YoKo KhoinHakTrak Cybersecurity SquadElectron-Based App Security Testing Fundamentals Part 3 (2nd Section)— Extract & Analyze .asarInformation Disclosure of Hardcoded Keys and Encryption Algorithm (in AesFormula.js File) Resulting in Compromised the Real CredentialsMay 1May 1
YoKo KhoinHakTrak Cybersecurity SquadElectron-Based App Security Testing Fundamentals Part 3 (1st Section)- Extract & Analyze .asarCommon Method for Extracting and Analyzing .asar FilesApr 30Apr 30
YoKo KhoinHakTrak Cybersecurity SquadElectron-Based App Security Testing Fundamentals Part 2— Installing and Detecting Electron-Based…Ways to Detect Electron-Based Applications both Manually and AutomaticallyApr 24Apr 24
YoKo KhoinHakTrak Cybersecurity SquadElectron-Based App Security Testing Fundamentals Part 1 — Introduction to Electron FrameworkA Brief Overview of Electron Framework and Building a Simple ApplicationMar 17Mar 17
YoKo KhoinHakTrak Cybersecurity SquadFrom Accessing Restricted URL Found in .js File, to Vertical Privilege EscalationAlhamdulillah, we achieved super admin access through a Chain of VulnerabilityMar 131Mar 131
YoKo KhoinInfoSec Write-upsThe Unexpected “0” Master ID for Account Data ManipulationA simple story when Allah allowed me to successfully achieve P1 through a broken access control issue using an unexpected master ID of “0”.Jun 21, 20232Jun 21, 20232
YoKo KhoinInfoSec Write-upsFrom Recon via Censys and DNSdumpster, to Getting P1 by Login Using Weak Password — “password”A simple story when Allah allowed me to get P1 by combining several issues, one of which was related to “weak credentials”.Mar 14, 20225Mar 14, 20225
YoKo KhoinInfoSec Write-upsOptimizing Hunting Results in VDP for use in Bug Bounty Programs — From Sensitive Information…A story when Allah willed me to tried to optimize my findings in the Points-Only program to be able to get 6 paid P1 issues in the bounty…Nov 14, 20201Nov 14, 20201
YoKo KhoinInfoSec Write-upsFrom Recon to Bypassing MFA Implementation in OWA by Using EWS MisconfigurationA story about how I Finally could use an AD account that unenrolled to MFA, by using an EWS Misconfiguration to Access Email Inbox and…Jun 23, 20201Jun 23, 20201
YoKo KhoinInfoSec Write-upsFrom 3,99 to 1,650 USD (Part I) — Simple Vertical Privilege Escalation by Changing HTTP ResponseA story about how I got several simple bugs (1 P2, 1 P3, and 2 P4s) on a target (that just allow Specific Country Code to Register) by…Jun 6, 20201Jun 6, 20201