a.k.a

Groovy Mark

Octavianus Agung

Cybersecurity Enthusiast - CTF Player - Pentester

View Pentest Domains Contact Me
// 01. Penetration Testing

Pentested Targets

All tests were conducted legally with written permission from the system owner. Target names are anonymized per non-disclosure agreement (NDA).
Korbrimob Polri
Government — Indonesian National Police
February 06, 2026
Target Type
The issue occurs because React Server Components unsafely deserialize HTTP payloads on the Server Function endpoint, allowing an attacker to send a malicious payload that causes the server to execute arbitrary code.
Scope
React Server Components (RSC), Next.js, React Router RSC preview, Redwood SDK, Waku, RSC Plugin for Vite and Parcel
Technique
CVE-2025-55182
Findings
Root Cause
CWE-502 Unsafe Deserialization
Exploitation in the Wild
Full server compromise
Tools
Burp Suite Private Tools
Status
CONFIDENTIAL — NDA
Governo do Distrito Federal
Regional Government — Brazil
February 01, 2026
Target Type
The issue occurs because React Server Components unsafely deserialize HTTP payloads on the Server Function endpoint, allowing an attacker to send a malicious payload that causes the server to execute arbitrary code.
Scope
React Server Components (RSC), Next.js, React Router RSC preview, Redwood SDK, Waku, RSC Plugin for Vite and Parcel
Technique
CVE-2025-55182
Findings
Root Cause
CWE-502 Unsafe Deserialization
Exploitation in the Wild
Full server compromise
Tools
Burp Suite Private Tools
Status
CONFIDENTIAL — NDA
// 02. Competition

Competition Experience

OSII WEEK
Universitas Katolik Darma Cendika
2023
Category: Mobile Application Development
3rd Place
FITCOM 2.0
Universitas Dinamika Surabaya
2024
Category: Forensics, Reverse Engineering, Web Exploitation
1st Runner-up
INTECH-FEST
Politeknik Negeri Bali
2025
Category: Forensics, Reverse Engineering, Web Exploitation
Participant
ILPC
Universitas Surabaya
2025
Category: Informatics Logical Programming, Forensics, Reverse Engineering, Web Exploitation
Participant
// 03. Certifications

Certifications

Basic Penetration Testing & Hacktivist (PC)
Sibermuda Indonesia
2026
// 04. Badges & Awards

Badges & Awards

ISC2 Candidate
ISC2 Candidate
(ISC)² — International Information System Security Certification Consortium
2026
// 05. Education

Education History

2025 — 2026
Institut Sains dan Teknologi Terpadu Surabaya (iSTTS) Student
Institute
2022 — 2025
SMAK Santa Agnes Surabaya
Catholic Senior High School
2019 — 2022
SMPK Santa Agnes Surabaya
Catholic Junior High School
2013 — 2019
SDK Katolik Theresia 1
Catholic Elementary School
// 06. Social Media

Contact Me

Certificate
Certificate image not available yet.