Dimas Maulana
CTF Player & Source Code Pentester
I break things to understand how to secure them. I hunt vulnerabilities in the software everyone uses, then turn what I find into shippable fixes.
Open to security research roles, source code reviews, and CTF collaborations.
dimas@sys:~$ init_sequence --cyber-security
[INFO] Loading modules...
[INFO] Connecting to secure server...
dimas@sys:~$ whoami
root
dimas@sys:~$ cat talents.txt
• Web Exploitation
• Reverse Engineering
• Binary Exploitation
• CVE Hunting
dimas@sys:~$ ./run_exploits.sh
Analysis complete.
SYSTEM STATUS
01Introduction
About Me
I'm a security researcher and award-winning competitive hacker based in Denpasar, Bali, Indonesia. I've discovered 170+ CVEs in widely used software, including CVE-2025-26909, a critical flaw that affected 200,000+ WordPress sites.
I founded @TCP1P, Indonesia's #1 nationally ranked CTF team on CTFtime, and compete internationally with @project-sekai-ctf as well as the SKSD and HCS teams.
I enjoy creating CTF challenges, developing security tools, and sharing what I learn through writeups and tutorials on my blog.
02Toolkit
Skills & Expertise
The stack behind the research, tools, and writeups below.
Offensive Security
- Penetration Testing
- Web Exploitation
- Vulnerability Research
- Exploit Development
- Reverse Engineering
- Binary Exploitation
- CVE Discovery
- Secure Code Review
- SAST & DAST
Programming
- Python
- Go
- JavaScript
- TypeScript
- PHP
- Solidity
- Bash
Security Automation
- AI-assisted Vulnerability Triage
- CVE-hunting Tooling
- Custom Exploit Scripts
Cloud & Infrastructure
- AWS
- Docker
- Kubernetes
- HashiCorp Nomad
- CI/CD
- Linux Administration
- Wazuh (SIEM/IDS)
Certifications
- Certified AppSec Pentester (CAPen) · with Merit
- CompTIA Linux+ ce
03Competitions
CTF Achievements
8 first-place and 20+ podium finishes, national and international.
Achievement Board
View more achievements
1st Place
1st Place
2nd Place
2nd Place
2nd Place
2nd Place
2nd Place
2nd Place
2nd Place
2nd Place
2nd Place
3rd Place
3rd Place
3rd Place
3rd Place
CTF Teams
TCP1P
Indonesia's #1 nationally ranked CTF community on CTFtime. We organize internationally rated events (TCP1P CTF 2023 & 2024, sponsored by OffSec, Ottersec, and Google SecLab Indonesia) and maintain open-source CTF infrastructure.
04In person
On the CTF Floor
Moments from international CTF finals with Project Sekai, across Bali, Vietnam, and China.
06Services
Source Code Security Review
An AI agent reviews your code for vulnerabilities, I triage what's real, check the program still runs, and hand you back suggested fixes.
- AI reviews your code, I triage what's real
- Potential vulnerabilities, exploitable ones flagged
- Dynamic checks that the program still works
- Suggested, ready-to-merge fixes in a plain report
Real findings from a scan of this very site, already patched.
07Journey
Professional Experience
My journey in the cybersecurity realm.
Security Researcher · Bug Bounty
Reported 170+ validated WordPress CVEs across plugins and themes, including CVE-2025-26909 (CVSS 9.6), a critical LFI-to-RCE flaw in WP Ghost affecting 200,000+ sites. Built AI-assisted tooling to accelerate CVE hunting across large plugin codebases.
Content Creator
Develop original security training content and challenges for the HackTheBox platform.
DevSecOps Intern
Built container automation with HashiCorp Nomad to orchestrate containerized workflows, and helped secure and harden container-based deployments.
Founded and lead TCP1P, Indonesia's #1 nationally ranked CTF team on CTFtime (top 6 every year since 2022). Organized TCP1P CTF 2023 and 2024, internationally rated events sponsored by OffSec, Ottersec, and Google SecLab Indonesia.
Cloud Engineer & Challenge Author
Engineered and operated cloud-based CTF infrastructure and authored challenges for two of Indonesia's national cybersecurity competitions.
Challenge Author & Infrastructure Engineer
Authored web exploitation challenges for Project Sekai CTF, an internationally recognized competition, and designed challenges and deployment infrastructure for national events across multiple annual editions.
08Writing
Latest Blog Posts
Need a security researcher?
I'm open to security research roles, source code reviews, and CTF collaborations.