December 13, 2016

Tokopedia Persisted XSS Vulnerability

This is a documentation of a persisted XSS vulnerability in Tokopedia, an Indonesian e-commerce startup. Timeline December 12, 2016: A report is made to Tokopedia regarding the vulnerability in the...

November 26, 2016

VulnHub HackDay Albania Writeup

This is a writeup for VulnHub’s HackDay: Albania challenge. Host Discovery I started by checking around my network for the host’s IP address, and I found the host at 192.168.0.105....

November 04, 2016

One Year of a Bug Bounty Program

It’s been a year since Bukalapak, the company I’m working for, paid our first bounty reward to Roberto Urbanus. Roberto found multiple vulnerabilities on our site and reported it. We...

October 30, 2016

Orami Insecure Cookie Flagging

Timeline October 9, 2016: A report is made to Orami regarding the vulnerability on afternoon. Contacted a friend who worked there for the tech email, her superior told her to...

August 18, 2016

VulnHub Necromancer Writeup

This is my writeup for VulHub’s The Necromancer: 1 challenge. This challenge’s a lot of fun, really. There are eleven flags to retrieve, and each flag is a key to...