About Brahma | Zero State Protocol

SYSTEM NOMINAL ◆ DEFCON 32 RECAP OUT NOW ◆ NEW BOUNTY WRITEUP: $50K SSRF ◆ ZERO STATE PROTOCOL ACTIVATED ◆ NO SAFE HARBOR ◆ SYSTEM NOMINAL ◆ DEFCON 32 RECAP OUT NOW ◆ NEW BOUNTY WRITEUP: $50K SSRF ◆ ZERO STATE PROTOCOL ACTIVATED ◆ NO SAFE HARBOR ◆

NO_FACIAL_REC

IDENTIFICATION

ALIAS: Brahma
CLASS: Hunter
AFFILIATION: Independent
STATUS: Active

// WHOAMI

THE OPERATOR

I am a full-time offensive security researcher and bug bounty hunter specializing in web application vulnerabilities, cloud infrastructure security, and undocumented exploit chains.

The Zero State Protocol is a methodology: approaching every target with zero assumptions about its security posture. Where others see standard functionality, I look for logic flaws, edge cases in deserialization, and complex SSRF escalations.

Currently holding multiple top 50 leaderboard positions across major bounty platforms. My research focuses on the intersection of cloud-native architecture, WAF bypass techniques, and subtle race conditions.

// CAPABILITIES

SKILL MATRIX

// WEB_SEC

Web Security

XSS, SQLi, SSRF, IDOR, deserialization, WAF bypass, and complex logic flaws in modern web stacks.

[WEB-SECURITY]

// API_SEC

API Security

REST & GraphQL attack surfaces, broken object-level auth, mass assignment, and JWT manipulation.

[API-SECURITY]

// WEB3_SEC

Web3 Security

Smart contract auditing, reentrancy, flash loan exploits, and DeFi protocol vulnerability research.

[WEB3-SECURITY]

// ANDROID_SEC

Android Security

APK reversing, deep-link hijacking, exported component abuse, and traffic interception on mobile targets.

[ANDROID-SECURITY]

// GAME_DEV

Game Development

Building interactive experiences with a hacker mindset — from game mechanics to cheat-resistant architectures.

[GAME-DEV]

// APP_DEV

App Development

Full-stack and mobile app development with a security-first philosophy baked in from day one.

[APP-DEV]

// COMM LINK