Offensive Security Specialist

Offensive Security

3 years experience breaking systems to make them stronger. Specialized in penetration testing, vulnerability research, and building open-source security tools.

πŸ›‘οΈ 3 Years Exp
πŸ” 14 CVEs
πŸ› οΈ 31+ Tools
docs.joelindra.id β€’ linkedin.com/in/joelindra
View Projects Experience β†’
joel.config.js
// Offensive Security Professional
const joel = {
  name: 'Joel Indra',
  role: 'Offensive Security',
  experience: 3 // years,
  cves: 14,
  tools: 30 // open-source+,
  status: 'Securing the Digital Universe'
};
hack(joel);
Scroll
01

About Me

πŸ”
0
CVEs Discovered
πŸ› οΈ
0
Open-Source Tools
πŸ“…
0
Years Experience
πŸ†
0
Bug Bounty Awards
Education

Institute of Technology and Business Stikom Bali

Computer System β€” Major: Cyber Security

Best Thesis Award, 32nd Graduation Ceremony

Thesis: Information System Security Analysis Using VAPT Methods [Zero Hacking]

Career Highlights
14
CVEs Published
31+
Tools Built
3
Years Active
10+
Bug Bounties

Secured bug bounty awards from SAP, IBM, Cambridge University, Bukalapak, and more. Led penetration testing for PT Bank Central Asia, Bank Indonesia, PT Telkom Indonesia.

Offensive Security Engineer specializing in exploit development, CVE research, and scalable offensive tooling. Proven track record in discovering high-impact vulnerabilities, building production-grade security tools, and executing advanced penetration testing across banking, government, and enterprise environments.

Offensive Security
Web API Mobile (Android/iOS) Desktop Network Cloud IoT Red Teaming Adversarial Emulation Social Engineering
Application Security
API Security WordPress vulnerability research SAST, DAST, IAST methodologies
Exploit Development & Tooling
Custom offensive tools (Python ecosystem) C2 frameworks (AES-GCM) XSS engines OAST systems
Threat Intelligence & Reconnaissance
OSINT Google Dorking attack surface discovery Exposure analysis and vulnerability mapping
Reporting & Communication
Risk-based reporting with business impact translation Stakeholder-focused remediation strategies
02

Hacking Projects

Live from GitHub Β· Updated 49m ago ↻
TH JavaScript

Thothcloud

ThothCloud is an ultra-premium, high-performance private cloud server engineered for isolated LAN en…

JavaScript
View on GitHub β†’
CA Python

CacheF3r

CacheF3r is a powerful, high-performance scanner designed to detect web cache poisoning vulnerabilit…

Python
View on GitHub β†’
FR Python β˜… 2

Frida-xTR

An advanced Frida Server management application for managing multiple Android devices simultaneously…

Python
β˜… 2 β‘‚ 1
View on GitHub β†’
XS Java

XSSPect

XSSpect is a professional-grade Burp Suite extension designed for discovering and exploiting Blind C…

Java
View on GitHub β†’
CR Code β˜… 2

CrackurBurp

Anonre: A modern Burp Suite Professional Loader & License Manager with a premium dark UI and automat…

β˜… 2 β‘‚ 1
View on GitHub β†’
HE Code β˜… 3

Hefaistos

Hefaistos is a powerful Burp Suite extension designed for hackers

β˜… 3 β‘‚ 1
View on GitHub β†’
HA Code β˜… 3

Hades

"Hades" is a powerful command-line tool designed for bug bounty hunters and security researchers. It…

β˜… 3
View on GitHub β†’
RE Java β˜… 2

Reverse-Shell-Receiver

multi-functional Burp Suite extension. It combines a versatile network listener with a powerful payl…

Java
β˜… 2
View on GitHub β†’
Showing 1–8 of 31 projects

Explore more on GitHub

Dive into detailed documentation, source code, and security researchers' collaborations.

Follow @joelindra
03

Publications

CVE Disclosures

CVE-2024-32534
XSS
CVE-2024-30549
XSS
CVE-2024-31928
XSS
CVE-2024-29819
XSS
CVE-2024-27996
XSS
CVE-2024-6518
XSS
Google Hacking Database
GHDB-8437 GHDB-8446

Research Papers Live

Research Paper

THE HUMAN ELEMENT IN CYBERSECURITY: AN ANALYSIS OF SOCIAL ENGINEERING VULNERABILITIES AND SECURITY AWARENESS TRAINING EFFICACY

Research Publication

Research Paper

Keamanan Operational Technology (OT): Tantangan dan Solusi dalam Era Konvergensi IT/OT Abstrak

Research Publication

Research Paper

SOAP and REST: A Comparative Analysis of Web Service APIs

Research Publication

Research Paper

Local File Inclusion: Advanced Exploitation Techniques, Detection Methods, and Secure Development Practices

Research Publication

04

Professional Experience

Corporate & Contract

PR
PT. Protergo Siber Security
Offensive Security Engineer Full-time April 2024 – Present

Executed end-to-end penetration testing across web, API, mobile, cloud, and infrastructure. Identified critical vulnerabilities across application, network, and wireless layers. Conducted Active Directory exploitation and adversarial simulations. Delivered risk-based reports improving client security posture.

SI
PT Sinergi Informatika Semen Indonesia
Penetration Tester Contract August 2023 - April 2024

Conducted penetration testing on Android apps (Akses Toko, Forca HR), iOS apps, web apps (Firms, Forca ERP, SISI ID, SMART Firms), and MRT firewall systems.

XN
PT Xynexis International
Penetration Tester Contract August 2022 - July 2023

Conducted penetration testing for PT Bank Central Asia, Bank Indonesia, PT Telkom Indonesia Tbk, PT SeaBank Indonesia, Prodia, and other high-profile organizations.

DP
Dinas Penanaman Modal dan Pelayanan Terpadu Satu Pintu
Penetration Tester Contract September 2021 - August 2022

Conducted penetration testing to assess and fortify security of Badung Regency Investment Office main website.

PL
Kepolisian Negara Republik Indonesia (Polda Bali)
Penetration Tester & Software Developer Contract July 2021 - August 2022

Developed web application using CodeIgniter 4 for cybercrime case monitoring. Conducted penetration testing for cybercrime monitoring web applications.

Freelance Projects

HF
Hugging Face
Vulnerability Researcher Freelance June 2025 - Present

Uncovering hidden zero-day vulnerabilities. Notable CVE discoveries: CVE-2025-6921, CVE-2025-11231.

OS
OffSec
Dork Researcher Freelance May 2024 - Present

Conducting targeted reconnaissance using advanced search operators. GHDB entries: ghdb/8437, ghdb/8446.

WP
WordPress
Vulnerability Researcher Freelance January 2024 - Present

Uncovering zero-day vulnerabilities. Discovered 12 CVEs including CVE-2024-27996, CVE-2024-30549, CVE-2024-31928, CVE-2024-32534, and more.

??
Confidential
Offensive Consultant Freelance December 2023 - Present

Expert cybersecurity assessments. Specialized in desktop, mobile, web, network, wireless, physical security, and social engineering assessments.

MB
Maybank
Penetration Tester Freelance April 2024 - March 2025

Conducted WiFi penetration testing, desktop penetration testing, network penetration testing, web penetration testing, and mobile app penetration testing on corporate environment. Documented findings and provided remediation recommendations.

Source Code Reviewer Freelance December 2025 - December 2025

Performed secure source code review on critical applications to identify vulnerabilities, insecure coding patterns, and logic flaws. Provided detailed remediation guidance to development teams.

KS
Kiwoom Securities Indonesia
Penetration Tester Freelance May 2024 - August 2024

Conducted desktop penetration testing on endpoint systems to assess security vulnerabilities and enhance desktop security frameworks.

JH
Jadi Hacker
Instructor - Android Penetration Testing Freelance December 2023 - March 2024

Providing comprehensive training on Android Penetration Testing with hands-on approach covering latest techniques and tools.

05

Awards & Speaking

πŸ† Awards & Honors
πŸ›οΈ
Hall of Fame - SAP Software Company
πŸ›οΈ
Hall of Fame - IBM Corporation
πŸ›οΈ
Hall of Fame - Bukalapak E-Commerce
πŸ“œ
Appreciation Letter - Cambridge University
🎀 Speaking Engagements
Why Ethical Hacking is Necessary
Light Security
Bug Bounty Introduction
linuxhacking.id
Web Hacking
linuxhacking.id
Mobile Hacking
KamarKamsib
06

Certifications

Junior Penetration Tester [PT1]

#68c4116a42043e4019936393 - 2025

Verified

Certified Red Team CredOps Infiltrator [CRT-COI]

#9056AC07 - 2025

Verified

Certified Red Team Analyst [ CRTA ]

#2011532 - 2025

Verified

Certified Process Injection Analyst [ CPIA ]

#d9a2a18b - 2025

Verified

Certified Appsec Practitioner [ CAP ]

#7897347 - 2023

Verified

Certified Blockchain Practitioner [ CBP ]

#7895993 - 2023

Verified

Certified Network Security Practitioner [ CNSP ]

#7896092 - 2023

Verified

Certified Ethical Hacker [ CEH Master ]

#ECC2734851069 – 2023-2026

Verified

Certified Ethical Hacker [ CEH Practical ]

#ECC1069437825 – 2023-2026

Verified

Certified Ethical Hacker [ CEH Ansi ]

#ECC7489521630 – 2021-2024

Verified

Certified Secure Computer User [ CSCUv2 ]

#ECC2467981350 – 2021

Verified

MikroTik Certified Network Associate [ MTCNA ]

#2104NA4168 - 2021

Verified