Joel Indra - Offensive Security Researcher

About Me

🔍

CVEs Discovered

🛠️

Open-Source Tools

📅

Years Experience

🏆

Bug Bounty Awards

Education

Institute of Technology and Business Stikom Bali

Computer System — Major: Cyber Security

Best Thesis Award, 32nd Graduation Ceremony

Thesis: Information System Security Analysis Using VAPT Methods [Zero Hacking]

Career Highlights

14
CVEs Published

31+
Tools Built

3
Years Active

10+
Bug Bounties

Secured bug bounty awards from SAP, IBM, Cambridge University, Bukalapak, and more. Led penetration testing for PT Bank Central Asia, Bank Indonesia, PT Telkom Indonesia.

Offensive Security Engineer specializing in exploit development, CVE research, and scalable offensive tooling. Proven track record in discovering high-impact vulnerabilities, building production-grade security tools, and executing advanced penetration testing across banking, government, and enterprise environments.

Offensive Security

Web API Mobile (Android/iOS) Desktop Network Cloud IoT Red Teaming Adversarial Emulation Social Engineering

Application Security

API Security WordPress vulnerability research SAST, DAST, IAST methodologies

Exploit Development & Tooling

Custom offensive tools (Python ecosystem) C2 frameworks (AES-GCM) XSS engines OAST systems

Threat Intelligence & Reconnaissance

OSINT Google Dorking attack surface discovery Exposure analysis and vulnerability mapping

Reporting & Communication

Risk-based reporting with business impact translation Stakeholder-focused remediation strategies

Hacking Projects

Live from GitHub · Updated 3m ago ↻

OR Python ★ 1

originx

Shodan origin ip recon, single and mass recon, best tools!

Python

★ 1

View on GitHub →

WA Python

waffex

Check all kind of waff on website target

Python

View on GitHub →

CP Python

cpexploiter

Open-source security tool

Python

View on GitHub →

MO Shell

morphtext

Morpthext for prompt injection

Shell

View on GitHub →

WI PowerShell

wincheck

W1ncheck running for do information gathering on your windows system

PowerShell

View on GitHub →

XS Shell

xstinject

XST Injection, this tools for automate check xst injection on your single or mulitple target

Shell

View on GitHub →

TH PowerShell ★ 1

thickcheck

This PowerShell script allows you to check the security features (NX Compatibility, DEP, ASLR, CFG) …

PowerShell

★ 1

View on GitHub →

1 2 3 4

Showing 25–31 of 31 projects

Explore more on GitHub

Dive into detailed documentation, source code, and security researchers' collaborations.

Follow @joelindra

Professional Experience

Corporate & Contract

PT. Protergo Siber Security

Offensive Security Engineer Full-time April 2024 – Present

Executed end-to-end penetration testing across web, API, mobile, cloud, and infrastructure. Identified critical vulnerabilities across application, network, and wireless layers. Conducted Active Directory exploitation and adversarial simulations. Delivered risk-based reports improving client security posture.

PT Sinergi Informatika Semen Indonesia

Penetration Tester Contract August 2023 - April 2024

Conducted penetration testing on Android apps (Akses Toko, Forca HR), iOS apps, web apps (Firms, Forca ERP, SISI ID, SMART Firms), and MRT firewall systems.

PT Xynexis International

Penetration Tester Contract August 2022 - July 2023

Conducted penetration testing for PT Bank Central Asia, Bank Indonesia, PT Telkom Indonesia Tbk, PT SeaBank Indonesia, Prodia, and other high-profile organizations.

Dinas Penanaman Modal dan Pelayanan Terpadu Satu Pintu

Penetration Tester Contract September 2021 - August 2022

Conducted penetration testing to assess and fortify security of Badung Regency Investment Office main website.

Kepolisian Negara Republik Indonesia (Polda Bali)

Penetration Tester & Software Developer Contract July 2021 - August 2022

Developed web application using CodeIgniter 4 for cybercrime case monitoring. Conducted penetration testing for cybercrime monitoring web applications.

Freelance Projects

Hugging Face

Vulnerability Researcher Freelance June 2025 - Present

Uncovering hidden zero-day vulnerabilities. Notable CVE discoveries: CVE-2025-6921, CVE-2025-11231.

OffSec

Dork Researcher Freelance May 2024 - Present

Conducting targeted reconnaissance using advanced search operators. GHDB entries: ghdb/8437, ghdb/8446.

WordPress

Vulnerability Researcher Freelance January 2024 - Present

Uncovering zero-day vulnerabilities. Discovered 12 CVEs including CVE-2024-27996, CVE-2024-30549, CVE-2024-31928, CVE-2024-32534, and more.

Confidential

Offensive Consultant Freelance December 2023 - Present

Expert cybersecurity assessments. Specialized in desktop, mobile, web, network, wireless, physical security, and social engineering assessments.

Maybank

Penetration Tester Freelance April 2024 - March 2025

Conducted WiFi penetration testing, desktop penetration testing, network penetration testing, web penetration testing, and mobile app penetration testing on corporate environment. Documented findings and provided remediation recommendations.

Source Code Reviewer Freelance December 2025 - December 2025

Performed secure source code review on critical applications to identify vulnerabilities, insecure coding patterns, and logic flaws. Provided detailed remediation guidance to development teams.

Kiwoom Securities Indonesia

Penetration Tester Freelance May 2024 - August 2024

Conducted desktop penetration testing on endpoint systems to assess security vulnerabilities and enhance desktop security frameworks.

Jadi Hacker

Instructor - Android Penetration Testing Freelance December 2023 - March 2024

Providing comprehensive training on Android Penetration Testing with hands-on approach covering latest techniques and tools.

Certifications

Junior Penetration Tester [PT1]

#68c4116a42043e4019936393 - 2025

Verified

Certified Red Team CredOps Infiltrator [CRT-COI]

#9056AC07 - 2025

Verified

Certified Red Team Analyst [ CRTA ]

#2011532 - 2025

Verified

Certified Process Injection Analyst [ CPIA ]

#d9a2a18b - 2025

Verified

Certified Appsec Practitioner [ CAP ]

#7897347 - 2023

Verified

Certified Blockchain Practitioner [ CBP ]

#7895993 - 2023

Verified

Certified Network Security Practitioner [ CNSP ]

#7896092 - 2023

Verified

Certified Ethical Hacker [ CEH Master ]

#ECC2734851069 – 2023-2026

Verified

Certified Ethical Hacker [ CEH Practical ]

#ECC1069437825 – 2023-2026

Verified

Certified Ethical Hacker [ CEH Ansi ]

#ECC7489521630 – 2021-2024

Verified

Certified Secure Computer User [ CSCUv2 ]

#ECC2467981350 – 2021

Verified

MikroTik Certified Network Associate [ MTCNA ]

#2104NA4168 - 2021

Verified

Offensive Security

About Me

Institute of Technology and Business Stikom Bali

Hacking Projects

originx

waffex

cpexploiter

morphtext

wincheck

xstinject

thickcheck

Explore more on GitHub

Publications

CVE Disclosures

Research Papers Live

THE HUMAN ELEMENT IN CYBERSECURITY: AN ANALYSIS OF SOCIAL ENGINEERING VULNERABILITIES AND SECURITY AWARENESS TRAINING EFFICACY

Keamanan Operational Technology (OT): Tantangan dan Solusi dalam Era Konvergensi IT/OT Abstrak

SOAP and REST: A Comparative Analysis of Web Service APIs

Local File Inclusion: Advanced Exploitation Techniques, Detection Methods, and Secure Development Practices

Professional Experience

Corporate & Contract

Freelance Projects

Awards & Speaking

Certifications

Junior Penetration Tester [PT1]

Certified Red Team CredOps Infiltrator [CRT-COI]

Certified Red Team Analyst [ CRTA ]

Certified Process Injection Analyst [ CPIA ]

Certified Appsec Practitioner [ CAP ]

Certified Blockchain Practitioner [ CBP ]

Certified Network Security Practitioner [ CNSP ]

Certified Ethical Hacker [ CEH Master ]

Certified Ethical Hacker [ CEH Practical ]

Certified Ethical Hacker [ CEH Ansi ]

Certified Secure Computer User [ CSCUv2 ]

MikroTik Certified Network Associate [ MTCNA ]