Building ThunderLudo · Open for backend & infra work

I keep multiplayer game servers online at 3 a.m.

Full-stack developer specializing in the backend and realtime layer of multiplayer platforms — matchmaking logic, WebSocket sync, and the infrastructure that keeps thousands of concurrent players connected without a dropped frame.

signal — status
Latency
Connections
Uptime
What I run

The layer between a player's tap and the game state.

REALTIME

WebSocket & room sync

Socket.io and raw WS services handling matchmaking, turn state, and reconnection for board and card games where a missed frame means a disputed move.

BACKEND

Node.js APIs & game logic

Express and Fastify services for wallets, session state, and server-authoritative game rules — the parts that can't be trusted to the client.

INFRASTRUCTURE

Linux, nginx & TLS

Reverse proxies, process managers, and certificate lifecycles for fleets of domains — including making sure renewal actually runs, not just exists.

PLATFORM

Multi-tenant deployments

One codebase, many branded frontends — shared game engine, isolated configs, and the routing that keeps a dozen properties from stepping on each other.

Projects

What I've shipped.

PLATFORM API
apiv2.trthunder.com

A shared backend platform powering multiple Ludo-style frontends — including ThunderLudo — from one API surface: game state, matchmaking, and session logic exposed over a common backend instead of rebuilt per app.

apiv2.trthunder.com ↗
REALTIME
Live chat, as a service

A WebSocket-based live chat system built once and exposed over an API, so any platform I run can drop in real-time chat and presence without rebuilding it from scratch.

Security research

Also known as DEV_THUNDER.

◆ APK analysis & bug bounty

Outside of platform work, I do mobile app reverse engineering and vulnerability research — pulling apart APKs, inspecting client-server protocols, and reporting what I find through proper disclosure channels rather than sitting on it.

Frida is my main tool for this: runtime instrumentation, method hooking, and bypassing client-side checks to see how an app actually behaves under the hood, for security testing and research on apps I'm authorized to assess.

Taking on APK reverse engineering and mobile app security engagements — static and dynamic analysis, protocol reversing, Frida-based instrumentation. Reach out on Telegram or email.

case_log — disclosure_2022.md
RESPONSIBLE DISCLOSURE — 2022

Nagad MFS — JWT validation issue

Found a JWT validation weakness in Nagad's mobile financial services platform during independent research. Reported it directly to their team instead of exploiting it further.

Nagad rewarded the disclosure and patched the issue.

Resolved & acknowledged by vendor
Toolchain

services.yaml

~/trthunder/services.yaml
realtime:socket.io, ws, redis pub/sub
backend:node.js, express, postgres, redis, prisma
infra:nginx, certbot, systemd, pm2, ufw
frontend:react, vue, canvas/webgl for game boards
ops:docker, github actions, grafana
security:frida, jadx, apktool, burp suite
Changelog

Where the experience came from.

v4.02024 — present

Lead Backend Developer, Realtime Platforms

Building and running ThunderLudo along with the backend and infra layer behind it — WebSocket services, the apiv2 platform, nginx fleet, TLS lifecycle, and the deploy pipeline that pushes changes without dropping live rooms.

v3.02022 — 2024

Backend Engineer, Multiplayer Infrastructure

Built matchmaking and room-state services handling tens of thousands of concurrent connections; moved a monolith to a socket-service-per-game-type architecture behind a shared gateway.

v2.02020 — 2022

Full-Stack Developer

Shipped end-to-end features across React frontends and Node APIs for consumer web products; first production exposure to WebSockets and horizontal scaling under real traffic.

v1.02019 — 2020

Junior Developer

Started on internal tools and CRUD APIs — learned the value of a boring, well-monitored deploy over a clever one.