If Allah willed it, will be back soon!

December 21, 2019

Hi guys, there is a problem at my site (have no idea that suddenly can’t connect to database even though I didn’t do anything). But, if Allah willed it, I will try my best to recover it. So, stay tune!

Latest Tweets

Retweet on Twitter YoKo Kho Retweeted

IG: @twitulama @twitulama·

April 10, 2021

Ibnul Qoyim berkata:
"Lisan punya 2 kesalahan yg besar, di mana jika seseorang bebas dari yg satu, dia sulit bisa selamat dari yg satunya: salah dalam bicara & salah dalam diam.

Yang diam dari kebenaran adalah setan yg bisu. Yang mengucap kebatilan adalah setan yang berbicara. https://twitter.com/200Abdulaziz/status/1380717677270949889

Twitter 1380728269595570176

Retweet on Twitter YoKo Kho Retweeted

bend theory @bendtheory·

April 9, 2021

@ninetyn1ne_ The WAF didn’t fully anticipate the underlying application to convert

> to >

by double HTML encoding (which is just encoding the & to &) we can resolve normal HTML entities which are parsed in the javascript event handler.

cloudflare tries to spot alert(1) but fails

Twitter 1380530581537239041

Retweet on Twitter YoKo Kho Retweeted

bend theory @bendtheory·

April 9, 2021

just disclosed my first real report on Hackerone!

https://hackerone.com/reports/789689

might have to do a full write up on HTML entity parsing weirdness :)

#BugBounty #bugbountytips

Twitter 1380524556952166401

Retweet on Twitter YoKo Kho Retweeted

Rohit @sec_r0·

April 8, 2021

🚨🚨 . . New & Free Security Zine . . 🚨🚨

Finally Hashing Zine is here !!!
Must read for devs and bug hunters.
And yes its free.

One single read, will make your knowledge one level above.
https://securityzines.com/zines/hashing.html

#security #infosec #zines #100DaysOfCode #hashing

Twitter 1380208623763169282

Retweet on Twitter YoKo Kho Retweeted

Bug-A-Bee 🐝@securibee·

April 8, 2021

Of course had to be included in best recon methodologies: https://securib.ee/beelog/the-best-bug-bounty-recon-methodology/

Twitter 1380226768171380737