April 02, 2017

Attending Black Hat Asia 2017

As in the previous years, this year’s Black Hat Asia event is held at Marina Bay Sands in Singapore. But unlike the previous years, this time I actually got the...

March 17, 2017

Indonesian Startup Cyber Crime 2016

Intro As the time of the writing, I’ve been a security engineer in Bukalapak for seven months. Before that, I was a software engineer and handled their application security stuff....

December 13, 2016

Tokopedia Persisted XSS Vulnerability

This is a documentation of a persisted XSS vulnerability in Tokopedia, an Indonesian e-commerce startup. Timeline December 12, 2016: A report is made to Tokopedia regarding the vulnerability in the...

November 26, 2016

VulnHub HackDay Albania Writeup

This is a writeup for VulnHub’s HackDay: Albania challenge. Host Discovery I started by checking around my network for the host’s IP address, and I found the host at 192.168.0.105....

November 04, 2016

One Year of a Bug Bounty Program

It’s been a year since Bukalapak, the company I’m working for, paid our first bounty reward to Roberto Urbanus. Roberto found multiple vulnerabilities on our site and reported it. We...