Hello and welcome to my GitHub account. If you'd like to know more about me, this is likely the best place to start
Bug Bounty
HackerOne
Bugcrowd
Hall of Fame
OLX https://security.olx.com/security-hall-of-fame.html (2016)
Acknowledgments
Eternity Wall https://eternitywall.it/m/5ac86b8099d0121ff3b1944309878eb7d1d37341b062ec4a7219957fb5776365
Published Advisories, CVSs etc.
serve npm module Directory Traversal vulnerability - CVE-2018-3712 (https://nodesecurity.io/advisories/561)
Hackthebox.eu
Hackthebox.eu profile:
https://www.hackthebox.eu/profile/703
CTFtime.org
2018
In progress...
2017
Ranking position: 1251 with 13,435 points; finished in top 8,55% teams with any points in CTFtime ranking, with 1,72% points of the best team
teams with any points: 14615
best team result: 780,201 (217)
Full stats: https://ctftime.org/team/16701 (Stack)
2016
Ranking position: 882 with 11,276 points; finished in top 9% teams with any points in CTFtime ranking, with 0,69% points of the best team
teams with any points: 10593
best team result: 1625,714 (dcua)
Full stats: https://ctftime.org/team/16701 (Stack)
2015
Ranking position: 562 with 14,677 points; finished in top 8% teams with any points in CTFtime ranking, with 0,81% points of the best team
teams with any points: 7275
best team result: 1789,884 (Plaid Parliament of Pwning)
Full stats: https://ctftime.org/team/12769 (bl4de - not active at this name anymore)
CTF writeups
You can see my CTF writeups from variuos events here: https://github.com/bl4de/ctf#ctf-capture-the-flag-writeups-repository
--
Other Writeups
Most common security vulnerabilities in npm static content/file servers modules
Hidden directories and files as a source of sensitive information about web application
Some analysis about how to get information about web application from folders like .git , .idea and similar. https://github.com/bl4de/research/tree/master/hidden_directories_leaks
As a part of this, I'm working on tool (in Python) to extract data from revealed Git repositories:
https://github.com/bl4de/security-tools/tree/master/diggit
RAA Ransomware JavaScript code analysis
Detailed, step-by-step analysis of RAA ransomware, created entirely in JavaScript
https://github.com/bl4de/research/tree/master/raa-ransomware-analysis
Simple JavaScript malware code deobfuscation walkthrough
JavaScript malware code deobfuscation step-by-step walkthrough
--
You can follow me on Twitter. I share IT security, web development and coding related stuff.
If you'd like to contact me, please feel free to send an email to bloorq [at] gmail [dot] com
Hello and welcome to my GitHub account. If you'd like to know more about me, this is likely the best place to start
Bug Bounty
HackerOne
Bugcrowd
Hall of Fame
OLX https://security.olx.com/security-hall-of-fame.html (2016)
Acknowledgments
Eternity Wall https://eternitywall.it/m/5ac86b8099d0121ff3b1944309878eb7d1d37341b062ec4a7219957fb5776365
Published Advisories, CVSs etc.
serve npm module Directory Traversal vulnerability - CVE-2018-3712 (https://nodesecurity.io/advisories/561)
Hackthebox.eu
Hackthebox.eu profile:
https://www.hackthebox.eu/profile/703
CTFtime.org
2018
In progress...
2017
Ranking position: 1251 with 13,435 points; finished in top 8,55% teams with any points in CTFtime ranking, with 1,72% points of the best team
teams with any points: 14615
best team result: 780,201 (217)
Full stats: https://ctftime.org/team/16701 (Stack)
2016
Ranking position: 882 with 11,276 points; finished in top 9% teams with any points in CTFtime ranking, with 0,69% points of the best team
teams with any points: 10593
best team result: 1625,714 (dcua)
Full stats: https://ctftime.org/team/16701 (Stack)
2015
Ranking position: 562 with 14,677 points; finished in top 8% teams with any points in CTFtime ranking, with 0,81% points of the best team
teams with any points: 7275
best team result: 1789,884 (Plaid Parliament of Pwning)
Full stats: https://ctftime.org/team/12769 (bl4de - not active at this name anymore)
CTF writeups
You can see my CTF writeups from variuos events here: https://github.com/bl4de/ctf#ctf-capture-the-flag-writeups-repository
Tools
Some security related tools I've created:
https://github.com/bl4de/security-tools
Other Writeups
Most common security vulnerabilities in npm static content/file servers modules
Hidden directories and files as a source of sensitive information about web application
Some analysis about how to get information about web application from folders like .git , .idea and similar. https://github.com/bl4de/research/tree/master/hidden_directories_leaks
As a part of this, I'm working on tool (in Python) to extract data from revealed Git repositories:
https://github.com/bl4de/security-tools/tree/master/diggit
RAA Ransomware JavaScript code analysis
Detailed, step-by-step analysis of RAA ransomware, created entirely in JavaScript
https://github.com/bl4de/research/tree/master/raa-ransomware-analysis
Simple JavaScript malware code deobfuscation walkthrough
JavaScript malware code deobfuscation step-by-step walkthrough
You can follow me on Twitter. I share IT security, web development and coding related stuff.
If you'd like to contact me, please feel free to send an email to bloorq [at] gmail [dot] com