Security Researcher: I research novel vulnerabilities (including zero-days), perform web and mobile application penetration tests, and assess IoT products. I specialize in finding logic and implementation-based vulnerability variants.
- Full Name: Truong Nguyen Long
- Nickname: TheWindGhost
- Nationality: Vietnamese
- Age: 18+
- Role: Security Researcher / Penetration Tester
- Interests: Web Application Security, Bug Bounty Hunting
-
Rank #79 Recognized Bug Bounty Hunter - PayPal HackerOne Thanks List (2025)
- Issuer: Hackerone Platform - PayPal Program
- Year: 2025
- Verification: Paypal - Thanks
-
Rank #1 Bug Bounty Hunter – Trip Security Response Center (Feb 2025)
- Issuer: Trip Security Response Center
- Year: 2025
- Verification: Award Trip Com
-
Rank #6 Finalist In CSAW'2024 Red Team Competition
- Issuer: Grenoble INP - UGA | CSAW Europe - Cyber Security Awareness Week Europe - Grenoble INP - ESISAR
- Year: 2024
- Verification: A look back at CSAW'24: Red Team Competition
| CVE ID | Affected Products | Vulnerability | Issued by | Link |
|---|---|---|---|---|
| CVE-2025-23001 | CTFd 3.7.5 | Host Header Injection - Reset Password Poisoning | MITRE | POC |
| CVE-2025-29419 | Waiting for Published | Man-in-the-Middle Attack (MITM) | MITRE | Private |
| Waiting for CVE | Waiting for Published | SSL Downgrade - HTTP | Waiting for Published | Private |
| CVE-2025-10295 | Angel Theme ≤ 3.2.3 | XSS Stored - Forced File Download | Wordfence | Report |
| CVE-2025-62674 | iCam365 | Missing Authentication for Critical Function | CERT/CC and CISA ICS | Report |
| CVE-2025-64770 | iCam365 | Missing Authentication for Critical Function | CERT/CC and CISA ICS | Report |
| Waiting for CVE | Waiting for Published | Denial of Service - Crash Service | CERT/CC and CISA ICS | Private |
| Waiting for CVE | Waiting for Published | Heap Overflow - Device Bricking | CERT/CC and CISA ICS | Private |
| Waiting for CVE | Waiting for Published | Insecure Broadcast Receiver | Waiting for Published | Private |
| Field | Tools & Techniques |
|---|---|
| Operating Systems |   |
| Burp Suite & Extensions |        |
| Web Pentesting |           |
| Mobile Pentesting |      |
| Network Analysis & Exploitation |     |
| Password & Crypto Tools |    |
| Databases |     |
| Others |     |
-
Web Penetration Testing
- Issuer: Cyber Jutsu Academy
- Year: 2025
- Verification: Web Penetration Testing
-
Certified Associate Penetration Tester (CAPT)
- Issuer: Hackviser
- Year: 2025
- Verification: Certified Associate Penetration Tester (CAPT)
-
Python Developer
- Issuer: SoloLearn
- Year: 2025
- Verification: Python Developer
-
Cybersecurity Foundations
- Issuer: LinkedIn Learning
- Year: 2024
- Verification: Cybersecurity Foundations
-
HTB Apocalypse 2024 Hacker Royale
- Ranking: 485 / 12,000 Total Players
- Challenges solved: Web, Forensics, Reverse, Pwn
- Link / Proof: HTB Apocalypse 2024 — Hacker Royale
-
Fetch The Flag CTF 2025
- Ranking: 37 / 1,213 Total Teams
- Challenges solved: Web, Forensics, Misc
- Link / Proof: Fetch The Flag CTF 2025
-
HTB Apocalypse 2025 Tales From Eldoria
- Ranking: 170 / 8,130 Total Teams
- Challenges solved: Web, AI, Forensics
- Link / Proof: HTB Apocalypse 2025 — Tales From Eldoria
-
Interlogica CTF 2024 (Black Box)
- Ranking: 14 / (unknown) Total Teams
- Challenges solved: Web
- Link / Proof: Interlogica CTF 2024 (Black Box)
-
Hack The Boo 2024
- Ranking: 533 / 6,349 Total Teams
- Challenges solved: Web, Forensics, Programming
- Link / Proof: Hack The Boo 2024
-
Apoorv CTF 2025
- Ranking: 90 / (unknown) Total Teams
- Challenges solved: Web, Forensics
- Link / Proof: Apoorv CTF 2025
-
Advent of Cyber 2024
- Ranking: (unknown)
- Challenges solved: Web, Forensics, Pwn, Network
- Link / Proof: Advent of Cyber 2024