YoKo Kho – Medium

YoKo Kho

YoKo Kho
in
HakTrak Cybersecurity Squad

Understanding Stealer Logs and Its Role in Security Testing — Part 1

A Thorough Exploration of Stealer Logs: What, How, and Case Study

Aug 30

Understanding Stealer Logs and Its Role in Security Testing — Part 1

Aug 30

YoKo Kho
in
HakTrak Cybersecurity Squad

Part 3:2 — Electron-Based App Security Testing Fundamentals — Case Study of Extract & Analyze .asar

Information Disclosure of Hardcoded Keys and Encryption Algorithm (in AesFormula.js File) Resulting in Compromised the Real Credentials

May 1

Part 3:2 — Electron-Based App Security Testing Fundamentals — Case Study of Extract & Analyze .asar

May 1

YoKo Kho
in
HakTrak Cybersecurity Squad

Part 3:1 — Electron-Based App Security Testing Fundamentals - Extract & Analyze .asar

Common Method for Extracting and Analyzing .asar Files

Apr 30

Part 3:1 — Electron-Based App Security Testing Fundamentals - Extract & Analyze .asar

Apr 30

YoKo Kho
in
HakTrak Cybersecurity Squad

Part 2 — Electron-Based App Security Testing Fundamentals — Installing and Detecting…

Ways to Detect Electron-Based Applications both Manually and Automatically

Apr 24

Part 2 — Electron-Based App Security Testing Fundamentals — Installing and Detecting…

Apr 24

YoKo Kho
in
HakTrak Cybersecurity Squad

Part 1 — Electron-Based App Security Testing Fundamentals — Introduction to Electron Framework

A Brief Overview of Electron Framework and Building a Simple Application

Mar 17

Part 1 — Electron-Based App Security Testing Fundamentals — Introduction to Electron Framework

Mar 17

YoKo Kho
in
HakTrak Cybersecurity Squad

From Accessing Restricted URL Found in .js File, to Vertical Privilege Escalation

Alhamdulillah, we achieved super admin access through a Chain of Vulnerability

Mar 13

From Accessing Restricted URL Found in .js File, to Vertical Privilege Escalation

Mar 13

YoKo Kho
in
InfoSec Write-ups

The Unexpected “0” Master ID for Account Data Manipulation

A simple story when Allah allowed me to successfully achieve P1 through a broken access control issue using an unexpected master ID of “0”.

Jun 21, 2023

The Unexpected “0” Master ID for Account Data Manipulation

Jun 21, 2023

YoKo Kho
in
InfoSec Write-ups

From Recon via Censys and DNSdumpster, to Getting P1 by Login Using Weak Password — “password”

A simple story when Allah allowed me to get P1 by combining several issues, one of which was related to “weak credentials”.

Mar 14, 2022

From Recon via Censys and DNSdumpster, to Getting P1 by Login Using Weak Password — “password”

Mar 14, 2022

YoKo Kho
in
InfoSec Write-ups

Optimizing Hunting Results in VDP for use in Bug Bounty Programs — From Sensitive Information…

A story when Allah willed me to tried to optimize my findings in the Points-Only program to be able to get 6 paid P1 issues in the bounty…

Nov 14, 2020

Optimizing Hunting Results in VDP for use in Bug Bounty Programs — From Sensitive Information…

Nov 14, 2020

YoKo Kho
in
InfoSec Write-ups

From Recon to Bypassing MFA Implementation in OWA by Using EWS Misconfiguration

A story about how I Finally could use an AD account that unenrolled to MFA, by using an EWS Misconfiguration to Access Email Inbox and…

Jun 23, 2020

From Recon to Bypassing MFA Implementation in OWA by Using EWS Misconfiguration

Jun 23, 2020

YoKo Kho

YoKo Kho

Independent | OSCP, CRTO, eWPTX, eCPTX | https://twitter.com/YoKoAcc | https://bugcrowd.com/YokoKho | https://leanpub.com/bughunting101 (Bahasa) Free!

Following

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams