Overview and Achievements

I am a Young Researcher passionate about bug bounty and have achieved First CVE at the age of 18.

I focus on manual exploitation and like high logic vulnerabilities. I used to be a member of CodeToanBug and contributed to building labs about web exploitation.

I pursue a deep bug bounty approach that is less susceptible to automation tools. I also regularly report HTML Injection, JWT Confusion, and security configuration errors such as host header injection leading to password reset poisoning.

Bug Bounty I Have:

- Cache Poisoning Variant With SSRF-Induced
- Host Header Injection Reset Password Poisoning - Advance Technical
- Open Redirect Variant With SSRF-Induced
- Forced File Download
- Idor Username Login-Admin
- Session Token In Url
- Timing Attack(Open Source - Java)
- XSS Steal Cookie + XSS Low-Risk
- HTML Injection + Iframe Injection
- Unauthenticated Cache Purging
- External Service Interaction

Corporate Projects And Personal Projects

- Corporate Project Pentest
+ File Upload Attack Impact Remote-Code-Execution, XSS, Open Redirect
+ Information Disclosure Old-Version Have POC Remote-Code-Execution Exploit Success
+ XSS Steal Cookie
+ XSS Via Prototype Pollution
+ Open Redirect Impact Leak Session Token In Url
- Personal Projects
+ Server-Side Exploit - Vulnerabilities Web
+ Vulnerabilities Labs CTF
+ Security Researcher Blog Automate article posting with auto-converted md files to html (Finished But Need Waiting For Published)

Goal: On a journey to master cybersecurity and contribute to the growth of the Vietnamese infosec community.