Skip to content

Cybersecurity Researcher

Dimas Maulana

CTF Player & Source Code Pentester

I break things to understand how to secure them. I hunt vulnerabilities in the software everyone uses, then turn what I find into shippable fixes.

170+
Validated CVEs
8
1st Place Wins
20+
Podium Finishes

Open to security research roles, source code reviews, and CTF collaborations.

TERMINAL SESSION: ROOT

dimas@sys:~$ init_sequence --cyber-security

[INFO] Loading modules...

[INFO] Connecting to secure server...

dimas@sys:~$ whoami

root

dimas@sys:~$ cat talents.txt

• Web Exploitation

• Reverse Engineering

• Binary Exploitation

• CVE Hunting

dimas@sys:~$ ./run_exploits.sh

Analysis complete.

SYSTEM STATUS

01Introduction

About Me

I'm a security researcher and award-winning competitive hacker based in Denpasar, Bali, Indonesia. I've discovered 170+ CVEs in widely used software, including CVE-2025-26909, a critical flaw that affected 200,000+ WordPress sites.

I founded @TCP1P, Indonesia's #1 nationally ranked CTF team on CTFtime, and compete internationally with @project-sekai-ctf as well as the SKSD and HCS teams.

I enjoy creating CTF challenges, developing security tools, and sharing what I learn through writeups and tutorials on my blog.

Dimas Maulana

02Toolkit

Skills & Expertise

The stack behind the research, tools, and writeups below.

Offensive Security

  • Penetration Testing
  • Web Exploitation
  • Vulnerability Research
  • Exploit Development
  • Reverse Engineering
  • Binary Exploitation
  • CVE Discovery
  • Secure Code Review
  • SAST & DAST

Programming

  • Python
  • Go
  • JavaScript
  • TypeScript
  • PHP
  • Solidity
  • Bash

Security Automation

  • AI-assisted Vulnerability Triage
  • CVE-hunting Tooling
  • Custom Exploit Scripts

Cloud & Infrastructure

  • AWS
  • Docker
  • Kubernetes
  • HashiCorp Nomad
  • CI/CD
  • Linux Administration
  • Wazuh (SIEM/IDS)

Certifications

  • Certified AppSec Pentester (CAPen) · with Merit
  • CompTIA Linux+ ce

03Competitions

CTF Achievements

8 first-place and 20+ podium finishes, national and international.

Achievement Board

View more achievements

1st Place

Epic
Event: NCW 2023
Team: TEAM
Date: December 2023
Issued by: PETIR Cyber Security
4000 XP

1st Place

Epic
Event: WorldSkills ASEAN Cyber Security 2024 · National & Regional Selection
Team: Individual
Date: 2024
Issued by: WorldSkills
4400 XP

2nd Place

Rare
Event: TPCTF 2025
Team: Project Sekai
Date: March 2025
3800 XP

2nd Place

Rare
Event: ISITDTU CTF 2024 Finals Attack & Defense
Team: Project Sekai
Date: December 2024
Issued by: ISITDTU
3700 XP

2nd Place

Rare
Event: Patchstack Alliance CTF S02E01 - WordCamp Asia
Team: Individual
Date: February 2025
Issued by: Patchstack
3600 XP

2nd Place

Rare
Event: THE SAS CON CTF 2024
Team: P1G SEKAI
Date: October 2024
Issued by: KASPERSKY
3500 XP

2nd Place

Rare
Event: Patchstack End-of-Year Alliance CTF 2025
Team: Individual
Date: December 2025
Issued by: Patchstack
3600 XP

2nd Place

Rare
Event: Patchstack Alliance CTF S01E01
Team: Individual
Date: 2024
Issued by: Patchstack
3400 XP

2nd Place

Rare
Event: WRECKIT 5.0
Team: Team
Date: 2024
3300 XP

2nd Place

Rare
Event: CTF ARA 5.0 2024
Team: Team
Date: 2024
3300 XP

2nd Place

Rare
Event: Patchstack January 2024 Bug Bounty
Team: Individual
Date: January 2024
Issued by: Patchstack
3200 XP

3rd Place

Uncommon
Event: AlpacaHack Round 2 (Web)
Team: Individual
Date: 2024
3000 XP

3rd Place

Uncommon
Event: Patchstack WCUS CTF 2024
Team: Individual
Date: 2024
Issued by: Patchstack
2900 XP

3rd Place

Uncommon
Event: Cyber Jawara International 2023
Team: Team
Date: 2023
2900 XP

3rd Place

Uncommon
Event: Patchstack February 2024 Bug Bounty
Team: Individual
Date: February 2024
Issued by: Patchstack
2800 XP

CTF Teams

P1G SEKAI

Member
LVL 80

A merging of Project Sekai and r3kapig

Web Security
Binary Exploitation
Cryptography
Forensics
Reverse Engineering
Blockchain
+2 more

Project Sekai

Member
LVL 75

SEKAI{I5_A_CTF_t3Am_w/_38+_mbRs,_p4r71CiP4t1ng_in_164+_c0nt3Stz}

Web Security
Binary Exploitation
Cryptography
Forensics
Reverse Engineering
Blockchain
+2 more

TCP1P

Founder
LVL 25

Indonesia's #1 nationally ranked CTF community on CTFtime. We organize internationally rated events (TCP1P CTF 2023 & 2024, sponsored by OffSec, Ottersec, and Google SecLab Indonesia) and maintain open-source CTF infrastructure.

Web Security
Binary Exploitation
Cryptography
Forensics
Reverse Engineering
Blockchain
+2 more

SKSD

Member
LVL 70

Indonesian CTF Team that rarely participate in CTF competitions in 2025

Web Security
Binary Exploitation
Cryptography
Forensics
Reverse Engineering
Blockchain
+2 more
View more teams

HCS

Member
LVL 40

CTF Team from ITS, often participate in CTF competitions on CTFTime

Web Security
Binary Exploitation
Cryptography
Forensics
Reverse Engineering
Blockchain
+2 more

04In person

On the CTF Floor

Moments from international CTF finals with Project Sekai, across Bali, Vietnam, and China.

Project Sekai holding the 5,000 USD prize check at the Security Analyst Summit CTF 2024 finals in BaliSAS CTF 2024
Security Analyst Summit finals in Bali, a 5,000 USD win with Project Sekai.
Project Sekai with their banner at the 9th XCTF International Invitational in ChinaXCTF 2025
9th XCTF International Invitational in China, representing Project Sekai.
Project Sekai at the ISITDTU CTF 2024 finals (Attack & Defense) in Vietnam, second placeISITDTU CTF 2024
ISITDTU CTF 2024 finals in Vietnam, second place in Attack & Defense with Project Sekai.
Competing at the SAS CTF 2024 finals in Bali
Heads-down during the XCTF Invitational in China
At the Security Analyst Summit 2024 venue in Bali
With teammates at the XCTF Invitational in China

05Work

Featured Projects

Open-source tools and projects I've built.

CTF-XSS-BOT

Craft engaging XSS challenges effortlessly with CTF-XSS-BOT. This template simplifies setting up an environment for Capture The Flag competitions.
CTF
XSS
Puppeteer
Containerization

Aug 2023 - Present

VWA-Wazuh (Mini Lab SOC)

An application consisting of several vulnerable web applications that are integrated with Wazuh.
Security
Wazuh
IDS
Database Security

Mar 2023 - Present

Dockerized Wordpress Debug Setup

A Dockerized WordPress development environment with two configurations, one using Nginx and the other using Apache. Includes Xdebug for debugging.
Docker
Containerization
PHP
WordPress

Dec 2023 - Present

CTF Challenge Difficulty Calculator

A Next.js program designed to assess the difficulty of a Capture The Flag (CTF) challenge more efficiently.
CTF
Next.js
JavaScript

Nov 2023 - Present

CTFIFY

A command-line tool designed to simplify the process of downloading and managing Capture The Flag (CTF) challenges.
CTF
Go
CLI

Jan 2023 - Present

CTF Assistant

Discord bot for managing CTF written in Bun programming language.
JavaScript
Discord
TypeScript
Databases

Oct 2022 - Present

Paradigmctf BlockChain Infra Extended

Setup from Paradigm CTF blockchain challenges with new features, including a web interface and additional challenge setup.
Solidity
Python
Blockchain

Nov 2023 - Present

Associated with TCP1P

TCP1P Theme

The TCP1P Theme is a CTFd theme built based on the CTFd core-beta theme.
HTML
Python
Jinja
Bootstrap

Nov 2023 - Present

Associated with TCP1P

Cyber-Security-Learning-Resources

Material untuk belajar Cyber Security.
Learning
Cybersecurity
Resources

Mar 2022 - Present

Swipe or use the arrows to navigate

06Services

Source Code Security Review

An AI agent reviews your code for vulnerabilities, I triage what's real, check the program still runs, and hand you back suggested fixes.

  • AI reviews your code, I triage what's real
  • Potential vulnerabilities, exploitable ones flagged
  • Dynamic checks that the program still works
  • Suggested, ready-to-merge fixes in a plain report
Starting at$99per project
View service details

Real findings from a scan of this very site, already patched.

07Journey

Professional Experience

My journey in the cybersecurity realm.

Security Researcher · Bug Bounty

Patchstack Alliance· Freelance
2024 - Present
Remote

Reported 170+ validated WordPress CVEs across plugins and themes, including CVE-2025-26909 (CVSS 9.6), a critical LFI-to-RCE flaw in WP Ghost affecting 200,000+ sites. Built AI-assisted tooling to accelerate CVE hunting across large plugin codebases.

Vulnerability Research
WordPress Security
CVE Discovery
AI Tooling

Content Creator

HackTheBox· Contract
2025 - Present
Remote

Develop original security training content and challenges for the HackTheBox platform.

Challenge Design
Training Content
Web Security

DevSecOps Intern

ArchonLabs SSD
Aug 2025 - Jan 2026
Jakarta · Remote

Built container automation with HashiCorp Nomad to orchestrate containerized workflows, and helped secure and harden container-based deployments.

HashiCorp Nomad
Container Security
DevSecOps

Founder & Infrastructure Engineer

TCP1P
Visit
Aug 2022 - Present
Indonesia

Founded and lead TCP1P, Indonesia's #1 nationally ranked CTF team on CTFtime (top 6 every year since 2022). Organized TCP1P CTF 2023 and 2024, internationally rated events sponsored by OffSec, Ottersec, and Google SecLab Indonesia.

Leadership
CTF Infrastructure
Community
Event Organizing

Cloud Engineer & Challenge Author

C2C & Cyber Jawara· Contract
Dec 2025 - Feb 2026
Indonesia

Engineered and operated cloud-based CTF infrastructure and authored challenges for two of Indonesia's national cybersecurity competitions.

Cloud Infrastructure
Challenge Design
CTF

Challenge Author & Infrastructure Engineer

Project Sekai · IntechFest · TECHCOMFEST · HOLOGY· Freelance
2022 - 2026
Remote

Authored web exploitation challenges for Project Sekai CTF, an internationally recognized competition, and designed challenges and deployment infrastructure for national events across multiple annual editions.

Web Security
Challenge Design
Infrastructure

08Writing

Latest Blog Posts

Need a security researcher?

I'm open to security research roles, source code reviews, and CTF collaborations.