Brian Mata

Motivated junior developer with a strong educational and practical background in development. Utilizes technical and programming knowledge to build and enhance successful applications across multiple languages.

• Contributed to the development of the built-in web-based configuration for GP2040-CE, an open-source firmware for gamepads and custom controllers.
• Submitted a successful pull request to improve the usability and functionality of the web interface, enabling users to configure gamepad settings directly through a browser.
• Collaborated with other developers to refine user experience and ensure efficient handling of real-time configuration changes.
• Worked with technologies such as HTML, JavaScript, and CSS to optimize the front-end interface and ensure cross-browser compatibility.

• Identified and reported security vulnerabilities in Dunkin's Summer Instant Win game by automating the testing and validation of game mechanics and server responses.
• Utilized custom automation scripts to detect weaknesses in the game’s backend, exposing potential exploits related to prize distribution and game logic.
• Demonstrated ethical hacking principles by documenting the vulnerabilities and reporting them to the relevant company, ensuring responsible disclosure.
• Employed custom Python scripts, and Go scripts to simulate user behavior and analyze server responses in real-time.
• Provided recommendations for securing the game’s systems, protecting user data, and preventing exploitation of game mechanics.

• Discovered security vulnerabilities in Dick's Sporting Goods reward points reclaim system, allowing unauthorized access to guest order information.
• Identified that the system’s response contained excessive data, which exposed sensitive guest order details, potentially enabling the exploitation of other users’ orders.
• Utilized tools such as Postman and custom automation scripts to analyze request-response patterns and demonstrate the security flaw.
• Reported findings to the appropriate parties, ensuring responsible disclosure of the vulnerability and recommending security enhancements to prevent unauthorized access.
• Suggested improvements in the handling of guest order data, including limiting the information exposed in API responses and strengthening authentication mechanisms.

• Identified a vulnerability in Albertsons' reward points system, where repeated requests (spamming) could exploit the system to earn unauthorized reward points.
• Used automation tools and custom scripts to send multiple rapid requests, demonstrating how the flaw could be used to accumulate more points than the system intended.
• Performed analysis on the API responses, identifying weak rate-limiting controls and insufficient validation of reward point transactions.
• Responsible for documenting and reporting the vulnerability to Albertsons, ensuring ethical disclosure to prevent malicious exploitation.
• Provided recommendations to improve security, including implementing rate-limiting and stricter request validation to protect against reward point abuse.

• Discovered a vulnerability in Abercrombie & Fitch's reward system that allowed brute-forcing of guest order numbers, leading to unauthorized reclamation of reward points.
• Demonstrated how systematically generating and submitting order numbers could be exploited to claim extra points without legitimate purchases.
• Used tools like Postman and custom automation scripts to automate brute-force attempts, revealing weaknesses in the system's verification process.
• Documented and responsibly reported the vulnerability, recommending improvements in authentication and order number validation to prevent unauthorized access.
• Provided suggestions for security enhancements, including rate-limiting, CAPTCHA, and stronger order number entropy to safeguard the reward points system.

• Designed and built custom game controllers using Fusion 360 for 3D modeling and KiCad for PCB design, integrating with GP2040-CE firmware for advanced functionality.
• 3D printed controller housings using Bambu Lab 3D printers and resin printers, ensuring high-quality, durable, and ergonomic designs.
• Cut and crimped custom wiring to connect internal components, ensuring precise and reliable electrical connections.
• Developed PCB layouts to accommodate custom hardware, optimizing for performance, assembly, and integration with 3D-printed enclosures.
• Programmed and configured controllers using the open-source GP2040-CE firmware, enabling advanced input customization and functionality.
• Collaborated with the open-source community to refine the GP2040-CE software, ensuring seamless integration with custom hardware.