About
I reverse-engineer APIs that don't have docs.
If there's no SDK, no docs, and no official way in — I figure it out anyway. Intercept the traffic, map the endpoints, build the integration that lasts.
Started in corporate IT security, now independent — building automation, integrations, and developer tools for clients who need things connected, scraped, scheduled, or scaled.
I spent three years as an IT Security Engineer at a Jakarta-based tech company. The job covered the full spectrum — pentesting, code review, infrastructure and network security, vulnerability research. It taught me how production systems are supposed to work, and more importantly, how they fail. That intuition is what I now use to build automation that doesn't break in weird ways.
Outside of work I did independent security research and was recognized as a Google Bug Hunter for verified vulnerability findings, with additional reports accepted by e-commerce, hosting, and DeFi platforms. The methodology still informs how I build today.
In 2023 I left to go independent. I went deep into crypto/web3 — building tools to automate everything: managing hundreds of wallet addresses, automating on-chain transactions across protocols, running full end-to-end Farcaster account automation, NFT trading bots, and multi-chain airdrop workflows. All custom-built, no off-the-shelf solutions.
That's where the bulk of my actual reverse-engineering chops came from. You learn fast when there's no fallback to "just call support."
These days I'm mostly building automation and developer tools — for indie founders, small teams, and anyone who needs integrations or workflows shipped without agency overhead. What I can help with:
- API reverse engineering & integration (no SDK needed)
- automation, scraping & scheduled workflows
- internal tools & developer dashboards
- web development (Next.js, React, Tailwind)
- security review for web & API endpoints
Open to remote contracts & long-term work · global, async-first
lang: node, python, typescript, +adapt web: next.js, react, tailwind tools: burp, mitmproxy, curl, +oss security: web, api, infra approach: direct API, no low-code mode: remote · UTC+7
ekofyi.com — AI content platform
- problem ·
- Running a personal brand with consistent blog + social media presence is time-consuming.
- approach ·
- Built a full AI pipeline: auto-generates blog posts from trending sources, quality-checks, schedules, and publishes to X, Threads, and LinkedIn with platform-optimized captions.
- outcome ·
- Fully autonomous content engine — zero manual posting across 3 platforms.
Web3 automation suite
- problem ·
- Hundreds of wallets, multi-chain tasks, social accounts — all manual.
- approach ·
- Custom tooling for on-chain txs, Farcaster bots, NFT trading, airdrop workflows.
- outcome ·
- Full automation across 30+ protocols. No off-the-shelf tools used.
Chat auto-forwarder
- problem ·
- Important messages in private channels, no way to aggregate or forward them.
- approach ·
- Built a bot that monitors private channels and auto-forwards to designated targets.
- outcome ·
- Running 24/7. Never miss a message again.
Farcaster AI bot
- problem ·
- Maintaining social presence across accounts manually is unsustainable.
- approach ·
- AI-generated posts & replies on randomized schedules to avoid detection patterns.
- outcome ·
- Fully autonomous posting — human-like cadence, zero manual effort.
Security background
- scope ·
- Web & API security testing — done as part of full-time role and occasional independent research.
- targets ·
- Verified findings across e-commerce, hosting, and DeFi platforms — including recognition in Google's Bug Hunters program.
- today ·
- Security work today is supplementary to my main automation practice — I review what I build, but I don't lead with it.
Best way to reach me is email. I read everything, I reply within 1–3 days. Tell me what you're building and I'll let you know if it's something I can help with.
I collaborate remotely with global teams — async-first, UTC+7.