Published inSystem Weakness·Jun 1Incident Detection and ResponseAs a cyber consultant that has never been in a security operational team, I find it really difficult to understand how these processes work. A big thanks to my buddy, if you happen to read this blog, I thank you for the knowledge sharing in this area. I will try…Cyber Security7 min readCyber Security7 min read
Jul 25, 2021HTB —KnifeAbstract Assessing HTTP requests Exploit php 8.1.0-dev to get backdoor and reverse shell Exploit knife to issue OS command as root Introduction Hi people! In this post, I will be talking about my first ever “not-cheating” machine takeover including the “cheating” and the “not-cheating” one (haha, yikes). This machine is…Hackthebox Writeup5 min readHackthebox Writeup5 min read
Feb 13, 2021Incident Response — Cyberattack lifecycle.When we encounter the term “cyberattack”, what scenario comes to our mind? …Cybersecurity4 min readCybersecurity4 min read
Feb 13, 2021Introduction to Incident ResponseHello friends! I need to apologize for my disappearance few weeks or maybe months back. Happy new year everybody and happy lunar new year to people who are celebrating. Let me tell a short story about what have I been doing for the last couple of weeks. I am now…Incident Response3 min readIncident Response3 min read
Dec 6, 2020Root-Me Writeup — Remote File InclusionHello! Today we will learn about RFI from a challenge from root-me.org. If you wish to understand about RFI and LFI in theory, you can look it up on my post before. I do believe it will help you to understand. Now, let’s begin!Rfi5 min readRfi5 min read
Dec 5, 2020Remote File Inclusion & Local File Inclusion (RFI & LFI)Hello friends! We are back again with another cybersecurity theory again. This time we will be talking about remote file inclusion. This is a common vulnerability because we love dynamic content. Basically, this attack exploits the include() function in PHP. I found it really difficult for me when I was…Remote File Inclusion10 min readRemote File Inclusion10 min read
Dec 4, 2020Root-Me Writeup — PHP EvalHello everybody, back to the penetration testing exercise. This time I exercised at root-me. This challenge is talking about a vulnerability in eval function implementation in the PHP language. Basically, sometimes, we have established some firewalls like regular expression filtration, but unfortunately, it still can be bypassed. In this challenge…PHP7 min readPHP7 min read
Dec 3, 2020Programming for Non-IT related Job Part 2Okay, after telling you about the reason why you should start to learn computer programming, in this blog, I will tell you the code that I used to do my task in my office. If you have not read the reason why you should start to learn computer programming, you…Programming6 min readProgramming6 min read
Dec 2, 2020Programming for Non-IT Related JobI firmly believe that programming is important for everyone. Yes, I am stating everyone which includes IT and non-IT-related jobs. The ultimate reason why programming is important is that it teaches you how to think structurally. …Programming5 min readProgramming5 min read
Published inThe Startup·Nov 26, 2020Quantitative Risk Assessment Using FAIRThinking Background Risk is something that must be considered in the organization. Besides developing the organization through research and development, marketing, and another aspect, risk must be put on the agenda. Basically, because the risk is not handled, it will invite chaos. …Fair Framework6 min readFair Framework6 min read
