-
Continue reading →: The Story of a Penetration Tester
This sharing entails about the journey (in bite size!) of my Penetration Testing career, there may be useful information and inspirations that you may obtain, especially if you are an individual interested in enteringo the Penetration Testing domain. The Question Since young (199x~Current), I have had the opportunity to witness…
-
Continue reading →: OSCP (Offensive Security Certified Professional)
Exam Review – OSCP (Offensive Security Certified Professional) Course Introduction The OSCP (Offensive Security Certified Professional) certification is a highly regarded and challenging credential in the field of cybersecurity. It is offered by Offensive Security, a leading provider of training and certification in offensive security and penetration testing. The OSCP…
-
Continue reading →: Why AI Can’t Be 100% Safe — And Why Humans Still Matter
There’s been a lot of debate about whether AI can ever be completely safe. Personally, I don’t think so and here’s why. 1. LLMs are probabilistic, not deterministic. AI doesn’t follow strict rules. It predicts patterns based on data. Even with the same input, slight randomness or context changes can…
-
Continue reading →: Microsoft Edge Security Update on Blocking Malicious Sideloaded Extensions
Microsoft is rolling out a security update in November 2025 to block malicious sideloaded extensions in Edge. What Are Sideloaded Extensions? Sideloaded extensions are browser add-ons installed outside the official Microsoft Edge Add-ons store. Developers sometimes use this method for testing, but cybercriminals can exploit it to deliver malware, steal…
-
Continue reading →: GCIH Certified!
I attended the 6-day SANS SEC504 course in August — my first SANS certification journey. Though there was a lot of material to go through, the lessons were well structured and easy to understand, thanks to the extremely knowledgeable and engaging instructors. The course offers hands-on experience using real-world tools…
-
Continue reading →: CISSP Certified!
Earning my CISSP certification has been one of the most difficult yet rewarding experiences of my professional life. The journey wasn’t easy — it required dedication, long hours of study, and pushing through moments of doubt. But the satisfaction I feel after passing the exam makes every challenge worth it.…
-
Continue reading →: Happy Chinese New Year!
Happy Chinese New Year: Embracing Tradition in the Digital Age As we step into the vibrant festivities of Chinese New Year, it’s a time for both reflection and anticipation. This year, we’re not just celebrating the rich tapestry of Chinese culture but also embracing how tradition intertwines with our modern,…
-
Continue reading →: Risk Assessment – Overview
This is an overview of Risk Assessment. The Risk Assessment methodology will be based on Singapore CSA guide. CSA Risk Assessment Guide for CII Firstly, many would wonder why do we do risk assessments? What is the purpose and the objectives that organizations want to achieve through it. The goal…
-
Continue reading →: Pentest – FTP
Common Tests Command/Actions Description ftp://ip:21 Check for Web Directory Listing anonymous:anonymous, admin:admin, root:root Check for anonymous access and default/weak credentials wget -m ftp://anonymous:anonymous@ip Download files from FTP Directory using Wget ftp > get file.txt Download files using FTP client PUT Allowed Attempt to upload Reverse Shell / Web Shell hydra…
-
Continue reading →: Pentest – Elastix 2.2.0 Remote Code Execution (CVE-2012-4869) Exploit
Disclaimer The following content is strictly for educational purpose. Please do not attempt exploitation of this vulnerability on any assets without ownership consent. References and Links Description The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in…
-
Continue reading →: Pentest – Apache APISIX Remote Code Execution (CVE-2022-24112) Exploit
Disclaimer The following content is strictly for educational purpose. Please do not attempt exploitation of this vulnerability on any assets without ownership consent. References and Links Description An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache…
Hello Visitor,
Welcome to my cozy corner featuring sharing of cybersecurity matters. I am an industry practictioner with several years of experiences in Offensive, GRC, Incident Response and Auditing. Join me on my journey!
lktniloc 