about.txt

Ahan Pahlevi

|

Cybersecurity enthusiast focused on penetration testing, CTF Player, and security research. Experienced in data operations and office administration, with dual B1 German certifications. Passionate about offensive security and always learning something new.

Web Exploitation Binary Exploitation Reverse Engineering Cryptography OSINT Network Security Data Entry Data Validation Office Administration German B1
📄 View Writeups 📧 Contact
Avatar
Available for collab
0+
CTF Solved
0+
Writeups
0+
Projects
01.

Skills & Tools

🌐 Web Security
SQLi XSS SSRF XXE LFI/RFI IDOR OAuth JWT
💥 Binary / Pwn
Buffer Overflow ROP Heap Exploit GDB/pwndbg pwntools
🔓 Reverse Engineering
Ghidra IDA Pro x64dbg radare2 dnSpy
🔑 Cryptography
RSA AES/CBC Hash Crack Padding Oracle SageMath
🛠 Tools & OS
Kali Linux Burp Suite Nmap Metasploit Wireshark Gobuster
💻 Programming
Python Bash C/C++ JavaScript Go HTML
🗂️ Data & Administration
Data Entry Data Validation Office Admin Microsoft Office Google Workspace BPS Survey Ops
🌐 Languages
Indonesian - Native English - Active German - B1 Certified
📐 Technical Background
Building Design SketchUp / AutoCAD Technical Drawing Project Documentation
02.

Recent Writeups

View all →
Web 2026
Exposing 350 Enterprise Customers via BuddyBoss REST API - WordPress VIP
BuddyBoss REST API leaks PII of 350 WordPress VIP enterprise customers to any authenticated low-privilege user.
HackerOne - WordPress VIP Read →
Web 2026
GraphQL Thread Metadata Disclosure - Airbnb
Authorization inconsistency in ViaductGetThreadAndDataQuery endpoint leaks partial thread metadata of other users.
HackerOne - Airbnb Read →