Red team · Exploit dev · Systems architecture
I'm Mochammad Atha Tajuddin — I hunt vulnerabilities and write exploit tooling, then architect the backends and systems that hold up under pressure.
Offense first. I learn to break a system before I trust myself to build one — the two feed each other.
Primary focus
Hunting memory-corruption bugs in C/C++, writing exploit tooling and PoCs, reverse engineering binaries, and running red-team workflows end to end. I built BOAR to automate buffer-overflow discovery and PoC generation, and Mjolnir, an MCP that wires an AI into 30+ pentest tools.
Build
Designing systems from the ground up: a C++17 HTTP framework written from scratch, a microservices early-warning platform for oil & gas over gRPC and edge gateways, and self-hosted infrastructure on my own VPS and homelab.
Ship
Go and Python backends with clean architecture, REST and gRPC APIs, sensible database design, and event-driven services. Scored Excellent on the Evermos × Rakamin backend track, shipping a full app with pagination, integrations and DDL/DML design.
About
Chasing that answer led me to buffer overflows, reverse engineering, and eventually writing my own tooling in Nim and Python. To break into a system, I had to understand how it's built — so I started building things from scratch.
An HTTP framework in C++, an MCP server for red teaming, a Discord bot, and an industrial monitoring system built with a team. On campus I'm active in the Ethical Hacking, AI/ML, Big Data, and Computer Networks labs at ITS Surabaya.
Right now I'm learning Nim, Elixir, Assembly, Verilog and Solidity in parallel. Sounds like a lot — but each language teaches a different way of thinking, and that's exactly what I'm after.
3.67
GPA / 4.00
6+
shipped projects
12+
languages used
'24
class of
Buffer Overflow Analyzer & Remediation
Hunts buffer overflows in C/C++ code — detects 60+ patterns from real CVEs, analyses crashes, checks binary protections (Canary, NX, ASLR, PIE), and auto-generates PoC exploits via pwntools.
MCP server for pentesting & CTFs built around a verified-PoC database so the AI never hallucinates untested exploits. Wired into 30+ tools with automated recon and scanning.
A work-in-progress PE parser written in Nim — reading headers, sections and imports to inspect Windows executables. My hands-on ground for building reverse-engineering tooling beyond Python.
A C++17 HTTP framework written from scratch: routing, JSON handling, a CLI tool, and a benchmark suite. Started as a learning project, became a performance obsession.
Early-warning platform for oil & gas, built with a team. Go backend, microservices, edge gateway over gRPC, Docker orchestration, and ML anomaly detection. IOC Hackathon SKK Migas finalist.
Rented a VPS, deployed OpenCLAW alongside Ollama — a personal LLM on my own server, locked down with SSH-key auth, no passwords whatsoever.
A modular Discord bot on Node.js with SQLite in WAL mode — event-driven architecture and real-time state management.
What I reach for to build, secure, and take systems apart.
Languages
Go and Python for shipping fast, C and C++ when I need to be close to the metal, Rust when memory safety actually matters.
Red Team
Blue Team
ML & Vision
Backend & Infra
Work, teaching, and research. Full CV available on request via email.
Institut Teknologi Sepuluh Nopember (ITS)
Helpdesk for ITS' independent admission selection: resolving account, access and scoring issues, liaising between participants, admins and lecturers.
Xtremax Teknologi Indonesia
Security and equipment logistics for a cybersecurity event backed by AWS, Buildpad and Xtremax — keeping things safe for participants, sponsors and crew.
Dept. of Information Technology, ITS
Three hats: teaching 5 modules as lecturer assistant, writing implementation-based lab exercises as problem setter, and grading practicum demos on logic, OOP and structure.
Dept. of Information Technology, ITS
Designed CTF challenges on hardware reverse engineering and FPGA analysis for a national cybersecurity competition with 100+ participants.
Smart City & Cyber Security Lab (KCKS), ITS
Weekly web-security research around OWASP Top 10 and PortSwigger Labs; contributed to ARACHNI, automation that cut app-security scan time by ~80%.
Evermos × Rakamin Academy · virtual internship
Completed 100% of weekly backend challenges and shipped a final app with clean architecture, pagination, API integration and DDL/DML design — scored 85.56, Excellent Student.
Education
Institut Teknologi Sepuluh Nopember (ITS), Surabaya
Highlight
Finalist, IOC Hackathon SKK Migas with SIEWS 5.0+ — one of 3 campus representatives out of 18 internal proposals, shortlisted from 102 nationwide.
Certifications
Currently learning
Contact
Almost everything I work on is documented on GitHub. For projects, CTF write-ups, or just trading ideas — drop me a line.