October 14, 2017

VulnHub LazySysAdmin Writeup

This is a writeup for VulnHub’s LazySysAdmin: 1 challenge. It’s almost a year since I did my last VulnHub challenge, HackDay: Albania. Host Discovery I started by scanning my network...

July 16, 2017

Banning Web-Based Services Wouldn't Work

Background Indonesian Ministry of Communication and Informatics, Kemenkominfo, decided to ban Telegram messaging service[1]. According to the circulating news, the Minister of Communication and Informatics (Menkominfo), Rudiantara, decided to ban...

June 23, 2017

Docker-Based Ansible Testing Environment

Background During my first weeks at Cermati after leaving Bukalapak, I had a chance to play a bit with the company’s deployment scripts. We’re using Ansible playbooks to automate a...

May 13, 2017

Why Reading Matters

Among my coworkers in Bukalapak, there’s this young security enthusiast who’s quite a fast learner. Yet, he seems to be struggling to keep up with what he expected out of...

April 29, 2017

Basic Auth: Authentication or Authorization?

What is Auth? The word “auth” in computer security context can refer to authentication and authorization. These two words’ meanings are sometimes confused with each other. The detailed explanation for...