hdnsbr

Security researcher breaking API architectures. AI engineer building autonomous infrastructure. SSRF, cloud IAM, IDOR, AI agents.

Indonesia
hdnsbr

I'm Hadiana Abdul Sobur — a security researcher and AI developer based in Indonesia. I hunt bugs for a living and build autonomous infrastructure for fun.

Security: Focused on breaking modern API architectures, specifically through SSRF chain exploitation, cloud IAM privilege escalation, and IDOR discovery across fintech and cloud platforms.

AI Engineering: Designing self-hosted LLM inference systems, autonomous agent orchestrators, and browser automation frameworks designed to optimize offensive security workflows.

SSRF Cloud IAM API Security IDOR Broken Auth Web3 Python Go Playwright AI Agents LLM Ops Cloudflare Reverse Engineering Containerization

Things I've Built

$ hermes deploy --skill api-security
Loading provider: custom/om
Tools: browser, terminal, file
Session ready. Scope: in-scope only.
✓ Agent running in background

Hermes Agent

Autonomous AI agent orchestrator with multi-provider routing, tool-calling, browser automation, and persistent memory for security research workflows.

Python LLM Playwright MCP
$ ohmycaptcha solve --type hcaptcha
Launching browser (Xvfb)...
Challenge detected: image grid
Vision model: solved in 2.3s
✓ Token: P0_2f8a... (score: 0.9)

OhMyCaptcha

Self-hosted CAPTCHA solving service — reCAPTCHA v2/v3, hCaptcha, Turnstile bypass via browser automation and ML vision models.

Playwright FastAPI ddddocr Xvfb
$ proxy-pool rotate --country JP
Testing 12 proxies from Japan...
Live: 8 OK (latency <500ms)
Fingerprint: Chrome 124 / id-ID
✓ Rotated to 180.xxx.xxx.42:9090

Proxy Rotator

Residential proxy pool with auto-rotation, health checks, country-aware fingerprinting, and Xray integration for Cloudflare-bypass hunting.

SOCKS5 Xray curl_cffi Go
$ cred-scanner scan --depth deep
Scanning: github.com/org/repo...
Pattern: API_KEY in commit 3a2f1e
AWS key detected: AKIA****W5Z2
⚠ 4 leaks found — 1 critical

Cred Scanner

Automated credential leak detection — scrapes public repos, pastebins, and JS bundles for API keys, tokens, DB creds, and cloud service accounts.

GitHub API regex OSINT Python
$ llm switch --model qwen-32b
Loading Qwen2.5-Coder-32B-Q4...
KV cache: 512, context: 8192
Inference: 0.6 tok/s (19GB RAM)
✓ Server ready on localhost:8000

Local LLM Pipeline

Self-hosted GGUF inference with llama.cpp — Qwen2.5-Coder models for bulk triage, JS analysis, and report writing. Multi-model switching on bare metal.

llama.cpp GGUF Qwen OpenAI API
Browse All Repos

GitHub Stats

Get In Touch

Hunting bugs, building agents, or breaking things — hit me up.