YoKo Kho – Medium

YoKo Kho

Published in
HakTrak Cybersecurity Squad

Exploiting Unsanitized URL Handling & SQL Injection via Deep Links in iOS App: Write-up of Flipcoin

Breaking Down Data Exfiltration via Unsanitized External URL Handling and SQL Injection through Deep Links

Feb 21

Exploiting Unsanitized URL Handling & SQL Injection via Deep Links in iOS App: Write-up of Flipcoin

Feb 21

Published in
HakTrak Cybersecurity Squad

Understanding Stealer Logs and Their Role in Security Testing: A Focus on Asset Discovery- Part 2

From Stealer Logs to Multi-Domain Discovery: Unveiling Sensitive Files from 403 Forbidden Pages Using Archive.org Records

Jan 1

Understanding Stealer Logs and Their Role in Security Testing: A Focus on Asset Discovery- Part 2

Jan 1

Published in
HakTrak Cybersecurity Squad

Bypassing iOS App Jailbreak Detection by Patching the Binary with Ghidra: Write-up of No-Escape Lab

An Exploration of One of the Methods for Bypassing Jailbreak Detection

Dec 24, 2024

Bypassing iOS App Jailbreak Detection by Patching the Binary with Ghidra: Write-up of No-Escape Lab

Dec 24, 2024

Published in
HakTrak Cybersecurity Squad

Understanding Stealer Logs and Their Role in Security Testing — Part 1

A Thorough Exploration of Stealer Logs: What, How, and Case Study

Aug 30, 2024

Understanding Stealer Logs and Their Role in Security Testing — Part 1

Aug 30, 2024

Published in
HakTrak Cybersecurity Squad

Part 3:2 — Electron-Based App Security Testing Fundamentals — Case Study of Extract & Analyze .asar

Information Disclosure of Hardcoded Keys and Encryption Algorithm (in AesFormula.js File) Resulting in Compromised the Real Credentials

May 1, 2024

Part 3:2 — Electron-Based App Security Testing Fundamentals — Case Study of Extract & Analyze .asar

May 1, 2024

Published in
HakTrak Cybersecurity Squad

Part 3:1 — Electron-Based App Security Testing Fundamentals - Extract & Analyze .asar

Common Method for Extracting and Analyzing .asar Files

Apr 30, 2024

Part 3:1 — Electron-Based App Security Testing Fundamentals - Extract & Analyze .asar

Apr 30, 2024

Published in
HakTrak Cybersecurity Squad

Part 2 — Electron-Based App Security Testing Fundamentals — Installing and Detecting…

Ways to Detect Electron-Based Applications both Manually and Automatically

Apr 24, 2024

Part 2 — Electron-Based App Security Testing Fundamentals — Installing and Detecting…

Apr 24, 2024

Published in
HakTrak Cybersecurity Squad

Part 1 — Electron-Based App Security Testing Fundamentals — Introduction to Electron Framework

A Brief Overview of Electron Framework and Building a Simple Application

Mar 17, 2024

Part 1 — Electron-Based App Security Testing Fundamentals — Introduction to Electron Framework

Mar 17, 2024

Published in
HakTrak Cybersecurity Squad

From Accessing Restricted URL Found in .js File, to Vertical Privilege Escalation

A Story About How We Achieved Super Admin Access Through a Chain of Vulnerabilities, Alhamdulillah

Mar 13, 2024

From Accessing Restricted URL Found in .js File, to Vertical Privilege Escalation

Mar 13, 2024

Published in
InfoSec Write-ups

The Unexpected “0” Master ID for Account Data Manipulation

A simple story when Allah allowed me to successfully achieve P1 through a broken access control issue using an unexpected master ID of “0”.

Jun 21, 2023

The Unexpected “0” Master ID for Account Data Manipulation

Jun 21, 2023

YoKo Kho

YoKo Kho

Independent | OSCP, CRTO, eWPTX, eCPTX | https://twitter.com/YoKoAcc | https://bugcrowd.com/YokoKho | https://leanpub.com/bughunting101 (Bahasa) Free!

Following

Help
Status
About
Careers
Press
Blog
Privacy
Rules
Terms
Text to speech