Led 3 junior penetration testers throughout security assessment lifecycles to achieve zero false positives and 100% deliverable accuracy.
Engineered an entry-level internal Windows penetration testing lab simulating 4 distinct attack vectors (brute-force, default credentials, RCE, scheduled tasks), successfully exploited by 165 participants with 73 achieving full SYSTEM compromise.
Developed a Hacktrace Independence Day Competition (HIDC) 2024 Windows challenge lab combining CVE-2024-27198 (TeamCity auth bypass to RCE) with registry permission abuse for privilege escalation.
Executed comprehensive security assessments for financial institutions, uncovering high-severity vulnerabilities in mobile banking applications, including transaction logic flaws (admin fee/payment reductions, negative transfer, Insecure Direct Object References via Someone's Account Number) in Transfer and Top Up & Bills Feature.
Directed an internal knowledge-sharing session on the 8ksec ClearRoute iOS reverse engineering challenge, demonstrating static analysis and proxy detection bypass techniques.
Designed and executed a phishing simulation campaign for a financial institution to evaluate security awareness, achieving an 86% awareness success rate, with a 14% vulnerability rate (11% credential compromised, 3% clicked phishing links).
Junior Vulnerability Analyst
June 2022 – May 2023
PT Visionet Data International
Orchestrated automated and white-box vulnerability assessments across 1,000+ enterprise-wide servers including Windows and Linux.
Performed black-box penetration testing on 1 web application and applied reverse engineering (binary analysis) on 2 mobile applications.
Workshop / Conference
ICS Village
March 2026
DEFCON Singapore
Applied critical thinking and hands-on experimentation with simulated ICS hardware to analyze industrial water-pipe system operations. Successfully completed the challenge by leveraging OSINT techniques to unlock PIN to gain access to water-pipe system operations and reconfiguring the water-pipe system to restore normal flow operations.
Car Hacking Village
March 2026
DEFCON Singapore
Revisited the CAN protocol and explored potential attack surfaces related to electric vehicle charging systems.
Hopping on Test Benches and Car Hacking
July 2025
Positive Hack Talks
Learned about vehicle hardware interfaces and protocols such as CAN, UART, JTAG, and SPI, as well as vehicle attack surfaces including rollback attacks and unauthorized CAN exploitation.
Research Experience
The Factors Affecting the Intention of Use in Cloud Technology
July 2021 – February 2022
BINUS University
Conducted extensive research as the primary requirement for the Bachelor of Science (BS) in Information Systems Audit. The objective of this research was to determine the factors affecting the intention to use in cloud technology. Structural Equation Model (SEM) & Testing of the Structural Model (Inner Model) analysis demonstrated that Access Control, Security Services, Notifications, and Guarantees (Warranty) significantly affect the intention to use in cloud technology. Research was completed successfully and graded B-.