October 30, 2016

Orami Insecure Cookie Flagging

Timeline October 9, 2016: A report is made to Orami regarding the vulnerability on afternoon. Contacted a friend who worked there for the tech email, her superior told her to...

August 18, 2016

VulnHub Necromancer Writeup

This is my writeup for VulHub’s The Necromancer: 1 challenge. This challenge’s a lot of fun, really. There are eleven flags to retrieve, and each flag is a key to...

July 23, 2016

Safe Redirect Gem for Rails

I’ve been responding to vulnerability reports at my office since the last quarter of 2015. Open redirects are among the most common reported vulnerabilities for the first few months. Actually,...

June 15, 2016

Vulnerability on Plurk Android Apps

This article covers a vulnerability in Plurk’s session management, specifically on their Android apps. This vulnerability can be mitigated if we manually revoke the apps’ authorized sessions from the apps...

March 13, 2016

Social Media Login Vulnerability

This article covers things I missed during an implementation of social media login feature for a web application with Facebook and Google+. Both vulnerabilities are reported by a bounty hunter...