whoami

Jeremia Geraldi Sihombing

Curious Soul · Cyber Security Professional · Sports Lover

Hacking for a living, hired to safeguard the internet by legally attacking it. AI slop enjoyer, AC Milan on matchdays, Denver Nuggets past midnight.

Curiosity refuses to stay in one lane, there are too much things worth learning. Some times it’s a low-level systems and reading a debugger until my eyes hurt. Other time it’s the web3 space, checking how smart a contract is out of the hype. Fundamental math and basic programming course on the side, strengthening fundamental in world full of AI slop. Lastly learning how to hack AI itself, since the field is reinventing itself faster than I can write anything down. Somewhere across all of it, there’s a hobby, a goal, and a blog post once in a while.

Studied for, sweated through, hung on a quiet wall. Listed my credentials and research here just in case someone ask.

OSEDOffensive Security Exploit Developer

CREST CRTCREST Registered Penetration Tester

OSWEOffensive Security Web Expert

CRTPCertified Red Team Professional

OSCPOffensive Security Certified Professional

CAISPCertified AI Security Professional

ARTEAmazon Red Team Expert

CAI/MLPenCertified AI / ML Penetration Tester

eCCPTeLearn Certified Professional Penetration Tester

eMAPTeLearn Mobile Application Penetration Tester

eWPTeLearn Web Application Penetration Tester

A few CVEs along the way, contributing to open source projects not as much as they contribute to society.

CVE-2025-45146 Insecure Deserialization in CodefuseAI ModelCache through 0.2.0
CVE-2024-57783 Remote Code Execution (RCE) in Dot LLM Electron Desktop through 0.9.3
CVE-2024-56082 Improper Neutralization of HTML Tags in Lumos LLM Chrome Plugin before 1.0.17
CVE-2024-39143 Authenticated Stored XSS in ResidenceCMS through 2.10.1