● LIVE — Offensive Security
~/LnPx

Paulin

Security Analyst & aspiring Red Team specialist. Breaking things to make them stronger. One CVE at a time.

View CVE Research Get in Touch
Scroll
// 01 — About

Who I Am

LP

Paulin — LnPx

Security Analyst at YesWeHack with a relentless drive toward offensive security. I specialize in discovering critical vulnerabilities before the bad guys do — from IDORs that expose millions of accounts to subtle misconfigurations in enterprise infrastructure.

Based in 🇨🇦 Canada, I bring a bilingual (English / French) offensive mindset to every engagement. Currently deep in the HackTheBox CPTS path, sharpening my penetration testing craft with hands-on labs and real-world scenarios.

0
CVE Discovered
0
Users Impacted
2
Languages
// 02 — Skills

Technical Arsenal

Web Application Security

Deep expertise in identifying and exploiting web vulnerabilities across modern stacks.

OWASP Top 10 XSS SQLi CSRF SSRF IDOR

API Security Testing

REST, GraphQL, and WebSocket security assessment — uncovering logic flaws at scale.

REST APIs GraphQL JWT Attacks Rate Limiting

Network Penetration Testing

Internal and external network assessments, Active Directory enumeration and exploitation.

Active Directory Privilege Escalation Lateral Movement

Vulnerability Research

Zero-day hunting, patch diffing, and responsible disclosure through coordinated programs.

CVE Research Fuzzing Reverse Engineering

Red Team Operations

Adversary emulation, C2 infrastructure, phishing campaigns, and full-chain attacks.

C2 Frameworks Social Engineering Payload Dev

Tooling & Automation

Custom security tooling in Python to automate reconnaissance, exploitation, and reporting.

Burp Suite Pro Metasploit Nmap Wireshark Python
// 03 — Notable Research

Vulnerability Discovery

! CRITICAL FINDING
CVE-2026-47094
IDOR → Account Takeover
CWE-639 • Discovered via VulnCheck • Under Embargo
Impact: ~1,000,000 users potentially affected
Vulnerability Class
Insecure Direct Object Reference (IDOR)
CWE Classification
CWE-639 — Authorization Bypass
Exploitation Impact
Full Account Takeover
Discovery Platform
VulnCheck
Embargo active — Full technical details available September 16, 2026
// 04 — Experience

Professional Journey

July 2025 — Present
Security Analyst
YesWeHack
Triaging and validating vulnerability reports from the global bug bounty community. Collaborating with security researchers to reproduce, assess severity, and coordinate responsible disclosure. Gaining deep exposure to real-world attack patterns across diverse technology stacks.
2024 — June 2025
Independent Security Researcher
Bug Bounty & Vulnerability Research
Conducted independent vulnerability research across web applications and APIs. Discovered CVE-2026-47094 through VulnCheck — an IDOR leading to full account takeover impacting approximately one million users. Built custom Python tooling for automated reconnaissance and exploitation.
// 05 — Education & Certifications

Continuous Learning

In Progress

HackTheBox CPTS

Certified Penetration Testing Specialist — hands-on offensive security certification

Planned

OSCP

Offensive Security Certified Professional — the gold standard in pentesting

Planned

OSEP

Offensive Security Experienced Penetration Tester — advanced evasion and red teaming

// 06 — Contact

Let’s Connect

Get In Touch

Interested in collaboration, a security engagement, or just want to talk offensive security? I’m always open to connecting with fellow researchers and security professionals.

lnpx111@gmail.com
Canada
Languages: English, French (bilingual)
Security Analyst @ YesWeHack