ekofyi

About

I reverse-engineer APIs that don't have docs.

If there's no SDK, no docs, and no official way in — I figure it out anyway. Intercept the traffic, map the endpoints, build the integration that lasts.

Started in corporate IT security, now independent — building automation, integrations, and developer tools for clients who need things connected, scraped, scheduled, or scaled.

01/2020 — 2023
IT security engineer

I spent three years as an IT Security Engineer at a Jakarta-based tech company. The job covered the full spectrum — pentesting, code review, infrastructure and network security, vulnerability research. It taught me how production systems are supposed to work, and more importantly, how they fail. That intuition is what I now use to build automation that doesn't break in weird ways.

Outside of work I did independent security research and was recognized as a Google Bug Hunter for verified vulnerability findings, with additional reports accepted by e-commerce, hosting, and DeFi platforms. The methodology still informs how I build today.

02/2023 — present
independent

In 2023 I left to go independent. I went deep into crypto/web3 — building tools to automate everything: managing hundreds of wallet addresses, automating on-chain transactions across protocols, running full end-to-end Farcaster account automation, NFT trading bots, and multi-chain airdrop workflows. All custom-built, no off-the-shelf solutions.

That's where the bulk of my actual reverse-engineering chops came from. You learn fast when there's no fallback to "just call support."

03/Now
what I do

These days I'm mostly building automation and developer tools — for indie founders, small teams, and anyone who needs integrations or workflows shipped without agency overhead. What I can help with:

  • API reverse engineering & integration (no SDK needed)
  • automation, scraping & scheduled workflows
  • internal tools & developer dashboards
  • web development (Next.js, React, Tailwind)
  • security review for web & API endpoints

Open to remote contracts & long-term work · global, async-first

stack.yml
lang: node, python, typescript, +adapt
web: next.js, react, tailwind
tools: burp, mitmproxy, curl, +oss
security: web, api, infra
approach: direct API, no low-code
mode: remote · UTC+7
04/Selected work
anonymized

ekofyi.com — AI content platform

problem ·
Running a personal brand with consistent blog + social media presence is time-consuming.
approach ·
Built a full AI pipeline: auto-generates blog posts from trending sources, quality-checks, schedules, and publishes to X, Threads, and LinkedIn with platform-optimized captions.
outcome ·
Fully autonomous content engine — zero manual posting across 3 platforms.

Web3 automation suite

problem ·
Hundreds of wallets, multi-chain tasks, social accounts — all manual.
approach ·
Custom tooling for on-chain txs, Farcaster bots, NFT trading, airdrop workflows.
outcome ·
Full automation across 30+ protocols. No off-the-shelf tools used.

Chat auto-forwarder

problem ·
Important messages in private channels, no way to aggregate or forward them.
approach ·
Built a bot that monitors private channels and auto-forwards to designated targets.
outcome ·
Running 24/7. Never miss a message again.

Farcaster AI bot

problem ·
Maintaining social presence across accounts manually is unsustainable.
approach ·
AI-generated posts & replies on randomized schedules to avoid detection patterns.
outcome ·
Fully autonomous posting — human-like cadence, zero manual effort.

Security background

scope ·
Web & API security testing — done as part of full-time role and occasional independent research.
targets ·
Verified findings across e-commerce, hosting, and DeFi platforms — including recognition in Google's Bug Hunters program.
today ·
Security work today is supplementary to my main automation practice — I review what I build, but I don't lead with it.
05/Contact
let's talk

Best way to reach me is email. I read everything, I reply within 1–3 days. Tell me what you're building and I'll let you know if it's something I can help with.

I collaborate remotely with global teams — async-first, UTC+7.