Tung PunThoughts on the Security Aspects of GitHub ActionsA few days ago, while reading a document about GitHub actions, I found a bug class that was present in my repositories. I think this is a…Mar 27Mar 27
Tung PunClient, not client!This blog describes one of my findings on a private program. The attack vector is simple, short and elegant (at least for me).Sep 15, 2019Sep 15, 2019
Tung PunHow I found my very first CVEI am here today to share about a finding in Node.js third-party modules program on HackerOne, which brought me my very first CVE…Jul 6, 20181Jul 6, 20181
Tung PunAnalysis a malware spreading via Facebook MessengerRecently, there is a propagation of a miner malware in our community via Facebook Messenger. Luckily, I have found a sample on the…Dec 22, 20171Dec 22, 20171
Tung PunFrom SSRF to Local File DisclosureThis blog is written about a bug (I believe), that was found on my last weekend. It located on a website from a private program X on…Nov 8, 20175Nov 8, 20175
Tung PunHow I built a lightweight MITM-based web-app fuzzerSince a year ago, I’ve spent most of my working time on doing blackbox pen-test websites, and there I felt too lazy to have a look at every…Oct 21, 2017Oct 21, 2017