Senior Security Consultant · Vantage Point Security · Singapore

Azka Ainul Ma'arij

Offensive Security Engineer & Competitive CTF Player

GitHub LinkedIn Hack The Box lbyte.id
Competing as
R3KAPIG / SKSD / PETIR

For years, Azka has operated at the forefront of offensive cybersecurity, strengthening enterprise resilience across Asia-Pacific. As Senior Security Consultant at Vantage Point Security, he delivers high-impact assessments for leading financial institutions.

Beyond consulting, he contributes to the global security community as a part-time mobile challenge author for Hack The Box, designing production-grade challenges focused on Android attack surfaces and adversarial simulation.

On the competitive stage, he competes under the handle lawbyte — consistently placing among top-tier offensive security players internationally.

Specializations

Breaking systems
to protect them

Core Specializations
  • Web Application Pentesting
  • Mobile Pentesting (Android & iOS)
  • API Security
  • Red Teaming
  • SCADA / OT Security
  • ATM Pentesting
Technical Tools & Languages
  • Android RE / Frida
  • Burp Suite (Certified Practitioner)
  • Active Directory / BloodHound
  • Exploit Development
  • Python / Bash / C / C++
  • Binary Analysis / Ghidra
Work Experience

5 years at the
front line

03
Apr 2026 — Present
Senior Security Consultant
Vantage Point Security · Singapore
  • Primary technical lead on web, API, infrastructure, IoT, and mobile penetration testing
  • Main client point of contact, translating findings into executive-level remediation roadmaps
  • Lead and mentor the consulting team, develop new test cases aligned with the latest threats
Full-time
Mar 2021 — Mar 2026
Security Consultant
Vantage Point Security · Indonesia
  • Advanced offensive assessments across enterprise web, RESTful & GraphQL APIs, iOS and Android
  • End-to-end exploit development: jailbreak, kiosk escape, chained vulnerability exploitation
  • Binary reverse engineering, cryptographic analysis, custom red team tooling
Full-time
Ongoing
Mobile Challenge Author
Hack The Box
  • Design production-grade mobile challenges focused on Android attack surfaces
  • Cover reverse engineering, exploitation, and adversarial simulation
Part-time
Competition Achievements

Elite-tier,
globally.

Champion 🏆
1st
Standoff 16 · SPIEF Russia
r3kapig team · Live SCADA / industrial cyber battle
"Fastest attack execution" special award · 2026
Finalist 🏆
6th
Black Hat MEA 2025
Riyadh, Saudi Arabia · International finalist
Improved from 12th place in 2024 edition
Champion 🏆
1st
SATSIBER TNI 2025
Attack & Defense CTF · 1st place
HackTheCity · 2nd place · National defence competition
Runner-up 🥈
2nd
GEMASTIK KEMENDIKBUD 2025
National university cybersecurity competition
Ministry of Education, Indonesia
Champion 🏆
1st
Cyber Jawara International 2024
Indonesia's most prestigious hacking competition
Finalist 2023 · Champion 2024
Regional Champion 🏆
1st
HTB Business CTF 2024
13th / 943 companies globally
1st SE Asia · 3rd APAC · 47/58 challenges solved
International competition
Black Hat MEA
Year-on-year improvement
2024
Riyadh, Saudi Arabia · Team PETIR · International finalist
12thplace
2025
Riyadh, Saudi Arabia · Team PETIR · International finalist
6thplace
Annual CTF competition
NahamCon CTF
Consistent improvement
2022
1,665 teams competing globally
13thplace
2023
2,530 teams competing globally
10thplace
2024
3,829 teams competing globally
8thplace
1st
ITFEST 2025
1st place overall
1st
FINDIT! 2024
1st place · Indonesian university teams
1st
NETCOMP 2.0 CTF
1st place · Indonesian university teams
1st
BINUS CTF 2024
1st among all 2024 BINUS students
3rd
TCP1P CTF 2023
499 teams · 5th place in 2024
TechcomFest 2024
"Best Write-up" achievement award
Compfest 16
Finalist · All universities in Indonesia
HTB Pro Labs
Rastalabs + Dante · 80 CPE credits
HackTheBox Indonesia
Community organiser & speaker
Bug Bounty Disclosures
TikTok
IDOR — Private Video Likes
Unauthorized enumeration of who liked a private video. Severity: Medium
TikTok
IDOR — Private Account Repost
Repost data visible for private-account users. Severity: Low
Doku Payment
IDOR — Payment Data Access
Unauthorised access to payment records. Severity: Medium
Certifications

Validated at the
highest standard

12
01
OffSec Certified Professional+ (OSCP+)
OffSec · Perfect score · Feb 2025
View cert ↗
02
OffSec Certified Professional (OSCP)
OffSec · Dec 2021
View cert ↗
03
CREST Registered Penetration Tester (CRT)
CREST · Mar 2025 · ID 1973620492
View cert ↗
04
CREST Practitioner Security Analyst (CPSA)
CREST · Perfect score · Mar 2025
View cert ↗
05
Certified Android Penetration Tester (CAPT)
Mobile Hacking Lab · Jul 2025
View cert ↗
06
Burp Suite Certified Practitioner (BSCP)
PortSwigger · Nov 2024
View cert ↗
07
Certified eXpert Mobile Application Pentester (CXMAP)
TCP1P · Jan 2024 · Credential ID 5
View cert ↗
08
Certified Red Team Analyst (CRTA)
Credential.net verified
View cert ↗
09
Certified AppSec Practitioner (CAP)
SecOps Group · Dec 2023
View cert ↗
10
Certified Blockchain Practitioner (CBP)
SecOps Group · Dec 2023
View cert ↗
11
C3SA Premium Edition
CyberWarFare Labs · Premium Edition
View cert ↗
12
HTB Pro Labs — Rastalabs & Dante
Hack The Box · Nov–Dec 2024 · 80 CPE credits
Public Speaking

Sharing what
I've broken

08
01
Universitas Pelita Bangsa (UPB)
Database Security Strategy
Slides ↗
Speaker
02
SibertrendID — Cybersecurity education & training platform, Indonesia
Guide to Explore Offensive Cybersecurity
Slides: Vuln ↗ Slides: Report ↗ Slides: CS Fundamentals ↗
Speaker & Trainer
03
HackTheBox Indonesia Meetup — Community meetup, organised by me
HackTheBox Community Session
Meetup page ↗
Organiser & Speaker
04
BINUS University — IT Bootcamp Wisudawan 72, Cyber Security track
Web Application Security & DACL Abuse in Active Directory
Slides: Web AppSec ↗ Slides: DACL Abuse ↗
Speaker
05
Vantage Point Indonesia — Internal Show & Tell series
Mobile Analysis, Ransomware, RCE via Email & Supply Chain Attack
Mobile App Exam ↗ How Lockbit Attacks ↗ RCE via Email ↗ Supply Chain ↗
Speaker
06
Cyber Jawara 2023 — Indonesia's most prestigious hacking competition
Roasting Active Directory Server with Kerberoast
Slides ↗
Speaker
07
Infra Digital Foundation · U-Connect — Non-profit education organisation, Indonesia
Your Future Cyber Protector — Industry Talkshow
Slides ↗
Speaker
08
Merdeka Siber Academy — Cybersecurity education & training platform, Indonesia
Unlocking Mobile App Security — An Introduction to Pentesting
Slides ↗
Speaker & Trainer
Contact

Let's work
together.

Open to consulting engagements, red team collaborations, and speaking opportunities. Based in Singapore — serving clients across APAC.

Email
azka.maarij@pm.me
LinkedIn
linkedin.com/in/lawbyte
GitHub
github.com/lawbyte
Hack The Box
Profile #538189