March 17, 2017

Indonesian Startup Cyber Crime 2016

Intro As the time of the writing, I’ve been a security engineer in Bukalapak for seven months. Before that, I was a software engineer and handled their application security stuff....

December 13, 2016

Tokopedia Persisted XSS Vulnerability

This is a documentation of a persisted XSS vulnerability in Tokopedia, an Indonesian e-commerce startup. Timeline December 12, 2016: A report is made to Tokopedia regarding the vulnerability in the...

November 26, 2016

VulnHub HackDay Albania Writeup

This is a writeup for VulnHub’s HackDay: Albania challenge. Host Discovery I started by checking around my network for the host’s IP address, and I found the host at 192.168.0.105....

November 04, 2016

One Year of a Bug Bounty Program

It’s been a year since Bukalapak, the company I’m working for, paid our first bounty reward to Roberto Urbanus. Roberto found multiple vulnerabilities on our site and reported it. We...

October 30, 2016

Orami Insecure Cookie Flagging

Timeline October 9, 2016: A report is made to Orami regarding the vulnerability on afternoon. Contacted a friend who worked there for the tech email, her superior told her to...