Offensive Security & AI Engineer

5+ years experience in penetration testing, vulnerability assessment, and ethical hacking. Skilled in identifying security risks and implementing protection strategies.

docs.joelindra.id linkedin.com/in/joelindra
View Projects
// Offensive Security & AI Engineer
const joel = {
name: 'Joel Indra',
role: 'Offensive Security | Underworld AI',
experience: 5+ // years,
cves: 14,
tools: 30+ // open-source,
status: 'Securing the Digital Universe'
};
hack(joel);
01

About Me

5+ years experience in penetration testing, vulnerability assessment, and ethical hacking. Skilled in identifying security risks and implementing protection strategies using advanced security tools.

Education

Institute of Technology and Business Stikom Bali

Computer System (Major Cyber Security)

Best Thesis Award, 32nd Graduation Ceremony

Thesis: Information System Security Analysis Using VAPT Methods [Zero Hacking]

Skills & Expertise

Information Gathering Vulnerability Scanning JWT Hacking Web Penetration Testing Mobile (Android/iOS) Testing Cloud Security Desktop Penetration Test WordPress Vulnerability Research SAST, DAST, IAST Network Penetration Testing Infrastructure Testing Wireless Security NFC & IoT Testing Dork Research Vulnerability Assessment API Penetration Testing Threat Intelligence Active Directory Adversarial Emulation

Career Highlights

14
Publications
30+
Open-Source Tools
5+
Years Experience
10+
Bug Bounty Awards

Secured bug bounty awards from SAP, IBM, Cambridge University, Indeed, Bukalapak, and more. Led penetration testing for PT Bank Central Asia, Bank Indonesia, PT Telkom Indonesia.

02

Hacking Projects

Frida-xTR
2024

Frida-xTR

Frida Server management for multiple Android devices

Python
View Project
Janus
2024

Janus

PHP web shell for security testing

PHP
View Project
Hefaistos
2024

Hefaistos

Burp Suite extension for hackers

Java
View Project
Janus-Filemanager
2024

Janus-Filemanager

Web-based file manager

PHP JavaScript
View Project
CVE-2017-9841
2024

CVE-2017-9841

PHPUnit vulnerability scanner

Python
View Project
CacheF3r
2024

CacheF3r

Web cache poisoning scanner

Python
View Project
Evidence-Locker
2024

Evidence-Locker

Burp extension for pentest documentation

Java
View Project
Logic-Mapper
2024

Logic-Mapper

Visual business logic flow mapper for Burp

Java
View Project
Showing 1-8 of 18 projects
03

Publications

CVE

CVE-2024-32534
XSS
CVE-2024-30549
XSS
CVE-2024-31928
XSS
CVE-2024-29819
XSS
CVE-2024-27996
XSS
CVE-2024-6518
XSS
Showing 1-6 of 14 CVEs

GHDB Entries

GHDB-8437 GHDB-8446

Papers

Research Paper

THE HUMAN ELEMENT IN CYBERSECURITY: AN ANALYSIS OF SOCIAL ENGINEERING VULNERABILITIES AND SECURITY AWARENESS TRAINING EFFICACY

An analysis of social engineering vulnerabilities and security awareness training efficacy
Research Paper

Keamanan Operational Technology (OT): Tantangan dan Solusi dalam Era Konvergensi IT-OT

Tantangan dan solusi dalam era konvergensi IT-OT
Research Paper

SOAP and REST: A Comparative Analysis of Web Service APIs

Web Service APIs
Research Paper

Local File Inclusion: Advanced Exploitation Techniques

Detection Methods, and Secure Development Practices
Showing 1-4 of 8 papers
04

Professional Experience

Hugging Face
Vulnerability Researcher Full-time June 2025 - Present

Uncovering hidden zero-day vulnerabilities. Notable CVE discoveries: CVE-2025-6921, CVE-2025-11231.

OffSec
Dork Researcher Full-time May 2024 - Present

Conducting targeted reconnaissance using advanced search operators. GHDB entries: ghdb/8437, ghdb/8446.

WordPress
Vulnerability Researcher Full-time January 2024 - Present

Uncovering zero-day vulnerabilities. Discovered 12 CVEs including CVE-2024-27996, CVE-2024-30549, CVE-2024-31928, CVE-2024-32534, and more.

Confidential
Offensive Consultant Freelance December 2023 - Present

Expert cybersecurity assessments. Specialized in desktop, mobile, web, network, wireless, physical security, and social engineering assessments.

Maybank
Penetration Tester Contract April 2024 - March 2025

Conducted WiFi penetration testing, desktop penetration testing, network penetration testing, web penetration testing, and mobile app penetration testing on corporate environment. Documented findings and provided remediation recommendations.

Source Code Reviewer Contract December 2025 - December 2025

Performed secure source code review on critical applications to identify vulnerabilities, insecure coding patterns, and logic flaws. Provided detailed remediation guidance to development teams.

Kiwoom Securities Indonesia
Penetration Tester Contract May 2024 - August 2024

Conducted desktop penetration testing on endpoint systems to assess security vulnerabilities and enhance desktop security frameworks.

Jadi Hacker
Instructor - Android Penetration Testing Contract December 2023 - March 2024

Providing comprehensive training on Android Penetration Testing with hands-on approach covering latest techniques and tools.

PT Sinergi Informatika Semen Indonesia
Penetration Tester Contract August 2023 - April 2024

Conducted penetration testing on Android apps (Akses Toko, Forca HR), iOS apps, web apps (Firms, Forca ERP, SISI ID, SMART Firms), and MRT firewall systems.

PT Xynexis International
Penetration Tester Contract August 2022 - July 2023

Conducted penetration testing for PT Bank Central Asia, Bank Indonesia, PT Telkom Indonesia Tbk, PT SeaBank Indonesia, Prodia, and other high-profile organizations.

Dinas Penanaman Modal dan Pelayanan Terpadu Satu Pintu
Penetration Tester Contract September 2021 - August 2022

Conducted penetration testing to assess and fortify security of Badung Regency Investment Office main website.

Kepolisian Negara Republik Indonesia (Polda Bali)
Penetration Tester & Software Developer Contract July 2021 - August 2022

Developed web application using CodeIgniter 4 for cybercrime case monitoring. Conducted penetration testing for cybercrime monitoring web applications.

05

Awards & Speaking

Awards & Honors

Hall of Fame - SAP Software Company
Hall of Fame - IBM Corporation
Hall of Fame - Bukalapak E-Commerce
Appreciation Letter - Cambridge University
Showing 1-4 of 8 awards

Speaking Engagements

Why Ethical Hacking is Necessary
Light Security
Bug Bounty Introduction
linuxhacking.id
Web Hacking
linuxhacking.id
Mobile Hacking
KamarKamsib
Showing 1-4 of 7 speaking engagements
06

Certifications

EC Council Certified Cyber Security Career Mentor

Junior Penetration Tester [PT1]

#68c4116a42043e4019936393 - 2025

Certified Red Team CredOps Infiltrator [CRT-COI]

#9056AC07 - 2025

Certified Red Team Analyst [ CRTA ]

#2011532 - 2025

Certified Process Injection Analyst [ CPIA ]

#d9a2a18b - 2025

Certified Threat Intelligence 101 [ CTI ] - 2024

Certified Appsec Practitioner [ CAP ]

#7897347 - 2023

Certified Blockchain Practitioner [ CBP ]

#7895993 - 2023

Certified Network Security Practitioner [ CNSP ]

#7896092 - 2023

Certified Ethical Hacker [ CEH Master ]

#ECC2734851069 – 2023-2026

Certified Ethical Hacker [ CEH Practical ]

#ECC1069437825 – 2023-2026

Foresec Certified in Computer Hacking [ FCCH ]

#0821-036050 - 2021

Foresec Certified in Network Security [ FCNS ]

#1121-008546 – 2021

Certified Ethical Hacker [ CEH Ansi ]

#ECC7489521630 – 2021-2024

Certified Secure Computer User [ CSCUv2 ]

#ECC2467981350 – 2021

MikroTik Certified Network Associate [ MTCNA ]

#2104NA4168 - 2021