$ cat about.md

About Fr3ak Hacks

An independent security researcher and bug bounty hunter. I help companies find the bugs that automated scanners miss — and fix them before someone else finds them first.

Mission

Make the digital world a little harder to break.

Most products ship with a long tail of unknown unknowns — configuration drift, third-party services, business-logic edge cases the developers never imagined. My job is to find those before they become an incident.

I work across public bug bounty programs, private engagements, and open-source security research. The output is the same in all three: a clear report, reproducible steps, prioritized impact, and a recommended fix.

Principles

How I work

Integrity

Responsible disclosure first. No public 0-day drops without coordination, no surprises in the report.

Curiosity

I'd rather understand a system end-to-end than chase the lowest-hanging finding. The deeper bugs live below the surface.

Clarity

Reports that a developer can act on the same day they read them. Repro steps, impact, fix — no filler.

Stack

Tools of the trade

Burp SuiteOWASP Top 10GraphQLOAuth 2.0 / OIDCSource code reviewLinux internalsDocker & K8sCloud (AWS / GCP)Reverse engineeringPython tooling

Have something for me to break?

Let’s talk scope and timing.

Get in Touch →