A humble learner of everything around IT especially in IT implementation, governance, risk management, and cybersecurity.

When we encounter the term “cyberattack”, what scenario comes to our mind? Maybe because we are contaminated with hacking films, especially for those who have not encountered a real cyberattack, will think there will be a popup saying “your computer has been hacked” with the green-ish theme color and a kind of alarm sound effect.

Image for post
Image for post
Image by Darwin Laganzon from Pixabay

err, actually if you are facing a ransomware attack, there will be a dramatic one actually with a padlock that says “you are hacked” or “your data has been encrypted” or something.

So, my point is, most of the attacks may not be dramatic. Because…


Hello friends! I need to apologize for my disappearance few weeks or maybe months back. Happy new year everybody and happy lunar new year to people who are celebrating.

Image for post
Image for post
Photo by Kelly Sikkema on Unsplash

Let me tell a short story about what have I been doing for the last couple of weeks. I am now working as a cyber risk assurance consultant associate and now, I am in charge of a client to do a cybersecurity assessment using NIST, you can see the resources here. Anyway, I am only responsible for the last 2 parts of the framework, the “respond & recover” domain. Because of…


Image for post
Image for post

Hello! Today we will learn about RFI from a challenge from root-me.org. If you wish to understand about RFI and LFI in theory, you can look it up on my post before. I do believe it will help you to understand. Now, let’s begin!


Hello friends! We are back again with another cybersecurity theory again. This time we will be talking about remote file inclusion. This is a common vulnerability because we love dynamic content. Basically, this attack exploits the include() function in PHP. I found it really difficult for me when I was learning this method in the first place. For me, after I understand it, there are a lot of important things that can be confusing if they are not clearly stated. Let’s get started.

Image for post
Image for post

For you who have been working around web development, most likely you are aware of the “include”…


Image for post
Image for post

Hello everybody, back to the penetration testing exercise. This time I exercised at root-me. This challenge is talking about a vulnerability in eval function implementation in the PHP language. Basically, sometimes, we have established some firewalls like regular expression filtration, but unfortunately, it still can be bypassed. In this challenge, we will talk about how we bypass a regular-expression firewall.


Image for post
Image for post

Okay, after telling you about the reason why you should start to learn computer programming, in this blog, I will tell you the code that I used to do my task in my office. If you have not read the reason why you should start to learn computer programming, you can go to the post here. Okay, let’s start our technical part.

Thinking Process

Looking back at the document we have to process, what is the (human) logic here? I will repost the screenshot of the NIST CSF document.


Image for post
Image for post

I firmly believe that programming is important for everyone. Yes, I am stating everyone which includes IT and non-IT-related jobs. The ultimate reason why programming is important is that it teaches you how to think structurally. Seriously, though, a capability to think structurally is really beneficial whether in a timely manner or effort manner.

If you are working in an IT-related industry or IT division in a company, you may find programming is a must, probably that is why you are hired for. But the question is, is it important for the non-it-related jobs that maybe mostly be interacting with…


Image for post
Image for post
Book Cover

Thinking Background

Risk is something that must be considered in the organization. Besides developing the organization through research and development, marketing, and another aspect, risk must be put on the agenda. Basically, because the risk is not handled, it will invite chaos. Especially in this digital era when technology becomes the business’s backbone.

When technology becomes the business’s backbone, it raises the responsibility for businesses to start considering technology-related risks. But as people said, easier said than done, because, technology changes rapidly. …


Image for post
Image for post
XML Recursive

Story Telling

A few days ago, I was asked to do a recap of a book's content. It is really funny and a bit depressing though because the content looks like this.


Image for post
Image for post

Finally, after a long time I run away from web challenges, I come back and continue to practice. In this challenge, I face one of my greatest fears of web challenge, the JWT challenge.

Again and again, I remind you that I will write the whole thinking process in creating this solution, so bear with me and keep learning!

Challenge Introduction

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store