Fredmark Ivan "Kur0sh1ro" Dizon

2nd Year BSIT Student | A1SBERG Member | CTF Player | Security Researcher | Bug Bounty Hunter

Explore My Work

Skills

Programming Languages

  • Python
  • C
  • Ruby

Technical Skills

  • Ethical Hacking
  • Malware Development
  • Web Development (Not really proficient though)

Others

  • Fluent in English and Filipino
  • Semi-Fluent in Japanese (Can hold everyday conversations, read Hiragana/Katakana, and understand basic grammar.)

Certifications & Achievements

Certifications

  • Soon.....

Achievements

  • Secured 2nd place in a Java Programming Competition at ACLC Skills Camp.
  • Secured 120th place in HTB's University CTF. Solved 31/49 Challenges.
  • Ranked #1 in the Philippines on TryHackMe for the month.
  • Ranked #112 in the Philippines on TryHackMe of all time.

Projects

Seclume

Seclume is a robust, command-line file archiving tool designed for secure archiving, encryption, and compression of files and directories.

View Project

DarkJester

DarkJester is an advanced ransomware developed in Python, offering a wide range of capabilities that set it apart from typical ransomware.

View Project

Asuka

The Asuka Phishing Framework is a Python-based tool designed for educational and authorized security testing purposes. It allows users to clone a target website, host it on a local phishing server, and capture credentials, session data, and user interactions.

View Project

Kiroku

Kiroku Keylogger is a sophisticated tool designed for capturing and monitoring user activities on a target system. It collects information and transmits it to a remote server at regular intervals.

View Project

Sokushi

Sokushi Spyware, developed by A1SBERG, is a potent surveillance tool that establishes a remote connection between the victim's system and the attacker's server.

View Project
View More

Write-Ups

C Isn’t Dead — Here’s How I Outsmarted Windows Defender in 2025

Instead of using noisy techniques or repurposing known payloads, I decided to craft a fully custom native Windows payload — written entirely in C, compiled to a clean and minimal binary, and containing zero typical IOCs (Indicators of Compromise).

Read Write-Up

Exploiting the Shadows: How I Uncovered a Command Injection via OOB and Bagged $800

I will share with you how I discovered a Command Injection via OOB! This wasn’t just any find — it was a vulnerability that allowed me to execute system commands remotely, proving just how critical this issue was.

Read Write-Up

How I found a Reflected XSS Vulnerability in NoBullProject

I’ll demonstrate how I discovered a reflected XSS vulnerability on the NoBullProject website. For those unfamiliar, NOBULL is a prominent brand specializing in athletic footwear, apparel, and accessories. Established in 2015 by Marcus Wilson and Michael Schaeffer in Boston, Massachusetts, the brand has gained a strong reputation for its minimalist design and dedication to creating durable, functional products.

Read Write-Up

TryHackMe M4tr1x: Exit Denied Boot2Root—Writeup

I'll walk you through how I tackled the M4tr1x: Exit Denied challenge on TryHackMe. This particular room was a serious test of endurance — it took quite a bit of time and really pushed my patience to the limit. It wasn’t just about technical skill; it required careful observation, trial-and-error, and a lot of persistence.

Read Write-Up

HackTheBox Business CTF: Vault Of Hope—OmniWatch CTF Writeup

I’ll walk you through how I solved OmniWatch, a Web Exploitation challenge from the HackTheBox Business CTF: Vault of Hope. This wasn’t your typical web challenge, it was marked as hard, and it definitely lived up to the rating. From bypasses to digging deep into how the web app functioned, this box threw several curveballs that required a mix of creativity, persistence, and solid understanding of web internals.

Read Write-Up
Read More

Contact

Email: fredmarkivand@gmail.com

GitHub: github.com/kUrOSH1R0oo

LinkedIn: Not yet