Open in app

Sign In

Write

Sign In

MikeChan
MikeChan

539 Followers

Home

About

Published in

Techiepedia

·Pinned

5 Ways to Test Password Reset Function

Password reset is a function commonly founded in modern web app. This function normally would be the first function I tested in every web app as once a bug is founded, it is normally a critical one. In this article, I would show several ways to test this function. Before…

Infosec

4 min read

Infosec

4 min read


Published in

Techiepedia

·Mar 6, 2022

Response Manipulation leads to Account Takeover

This is a short story about my recent bug hunting on a private program. This program mainly relies on OTP to check user’s authentication. This story would walk through how I bypass its OTP check using response manipulation. So, let’s begin. If you are not yet a medium member, please…

Cybersecurity

3 min read

Response Manipulation leads to Account Takeover
Response Manipulation leads to Account Takeover
Cybersecurity

3 min read


Feb 23, 2022

What You can Learn from Coinbase Hack with USD250k Bounty

As a bug bounty hunter, you may experience something like below: After hundreds hours of hacking, you found zero bugs. So, you work a lot harder, doing more recon and test on every single endpoint. However, as time goes by, still no more bugs could be found. Finally, you found…

Hacking

5 min read

What You can Learn from Coinbase Hack with USD250k Bounty
What You can Learn from Coinbase Hack with USD250k Bounty
Hacking

5 min read


Published in

JavaScript in Plain English

·Feb 14, 2022

JavaScript Security — Weak Type Bypass

How hackers can bypass JavaScript security checks exploiting its weakly typed feature. — As you may know, JavaScript is a weakly typed language. These features of the language can be used by hackers to bypass some checks within a Node.js application. So, what is it means by weak type? Let’s consider the below example: var a =1; var b ="1"; var c= a + b; console.log(c==="11")…

JavaScript

3 min read

Javascript Security — Weak Type Bypass
Javascript Security — Weak Type Bypass
JavaScript

3 min read


Published in

System Weakness

·Dec 27, 2021

Common Nginx Misconfiguration leads to Path Traversal

Recently, I have been invited by my friend to participate into a private pentest project. The target has been using Nginx as its Reverse Proxy and I found a common Nginx misconfiguration that leads to a path traversal bug. In order to help the owner of the target to have…

Nginx

3 min read

Common Nginx Misconfiguration leads to Path Traversal
Common Nginx Misconfiguration leads to Path Traversal
Nginx

3 min read


Nov 23, 2021

Common Bugs found in File Upload Functions

File upload is a function commonly founded in web app. You may find it in social network app, job seeking app etc. Also, it is one of the areas that developers would overlook. This article mainly introduces what common bugs can be founded in file upload functions. So, let’s begin: File Upload IDOR …

Cybersecurity

3 min read

Common Bugs found in File Upload Functions
Common Bugs found in File Upload Functions
Cybersecurity

3 min read


Nov 20, 2021

Linux Tricks for Bug Bounty Hunter

In previous post, we discussed about how to setup a Recon Machine on VPS and how to use Screen to maintain your recon process even after you logout from VPS. This article would walk you through some other linux tricks Bug Bounty Hunter normally used in their hacking. Schedule Your Task In Linux…

Cybersecurity

3 min read

Linux Tricks for Bug Bounty Hunter
Linux Tricks for Bug Bounty Hunter
Cybersecurity

3 min read


Oct 31, 2021

Setup Your Own Recon Machine on Digital Ocean

If you are a bug bounty hunter, you may notice that recon is very time consuming. Sometimes, even you have mostly automate your recon, recon might takes days or even weeks if you are hunting on a huge scope. If you use your home workstation, it occupies quite a lot…

Hacking

4 min read

Setup Your Own Recon Machine on Digital Ocean
Setup Your Own Recon Machine on Digital Ocean
Hacking

4 min read


Oct 14, 2021

Automate Your Hunting — Cache Poison

Cache Poison is a bug commonly seen in web apps. This passage walks you through how you could automate your testing on such commonly seen bug in web application. …

Bug Bounty Tips

2 min read

Automate Your Hunting —  Cache Poison
Automate Your Hunting —  Cache Poison
Bug Bounty Tips

2 min read


Oct 9, 2021

Power of Your Own Wordlist — Fuzz for Log File Leads to Information Leakage

This is another story of my recent finding of sensitive information leakage. The target is a big hotel and resort Group which has operation in over 10 countries over the world. As I am not allowed to disclose the detail, I would use redacted.com …

Cybersecurity

3 min read

Power of Your Own Wordlist — Fuzz for Log File Leads to Information Leakage
Power of Your Own Wordlist — Fuzz for Log File Leads to Information Leakage
Cybersecurity

3 min read

MikeChan

MikeChan

539 Followers

Cybersecurity, Part-time bug bounty hunter. Support me by subscribe: https://mikekitckchan.medium.com/membership. Ping me for online private tutoring.

Following
  • BlockSec

    BlockSec

  • Immunefi

    Immunefi

  • SlowMist

    SlowMist

  • 兄弟鏈 Brochain

    兄弟鏈 Brochain

  • Nishith K

    Nishith K

See all (22)

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech