Who I Am
'hahwul' is a new word made by remixing my name, and that's me. Call me hɑːhul, but you can call me haʊl.
You can also find me on 𝕏, on Github, and on Instagram.
Offensive security engineer
Online, I’m known as a bug bounty hunter and open-source developer, but in real life, I’m a specialist in Offensive Security Engineering (Red Team) and Application Security (AppSec) roles.
I’m a Red Team expert who loves penetrating systems, analyzing vulnerabilities, and designing secure architectures. I also get to build and develop security-related systems like DAST(Dynamic Application Security Testing) and ASM(Attack Surface Management), which keeps me super involved in DevSecOps.
Developer and Software engineer
As mentioned before, I am a security engineer and a developer. I majored in Software Engineering in university, and since I currently work as a security engineer designing and developing various systems, services, and applications, one could also view me as a software engineer.
I primarily develop web or command-line applications, but I also create graphical user interfaces, libraries, and modules. Additionally, I’m passionate about continuous integration and continuous delivery (CICD), so I enjoy learning and using various systems such as Jenkins, Docker, Kamal, and Kubernetes. While this is a development perspective, it’s also a continuous learning process from the security engineer’s point of view.
Personally, I enjoy both creating and breaking things, which is why I love both my primary role on the Red Team and my development work.
Open-Source Projects
I’m love open-source and enjoy coding in Ruby, Crystal, and Golang. My primary focus is on developing tools for Offensive Security. Additionally, I find joy in contributing to well-known open-source projects.
I’ve developed tools like Dalfox and OWASP Noir, and I take great satisfaction in contributing to ZAP and other bug bounty tools.
If you’re curious about my work, please check out my Github!
Blogging
I’ve been known as “hahwul” since 2016, but my journey into blogging about security and development started back in 2010, during my student days. Since then, my blog has been a significant record of my journey.
Have you ever looked back at your old writings with a mix of nostalgia and embarrassment? I have. Over a decade, my feelings towards my posts have been a blend of attachment and dissatisfaction.
After much contemplation, in September 2024, I embarked on a significant overhaul of my website. This change went beyond mere aesthetics or functionality improvements; it was about refining the content and organizing my old posts.
While there’s a sense of loss, I believe that, as ‘The end is where we start from,’ clearing out is necessary to make room for what’s next. What lies ahead? I’m not sure which path I’ll take, but I hope you’ll watch with anticipation as I find my way.
Logo
The meaning of my real name is ‘bright flame,’ so my logo incorporates a flame. 🔥