November 26, 2016

VulnHub HackDay Albania Writeup

This is a writeup for VulnHub’s HackDay: Albania challenge. Host Discovery I started by checking around my network for the host’s IP address, and I found the host at 192.168.0.105....

November 04, 2016

One Year of a Bug Bounty Program

It’s been a year since Bukalapak, the company I’m working for, paid our first bounty reward to Roberto Urbanus. Roberto found multiple vulnerabilities on our site and reported it. We...

October 30, 2016

Orami Insecure Cookie Flagging

Timeline October 9, 2016: A report is made to Orami regarding the vulnerability on afternoon. Contacted a friend who worked there for the tech email, her superior told her to...

August 18, 2016

VulnHub Necromancer Writeup

This is my writeup for VulHub’s The Necromancer: 1 challenge. This challenge’s a lot of fun, really. There are eleven flags to retrieve, and each flag is a key to...

July 23, 2016

Safe Redirect Gem for Rails

I’ve been responding to vulnerability reports at my office since the last quarter of 2015. Open redirects are among the most common reported vulnerabilities for the first few months. Actually,...