Hi, I'm Dan Fabro. 👋
I am currently situated in the Philippines.
I'm working as a Senior Software QA Engineer - also leading and managing a team of Software QAs. I'm also deeply passionate about information security, particularly in web and mobile application offensive security.
Been hunting and hacking since 2017 (mostly in private and external bug bounty programs), engaged in multiple CTF events, and participated in different hacking conferences.
In my free time, I enjoy playing computer games, Chess, reading books, mountaineering, cycling, and/or tinkering with electronics.
Acknowledgments
Found and reported valid security bugs in these companies and government agencies, there are others I can't disclose (yet):
- ABS-CBN Network
- Alibaba
- Arduino
- ASUS
- AT&T
- Bohemia Interactive
- Bosch
- BuyMeACoffee
- Deutsche Telekom
- Disqus
- eBAY
- Ford
- Formative
- Giesecke+Devrient
- Globe Telecom
- Government of Netherlands
- Government Technology Agency of Singapore (GovTech)
- Homerun
- LifeOmic
- Mailcoach
- Microsoft
- Moodle
- NIKE
- Nokia
- OLX
- Pragmatic Industries
- Razer
- Shopee Philippines
- SONY
- Soomgo
- Telecom Italia
- Telekom Slovakia
- Trend Micro
- Twitch
- United States Department of Defense
- Valve
- VMWare
- Walmart
- WorkGaps
- WP Engine
Skillset
- Web and Mobile Application Security Auditing
- Software QA Testing (functional and non-functional)
- Test Automation + AI Integration (Selenium, Cypress, and Playwright)
- Project Management (Azure DevOps, Jira, ClickUp, Asana, Trello, Linear)
- Technical Recruitment
- Technical Report and Documentation
- Web Application Development
Why this blog?
"Start a side project instead of a company. Write a blog post instead of a book. Lower the stakes to increase the odds."
Just to try things out. This internet corner of mine was inspired by the tech blogs created by some people in the information security community and also because of this article as well. Since I am genuinely interested in a broad range of topics, I also needed an avenue to review my thought process when hunting for security bugs and a medium that can act as a resource to the information security community.