Research Archive & Acknowledgments

This archive documents security findings that were triaged as technically valid. Due to the competitive and time-sensitive nature of security programs, some reports are marked as duplicates if another researcher identified the issue first.

Note: All screenshots are redacted to protect sensitive internal information and triager privacy.

Strategic National Infrastructure Research

Beyond participating in public bug bounty platforms, I proactively dedicate my expertise to strengthening Indonesia's national digital defense. Through responsible disclosure, I have successfully identified and assisted in the remediation of 130+ validated vulnerabilities across 100+ national strategic entities.

100+ Entities Secured
130+ Validated Vulnerabilities
Tier-1 Central Ministries & SOEs
Campaign Timeline May 2025 — Nov 2025
Total Disclosures 140+ Reports Submitted
Severity Spectrum Low — Critical
Primary Impact Medium & High Severity

Disclosure & Integrity Policy

To uphold the principles of National Cyber Resilience, I maintain strict confidentiality regarding the identities of these institutions. All findings are reported through the National Cyber and Crypto Agency (BSSN) or respective CSIRT teams. My primary objective is the silent and effective remediation of vulnerabilities to protect national data integrity.

* Data is manually aggregated and maintained for accuracy (approx. 98%+ precision).

DETAILED TRIAGE LOGS (PUBLIC PROGRAMS)

Sensitive Data Exposure > Disclosure of Secrets

HSBC (Bugcrowd)
Duplicate Valid VDP

Successfully identified the exposure of sensitive credentials within the application scope. The security team triaged the report as technically valid.

[+] VIEW VALIDATION LOG
HSBC Validation Log

Screenshot: Triage acknowledgement and status assignment.

Information Disclosure

Nokia
Duplicate Valid VDP

Detected an information leakage vulnerability revealing internal system configurations. The finding was acknowledged by the security team as valid research, demonstrating effective reconnaissance on the target infrastructure.

[+] VIEW VALIDATION LOG
Nokia Validation Log

Screenshot: Validated duplicate report activity.

Information Disclosure > Leak of Client Configuration & Secrets

Kaseya (Inky)
Duplicate Valid VDP

Identified a sensitive configuration exposure within a Keycloak instance. The research detailed a vulnerability chain where leaked client secrets and an insecure CORS policy could be leveraged for authenticated data exfiltration. The finding was confirmed as technically valid and passed preliminary review.

[+] VIEW VALIDATION LOG
Kaseya Validation Log

Screenshot: HackerOne triage activity and preliminary review acknowledgment.