Hi, I'm Dan Fabro. 👋
I am currently situated in the Philippines.
I'm working as a remote Software Quality Assurance Engineer for an Australian property-analysis startup and is deeply passionate about information security. I'm interested, particularly, in web and mobile application offensive security.
Been hunting and hacking since 2017 (mostly in private and external bug bounty programs), engaged in multiple CTF events, and participated in different hacking conferences.
In my free time, I enjoy playing computer games, Chess, reading books, mountaineering, cycling, and/or tinkering with electronics.
Acknowledgments
Found and reported valid security bugs in these companies and government agencies, there are others I can't disclose (yet):
- ABS-CBN Network
- Alibaba
- Arduino
- ASUS
- AT&T
- Bohemia Interactive
- Bosch
- BuyMeACoffee
- Deutsche Telekom
- Disqus
- eBAY
- Ford
- Formative
- Giesecke+Devrient
- Globe Telecom
- Government of Netherlands
- Government Technology Agency of Singapore (GovTech)
- Homerun
- LifeOmic
- Mailcoach
- Microsoft
- Moodle
- NIKE
- Nokia
- OLX
- Pragmatic Industries
- Razer
- Shopee Philippines
- SONY
- Soomgo
- Telecom Italia
- Telekom Slovakia
- Trend Micro
- Twitch
- United States Department of Defense
- Valve
- VMWare
- Walmart
- WorkGaps
- WP Engine
Technical skills
- Web and Mobile Application Security Auditing
- Software QA Testing
- Test Automation (Selenium+C#, Selenium+Python, Selenium+Java, Cypress, and via TestProject)
- Project Management (Azure DevOps, Jira, ClickUp, Asana, Trello)
- Web Development
Why this blog?
"Start a side project instead of a company. Write a blog post instead of a book. Lower the stakes to increase the odds."
Just to try things out. This internet corner of mine was inspired by the tech blogs created by some people in the information security community and also because of this article as well. Since I am genuinely interested in a broad range of topics, I also needed an avenue to review my thought process when hunting for security bugs and a medium that can act as a resource to the information security community.