$ cat /home/peterd3cs3c/about.txt

Bug Hunter.
Web/API Hacker.
Cloud Security.

Security researcher focused on Web/API & Cloud security with clear, reproducible reporting. This is the lab notebook — every flag, every finding, every machine.

Bug Bounty Web / API Cloud Security IDOR SSRF Auth Bypass EN / ES

▸ Contact View Platforms

session: bounty.profile

›

// 00

About

Focus

Broken access control (IDOR, multi-tenant issues, privilege escalation)
Authentication & session issues (JWT, OAuth flows, reset links)
API security testing (REST/GraphQL, BOLA/BFLA patterns)
Cloud misconfigurations (storage, IAM, metadata, SSRF-to-cloud)

How I Report

Repro steps that work on first try — clean request/response evidence
Impact explained in business terms + risk level rationale
Remediation guidance with safe alternatives and hardening notes

Minimal PoC, exact endpoints/parameters, and suggestions for regression tests. No over-automation — correctness and clarity.

// 02

CTF & Labs

🌐

Web Exploitation

SQL injection, XSS, SSRF, SSTI, auth bypasses.

Burp SuiteSQLMap

🔐

Cryptography

RSA attacks, block cipher analysis, padding oracles.

PythonSageMath

💀

Binary Exploitation

Buffer overflows, ROP chains, format strings, heap.

GDBpwntools

🕵️

Forensics

Memory dumps, disk images, traffic analysis, stego.

VolatilityWireshark

☁️

Cloud Security

Misconfigured IAM, exposed buckets, SSRF-to-cloud, metadata.

AWSWiz

🔬

Reverse Engineering

Static & dynamic analysis, malware dissection, patching.

GhidraIDA

// 03

Findings & Writeups

🔓

IDOR → Privilege Escalation

Object-level access control issue enabling cross-tenant access in a SaaS platform.

HIGHidorapi

↳ Fixed · Coordinated disclosure

🔑

Auth Logic Bypass

Inconsistent authorization checks between UI and API endpoints on a web application.

MEDIUMauthapi

↳ Fixed · Responsible disclosure

🌐

SSRF Risk in Import Feature

Potential internal network access via file import; cloud metadata hardening recommended.

MEDIUMssrfcloud

↳ Mitigated · Hardening applied

📝

IDOR Testing Checklist

A practical checklist for object-level authorization testing across Web and API targets.

idorapi2026-02

// 04

Certifications & Training

Completed

CCNA

Network · Routing · SDN

Completed

AWS Solutions Architect

Cloud · Architecture · Logs

Completed

Terraform Associate

IaC · Cloud

Completed

CompTIA Security+ 701

Cybersecurity · Defensive · GRC

Completed

OCI Architect

Cloud · IaC · Architecture

In Progress

HTB CJCA

Offensive · Web · Defensive

In Progress

BSCP

Offensive · Web · API

In Progress

HTB CPTS

Offensive · Web · AD

In Progress

HTB CBBH

Offensive · Web · API

In Progress

CRTO

Offensive · Red Team

Planned

OSCP

Offensive Security

// 05

How I Work

Recon & Scope

Thorough enumeration, asset discovery, and attack surface mapping before touching a single endpoint.

Clear Reporting

Repro steps that work on first try. Impact in business terms. Remediation with safe alternatives and hardening notes.

Responsible Disclosure

Always coordinated. Minimal PoC, exact endpoints, suggestions for regression tests. No over-automation — correctness and clarity.

// 06

Roadmap

Now

Finish CBBH + consistent bug bounty routine

Daily reps: labs + target practice; write one note per week.

3–6 months

Increase valid reports + focus specialization

Deepen access control expertise (BOLA/BFLA) across APIs.

Increase high/critical vulnerabilities found

Show proof: reports, certs, writeups, and professional workflow.

// 07

Contact

📧 peterd3cs3c@icloud.com 🌍 peterd3cs3c.com ⌨️ GitHub 💼 LinkedIn 📝 Blog

Prefer responsible disclosure. I can provide clear PoCs and remediation guidance.
📍 Spain — Remote · Open to bug bounty collaboration, AppSec roles, and freelance assessments.

Bug Hunter.Web/API Hacker.Cloud Security.

About

Focus

How I Report

Platforms

CTF & Labs

Findings & Writeups

Certifications & Training

How I Work

Recon & Scope

Clear Reporting

Responsible Disclosure

Roadmap

Contact

Bug Hunter.
Web/API Hacker.
Cloud Security.