2025

• 09 Oct Model Context Protocol (MCP): The Emerging Standard Connecting AI to the Real World

2024

• 12 Dec My Take on OSEP (PEN-300): Challenges, Lessons, and Real-World Relevance

2023

• 12 Dec IoT Dataset Research: Curating Realistic Traffic for Security Analysis
• 01 Dec My Journey in CVE Research: From Discovery to Disclosure

2022

• 22 Jan [English] CEH Practical Certification Exam Experience
• 22 Jan [Bahasa] Pengalaman Ujian Sertifikasi CEH Practical
• 08 Jan Online Railway Reservation System 1.0 - 'id' SQL Injection (Unauthenticated)
• 05 Jan Online Veterinary Appointment System v1.0 — Multiple SQL Injection via id in Appointment Details)

2021

• 30 Dec Hospital's Patient Records Management System v1.0 - 'id' SQL Injection (Authenticated)
• 20 Dec Hospitals Patient Records Management System v1.0 — IDOR (Account Takeover)
• 13 Dec CVE-2021-44228 (Log4Shell) — Field Notes from a Focused Web-App Review
• 01 Oct WordPress Advanced Ticket System < 1.0.64 — Authenticated Stored XSS in Ticket Metadata
• 01 Oct WP Ticket (Customer Service Software & Support Ticket System) < 5.10.4 — Admin+ Stored XSS via Unsanitized List Fields (CVE-2021-24622)
• 01 Oct WP Courses LMS < 2.0.44 — Authenticated Stored XSS via 'Video Embed Code'
• 01 Oct Book appointment Online < 1.39 - Authenticated Stored Cross-Site Scripting (XSS)
• 27 Aug [English] OSCP Certification Exam Experience
• 27 Aug [Bahasa] Pengalaman Ujian Sertifikasi OSCP