MikeChan – Medium

MikeChan

Pinned

Published in
Techiepedia

5 Ways to Test Password Reset Function

Password reset is a function commonly founded in modern web app. This function normally would be the first function I tested in every web…

Jun 26, 2021

Jun 26, 2021

Published in
Techiepedia

Response Manipulation leads to Account Takeover

This is a short story about my recent bug hunting on a private program. This program mainly relies on OTP to check user’s authentication…

Mar 6, 2022

Response Manipulation leads to Account Takeover

Mar 6, 2022

What You can Learn from Coinbase Hack with USD250k Bounty

As a bug bounty hunter, you may experience something like below:

Feb 23, 2022

What You can Learn from Coinbase Hack with USD250k Bounty

Feb 23, 2022

Published in
JavaScript in Plain English

Javascript Security — Weak Type Bypass

How hackers can bypass JavaScript security checks exploiting its weakly typed feature.

Feb 14, 2022

Javascript Security — Weak Type Bypass

Feb 14, 2022

Published in
System Weakness

Common Nginx Misconfiguration leads to Path Traversal

Recently, I have been invited by my friend to participate into a private pentest project. The target has been using Nginx as its Reverse…

Dec 27, 2021

Common Nginx Misconfiguration leads to Path Traversal

Dec 27, 2021

Common Bugs found in File Upload Functions

File upload is a function commonly founded in web app. You may find it in social network app, job seeking app etc. Also, it is one of the…

Nov 23, 2021

Common Bugs found in File Upload Functions

Nov 23, 2021

Linux Tricks for Bug Bounty Hunter

In previous post, we discussed about how to setup a Recon Machine on VPS and how to use Screen to maintain your recon process even after…

Nov 20, 2021

Linux Tricks for Bug Bounty Hunter

Nov 20, 2021

Setup Your Own Recon Machine on Digital Ocean

If you are a bug bounty hunter, you may notice that recon is very time consuming. Sometimes, even you have mostly automate your recon…

Oct 31, 2021

Setup Your Own Recon Machine on Digital Ocean

Oct 31, 2021

Automate Your Hunting — Cache Poison

Cache Poison is a bug commonly seen in web apps. This passage walks you through how you could automate your testing on such commonly seen…

Oct 14, 2021

Automate Your Hunting — Cache Poison

Oct 14, 2021

Power of Your Own Wordlist — Fuzz for Log File Leads to Information Leakage

This is another story of my recent finding of sensitive information leakage. The target is a big hotel and resort Group which has…

Oct 9, 2021

Power of Your Own Wordlist — Fuzz for Log File Leads to Information Leakage

Oct 9, 2021

MikeChan

MikeChan

Cybersecurity, Part-time bug bounty hunter. Support me by subscribe: https://mikekitckchan.medium.com/membership. Ping me for online private tutoring.

Following

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams