RetR0nuLL

Bug Bounty Hunter & Web Security Specialist

About Me

I'm a passionate bug bounty hunter and web security specialist with a focus on discovering critical vulnerabilities in web applications. With over 5 years of experience in penetration testing and security research, I've helped secure numerous organizations through responsible disclosure programs and bug bounty platforms.

Bug Hunting Stats

150+

Valid Reports

25+

Critical Findings

$100k+

Total Bounties

Technical Skills

Web Application Pentesting API Security Testing OWASP Top 10 Burp Suite Pro Python Scripting JavaScript SQL Injection XSS IDOR OAuth 2.0 JWT Security Mobile API Testing

Professional Experience

Independent Bug Bounty Hunter

2020 - Present

Participating in various bug bounty programs on HackerOne and Bugcrowd

  • Top 100 hacker on Bugcrowd
  • Discovered multiple critical vulnerabilities in Fortune 500 companies
  • Specialized in web application security and API testing

Security Researcher

2018 - 2020

Contributing to the security community through research and tool development

Featured Writeups

OAuth 2.0 Account Takeover Critical

Discovered a critical OAuth implementation flaw that allowed complete account takeover through state parameter manipulation.

Impact: Full account access without user interaction

Bounty: $10,000

Chain of IDOR Vulnerabilities High

Found multiple IDOR vulnerabilities in the API endpoints that could be chained together to access sensitive user data.

Impact: Unauthorized access to user information

Bounty: $5,000

Stored XSS in Profile System Medium

Identified a stored XSS vulnerability in the user profile system that could be used to execute malicious JavaScript.

Impact: Session hijacking possible

Bounty: $2,500

Contact & Profiles