I’m a 19-year-old CS student at TU Darmstadt with a strong focus on IT-Security.
Passionate about breaking & building, I dive into vulnerability research, exploit development and red/blue team tooling.
Between CVEs, custom tools, and CTFs, I love pushing the boundaries of what’s possible in cybersecurity.

• CVE-2024-29643 – Croogo v3.0.2
  Exploitable Host Header Injection via feed.rss component.
  → Allows malicious HTTP Host headers, which can lead to arbitrary PHP code execution and full compromise of the target system.
  → Demonstrates how CMS plugins/extensions can be leveraged as initial access vectors for attackers.

• CVE-2023-25136 – OpenSSH 9.1

  • Wrote a Python mass scanner + exploit script to detect & leverage the vuln.
  • Widely adopted in the community as a go-to exploitation framework.

• CVE-2024-25600 – WordPress Bricks Builder

  • Authenticated RCE affecting WordPress sites.
  • Created a Nuclei template (2 versions), quickly merged as the official ProjectDiscovery template.
  • Accelerated detection & remediation in Bug Bounty & pentest engagements.

• 🔥 Infiltrator

  • Infiltrator is a stealthy input surveillance tool written in Go.
  • Captures keystrokes, clipboard data, system info, and exfiltrates via a secure Telegram bot.

• 🔑 CipherBuster

  • A tool designed for breaking weak ciphers & cryptographic flaws.
  • Useful in CTFs & real pentest scenarios when facing custom/legacy encryption.

• 🛡️ RedTeamer

  • Offensive toolkit for adversary simulation.
  • Includes payload generators, privilege escalation helpers, and persistence techniques.

• 🔵 BlueTeamer

  • Companion project to RedTeamer, focusing on defensive analysis.
  • Log analysis, anomaly detection, and automated detection rule generation.

• 🏆 State of California (USA) → Found & exploited SQLi → RCE leading to full server compromise.
• 🏆 Bureau of Indian Affairs (BIA) → Reported multiple vulnerabilities impacting critical systems.
• 🏆 Mars Vulnerability Program → Found & exploited IDOR → Client Information Disclosure and Client Side Validation Bypass
• 🏆 RMIT UNiversity (AUSTRALIA)

Languages:
Python · C · Go · JavaScript · PHP · Bash · SQL

Technologies & Tools:
Linux · Docker · Nmap · BurpSuite · Metasploit · Kali Tools · Nuclei · Git · Ghidra

Domains:
Penetration Testing · Exploit Development · Cryptanalysis · Bug Bounty · Reverse Engineering · Web Security · CTFs

• 🐙 GitHub → christbowel
• 🎯 Bug Bounty → Bugcrowd Profile & Hackerone Profile
• 🧑‍💻 TryHackMe → chrisbowel
• 🏴 Root-Me → christbowel