Skip to content
View thewindghost's full-sized avatar
🎯
Focusing
🎯
Focusing
4 followers · 2 following
  • Ho Chi Minh City
  • 07:38 (UTC +07:00)

Block or report thewindghost

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 250 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
thewindghost/readme.md

TheWindGhost

Field of Expertise

Security Researcher: I research novel vulnerabilities (including zero-days), perform web and mobile application penetration tests, and assess IoT products. I specialize in finding logic and implementation-based vulnerability variants and producing clear, actionable reports.

Personal Information

  • Full Name: Truong Nguyen Long
  • Nickname: TheWindGhost
  • Nationality: Vietnamese
  • Age: 18+
  • Role: Security Researcher / Penetration Tester
  • Interests: Web Application Security, Bug Bounty Hunting

CVEs Table

CVE-ID Affected Products Description Issued by Link
CVE-2025-23001 CTFd Host Header Injection - Reset Password Poisoning MITRE POC
CVE-2025-29419 Waiting for Published Man-in-the-Middle Attack (MITM) MITRE Private
Waiting for CVE ID Waiting for Published SSL Downgrade - HTTP Waiting for Published Private
CVE-2025-10295 Waiting for Published XSS Stored - Forced File Download Wordfence Private
Waiting for CVE ID Waiting for Published Unauthenticated Access CERT/CC + CISA Expected Date Public: 2025-10-20
Waiting for CVE ID Waiting for Published Unauthenticated Access CERT/CC + CISA Expected Date Public: 2025-10-20
Waiting for CVE ID Waiting for Published Insecure Broadcast Receiver Waiting for Published Private

Tools & Technologies

Field Tools & Techniques
Operating Systems Kali Linux Parrot OS
Burp Suite & Extensions Burp Suite Autorize Param Miner HTTP Request Smuggler GAP UPnP Hunter JWT Editor
Web Pentesting SQLmap Nmap ffuf dirsearch gobuster subfinder nuclei katana Nikto WPScan
Mobile Pentesting ADB Drozer Frida Jadx-GUI APKTool
Network Analysis & Exploitation Wireshark Bettercap Aircrack-ng Wifite
Password & Crypto Tools Hydra John the Ripper Hashcat
Databases PostgreSQL SQLite MySQL MariaDB
Others Visual Studio Code Sublime Text Docker Docker Compose

Awards

Certifications

CTFs Participated

  • HTB Apocalypse 2024 Hacker Royale

  • Fetch The Flag CTF 2025

  • HTB Apocalypse 2025 Tales From Eldoria

  • Interlogica CTF 2024 (Black Box)

  • Hack The Boo 2024

    • Ranking: 533 / 6,349 Total Teams
    • Challenges solved: Web, Forensics, Programming
    • Link / Proof: Hack The Boo 2024

  • Apoorv CTF 2025

    • Ranking: 90 / (unknown) Total Teams
    • Challenges solved: Web, Forensics
    • Link / Proof: Apoorv CTF 2025

  • Advent of Cyber 2024

    • Ranking: (unknown)
    • Challenges solved: Web, Forensics, Pwn, Network
    • Link / Proof: Advent of Cyber 2024

Connect

LinkedIn Website

Pinned Loading

  1. Bug-Bounty-Web Bug-Bounty-Web Public

    Bug-Bounty-Web

    Python 1

  2. Blog-Cyber-Security Blog-Cyber-Security Public

    Open Source Web Blog Cyber Security

    JavaScript 3 1

  3. re-hawk re-hawk Public

    scanning tools

    Python 4 1

  4. web-vulnerability web-vulnerability Public

    Vulnerability Web

    HTML 2