trinity.sh
// about

I find bugs.
For a living.

Security researcher and bug bounty hunter. I spend my time looking for vulnerabilities in web applications, APIs, and whatever surfaces program scopes put in front of me. When I find something real, I document it, write it up professionally, and submit it. The bounty is the proof it mattered.

// what I do

I focus on web application security — authentication flaws, authorization bypasses, API misconfigurations, GraphQL attack surfaces, business logic vulnerabilities. Not just running scanners. Actually understanding what the application is supposed to do, then finding where it doesn't.

Every finding gets a working proof of concept before I write it up. Hunches don't earn bounties. Evidence does.

// skills

  • Web App Security
  • GraphQL
  • API Testing
  • OWASP Top 10
  • Auth / AuthZ Flaws
  • Business Logic
  • Recon / OSINT
  • CVE Research
  • Patch Diffing
  • Report Writing
  • Burp Suite
  • ffuf

// rules

Scope is law. I don't touch systems outside defined program boundaries — not even a ping. Proof of concept without causing harm. Document everything. Submit nothing without review.

The line between security research and crime is authorization. I stay on the right side of it.

// find me

HackerOne