A story when Allah willed me to tried to optimize my findings in the Points-Only program to be able to get 6 paid P1 issues in the bounty program. — بسم الله الرحمن الرحيم Mirroring from: http://www.firstsight.me/2020/11/optimizing-hunting-results-in-vdp-for-use-in-bug-bounty-programs---from-sensitive-information-disclosure-to-accessing-hidden-apis-which-can-be-used-to-retrieve-customer-data/ As usual, I will try to release this write-up with two different approaches, which are:

A story about how I Finally could use an AD account that unenrolled to MFA, by using an EWS Misconfiguration to Access Email Inbox and (Having the Ability) to Dump the Global Address List. — بسم الله الرحمن الرحيم Mirroring from: http://www.firstsight.me/2020/06/from-recon-to-bypassing-mfa-implementation-in-owa-by-using-ews-misconfiguration/ Note: I want to thank (again) Th3g3nt3lman for his talks about Github Recon and Sensitive Data Exposure. I use it as a way to find the AD credentials.

A story about how I got several simple bugs (1 P2, 1 P3, and 2 P4s) on a target (that just allow Specific Country Code to Register) by using Premium Phone Number. — بسم الله الرحمن الرحيم Mirroring from: http://www.firstsight.me/2020/06/from-399-to-1650-usd-part-i-simple-vertical-privilege-escalation-by-changing-http-response/ As usual, I will try to release this article with two different approaches, which are:

How I Finally could Got into an Internal Network (and could accessing all of their internal assets) by Using Various Vulnerabilities. — بسم الله الرحمن الرحيم Mirroring from: http://www.firstsight.me/2020/02/from-recon-to-optimizing-rce-results-simple-story-with-one-of-the-biggest-ict-company-in-the-world/ Here is a little story about how I finally could got into an internal network (and could accessing all of their internal assets) at one of the biggest ICT company in the world by using various vulnerabilities (from sensitive data exposure, miss-configuration, until…

CVE-2019–18653 & CVE-2019–18654: The story when Reflected XSS was triggered from the SSID Name (It also affected AVG AntiVirus because basically the product codes were mostly “merged”). — بسم الله الرحمن الرحيم So, this article will be explained in two ways, which are the one that tells how I got it and the one that tries to explain the basic and reference. Readers could also read the TL;DR section directly.

The story of when you download a file that looks “legitimate”, but changes when you run the file. — بسم الله الرحمن الرحيم Update I (Jan 21st, 2020): Opera has replied the email and acknowledged the reported issue. On that occasion, Opera also apologized for the delay in their response. Update II (Feb 27th, 2020): Opera notifies if Opera Mini 47 has been released and is being rolled out…

بسم الله الرحمن الرحيم (This is a 2017 article that has been released at my personal blog). I. ABSTRACT We can’t deny if one of the biggest dream for everyone that has so many contents at their site is to be indexed at top search engine in the world. In reality, we…

بسم الله الرحمن الرحيم - Part I from (hopefully) IV Parts - Update I: Added a “Reference” Section. Update II: “We” at this series of article will refer to Faisal Yudo Hernawan, Tomi, and Me. Update III: The way to exploiting the “upload.php” function has been released at Tomi’s write-up…

بسم الله الرحمن الرحيم Laporan merupakan suatu hal yang terbilang penting ketika seorang penguji hendak menyampaikan suatu kerentanan baik ketika berpartisipasi di dalam suatu program bug hunting maupun di tingkat pekerjaan yang lebih formal seperti Penetration Test dan semacamnya. Informasi mengenai fungsi dari suatu fitur berikut dengan letak permasalahan (kerentanan)…