Cross-function re-entrancy in the wildAfter many catastrophic, tragic incidents in the past, I believe that every one would have heard about this so-called “re-entrancy” attack…Jul 30, 2022Jul 30, 2022
0 != 0 a misconfiguration, leading to missing fundsTLDR; I discovered a misconfiguration for a collateral with weak oracle on lending & borrowing platform, combine with a nuance in…May 14, 2022May 14, 2022
Different parsers, different resultsTLDR; I found a critical vulnerability on GearBox protocol, result from different parsers of path parameters used between GearBox adapter…Mar 27, 2022Mar 27, 2022
What “if” I can get more reward?An imcomplete if logic that leads to a catastrophic loss.Mar 24, 20221Mar 24, 20221
Watching DeFi Scam Live!This past few weeks I took a break from hacking on Bug Bounty Program and gave Solidity and Smart Contracts a try.Jul 31, 2021Jul 31, 2021
A write-up for BugPoC XSS ChallengeStep-by-step of how I solve XSS Challenge from BugPoCAug 12, 2020Aug 12, 2020
Always escalate! From Self-XSS to Persistent XSS on Login PortalAbout 2 months ago, I discovered a persistent self-XSS on a login portal. Most of programs do not accept self-XSS report, but I managed to…Apr 2, 20202Apr 2, 20202
1st Bug Bounty Write-Up — Open Redirect Vulnerability on Login PageOne of good things in bug hunter community is knowledge sharing. Many great minds of hacking share their findings/discoveries all the time.Mar 27, 2020Mar 27, 2020
Disable Driving Prohibition on Toyota C-HR head unitContinued story from getting root access to disable driving prohibition on head unitMay 22, 20193May 22, 20193
How I hack into my car head unit (Toyota C-HR)A journey of how I get root access on my car head unit, starting from a scratchMay 21, 20195May 21, 20195
