TFSecurity

Malaysian security researchers. We focus on deep security research and offensive security across the world.

[ 01 ]

WHO WE ARE

We are an independent team of Malaysian security researchers. We focus on security research across the world.

TFSec is a dedicated collective of researchers. We test systems, find critical vulnerabilities, report them responsibly, and document our findings. We spend our time hunting on real-world targets and doing deep research into how complex systems actually break.

MY

Based in Malaysia

100%

Open Research

[ 02 ]

OUR WORK

SECURITY RESEARCH

We dig into how web applications and systems work under the hood. When we find something interesting or a new way things can break, we document it properly and share it here.

READ OUR RESEARCH

VULNERABILITY RESEARCH

We actively hunt for vulnerabilities across complex systems worldwide. When we find and report critical security flaws, we document the process and what we learned from it.

HACKERONE

[ 03 ]

THE TEAM

A collective of security researchers from Malaysia. We focus on deep security research across the world.

bau1u

// RESEARCHER

@bau1u

HACKERONE
e0x1337

// RESEARCHER

@e0x1337

HACKERONE
m411

// RESEARCHER

@m411

HACKERONE

[ 04 ]

RECORDS

Our recent standings and achievements on HackerOne leaderboards and private programs.

MALAYSIA LEADERBOARD

+

// Q2 2026 (APR - JUN)

VIEW LEADERBOARD ↗
#1bau1u
#2e0x1337
#6m411

// Q1 2026 (JAN - MAR)

VIEW LEADERBOARD ↗
#1bau1u
#3e0x1337

GLOBAL: SOURCE CODE

+

// Q2 2026 (APR - JUN)

VIEW LEADERBOARD ↗
#3bau1u
#10e0x1337

// Q1 2026 (JAN - MAR)

VIEW LEADERBOARD ↗
#1bau1u

ADOBE

+

// ALL TIME

VIEW PROGRAM ↗
#6bau1u

// 2026

#1bau1u
#10e0x1337
#29m411

// 2025

#9bau1u

STRIPE

+
#5e0x1337
#8bau1u

// ALL TIME

#14e0x1337
#38bau1u

[ 06 ]

FAQ

What is TFSec?

A team of Malaysian security researchers. We do security research, vulnerability analysis, and write about what we find. We are not a company, just a dedicated team.

How did you guys start?

We started as a group of friends interested in web security. Over time, we teamed up to focus on deep security research full-time.

What do you post on the blog?

Security research we have done, CVEs we found, and interesting vulnerabilities we reported. Basically anything we think is worth sharing.

Are you open to new members?

Not actively recruiting right now. But if you are into web security and have something to show, reach out. We keep it small on purpose.