, but it was very far away from industry leading companies.
I moved to the capital, and I had to find a new job.
EY has came along, and joined the IT security advisory team in the September of 2015.
As a junior consultant, I executed hundreds of IT general control audits, and also made numerous host based scans on our client servers.
I started to practice on a new platform called HackTheBox and I was preparing for my OSCP exam. It was practicing in every free timeslots.
Upon passing the exam, I was able to join the offensive side of our team, and I started working on penetration test engagements.
I had completed hundreds of black/gray/whitebox testings, IT audits, ISO27001 preparation, different Cyber Threat Intelligence and OSINT engagements for multiple clients from different sectors like HealthCare, Energy, Utilities, Financial, Communications.
Back in 2019 I started hunting for bugs in my freetime.
I had started with wide-scope programs, and was searching for hidden endpoints, and some low vulnerabilities. I had a lot of N/As and dupes, but I enjoyed it a lot!
After a few weeks, I finally got some of my reports accepted, and it gave me a huge load of energy to go on with hunting. In 2 months, I earned my first P1! It was an authentication bypass and I was totally stunned.
By 2024 I have submitted 335 reports, with an accuracy of 98.4%.
- Etsy Hall of Fame: https://www.etsy.com/bounty/hall-of-fame
- Synology Acknowledgement: https://www.synology.com/hu-hu/security/bounty_program/acknowledgement
- reNgine XSS – https://github.com/yogeshojha/rengine/commit/00ab593b47e730191ac2dc9c39691f33fab7dccd
- phpwcms Session Fixation – https://huntr.com/bounties/cdc42cb4-7217-4650-a0d7-149ad8b2d2d8
- Chatwoot IDOR (CVE-2021-3813) – https://nvd.nist.gov/vuln/detail/CVE-2021-3813
- WordPress Plugin Directory Traversal (CVE-2023-6583) – https://www.cve.org/CVERecord?id=CVE-2023-6583