Honors / Awards

In the name of Allah, the Most Gracious, the Most Merciful.


Q1, Q2, Q3, and Q4 2021 Bugcrowd MVP Researchers

Description: Qualified as one of Q1, Q2, Q3, and Q4 2021 Bugcrowd MVP (Researcher recognized for high activity, low noise, and high impact).

MVP program qualifications in Q1, Q2, Q3, and Q4 2021:

  • Maintain a minimum average accuracy rate of 80% for the qualifying period
  • Achieve a priority percentile range for either P1s or P2s above 80%
  • Submit at least four qualifying, non-duplicate submissions
  • Have no significant enforcement infractions for six months prior to the end of the qualifying quarter.

Reference (Q1 2021):https://www.bugcrowd.com/blog/announcing-our-mvps-for-q1-2021


1st Place – PenTest Competition – BPJS Hackathon 2021

Together with Faisal Yudo Hernawan and Tomi Ashari (with a team we named “Fityan”), we won 1st place in BPJS Hackathon 2021 (PenTest Category).

This competition is held in two formats, namely:

• First format – September 11, 2021: “Capture the Flag” format in the preliminary round (with Allah’s permission, we are in the top 10 and ranked 2). At this stage, we are required to look for flags on available targets.

• Second format: Perform PenTest to available Application (which looks real). There are no flags at this stage so what needs to be done is try to find as many vulnerabilities as possible and report them via the form provided.

With Allah’s permission, we were able to achieve RCE through a combination of several issues (simple information disclosure, broken access control, insecure privileges on database, and Stacked Query SQL Injection).

For information, this PenTest activity has been carried out on September 19, 2021, followed by a presentation on September 20, 2021.


Bugcrowd’s Status – Jun 01st, 2022

Currently rank #33 at Bugcrowd Bug Bounty Platform with:

  • P1 Warrior (start from 2019): 6th Tier (Submitting 104 critical issues at available programs);
  • P1 Warrior Leaderboard Rank: #16th;
  • All Time Accuracy: 99.40% accuracy.

Profile: https://bugcrowd.com/YoKoKho


Q1, Q3, and Q4 2020 Bugcrowd MVP Researchers

Description: Qualified as one of Q1, Q3, and Q4 2020 Bugcrowd MVP (Researcher recognized for high activity, low noise, and high impact).

MVP program qualifications in Q1, Q3, and Q4 2020:

  • Maintain a minimum average accuracy rate of 80% for the qualifying period
  • Achieve a priority percentile range for either P1s or P2s above 80%
  • Submit at least four qualifying, non-duplicate submissions
  • Have no significant enforcement infractions for six months prior to the end of the qualifying quarter.

Reference (Q1 2020): https://www.bugcrowd.com/blog/update-q1-2020-mvp-researchers/

Reference (Q3 2020): https://www.bugcrowd.com/blog/announcing-our-mvps-for-q3-2020/

Reference (Q4 2020): https://www.bugcrowd.com/blog/mvps-for-q4/


Q3 and Q4 2019 Bugcrowd MVP Researchers

Description: Qualified as one of Q3 and Q4 2019 Bugcrowd MVP (Researcher recognized for high activity, low noise, and high impact).

Reference (Q3 2019): https://www.bugcrowd.com/blog/congratulations-to-our-mvp-researchers-in-q3-2019/

Reference (Q4 2019): https://www.bugcrowd.com/blog/congratulations-to-our-mvp-researchers-in-q4-2019/


Q3 2019 Bounty Slayers Winners (Power Up)

Description:

Descriptions: Selected as one of 2019 Bounty Slayers Winners for the first time (rewarded at Q3 – October 2019).

Bounty Slayers is the program that held by Bugcrowd to encourages researchers to strive for continued performance, highlighting the ability to maintain a certain number of qualifying, accepted submissions (resolved and unresolved, P1-P4) each quarter.

At this quarter, I able to manage to submitting at least 40 resolved or unresolved (valid) P1 to P4 submissions.

Reference: https://www.bugcrowd.com/blog/congratulations-q3-2019-bounty-slayers-winners/


Writeup of the Week: 13 to 20 September, 2019 Period

Description: Together with Faisal Yudo Hernawan and Tomi Ashari, one of Our research was chosen as the “Writeup of the Week” at Pentester Land Newsletter #72 and at intigriti Bug Bytes – #37th Release (Europe’s 1st Ethical Hacking Platform – One of the biggest Bug Bounty Platform in the World).

Research: Race Condition that could Result to RCE – (A story with an App that temporary stored an uploaded file within 2 seconds before moving it to Amazon S3)

References:
http://blog.intigriti.com/2019/09/24/bug-bytes-37-how-to-find-more-idors-race-condition-to-rce-tracy/
https://pentester.land/newsletter/2019/09/24/the-5-hacking-newsletter-72.html
https://medium.com/bugbountywriteup/race-condition-that-could-result-to-rce-a-story-with-an-app-that-temporary-stored-an-uploaded-9a4065368ba3


2018 Bugcrowd MVP Researchers

Description: Selected as one of 2018 Bugcrowd MVP (Researcher recognized for high activity, low noise, and high impact) – for the first time.

Quoted by Bugcrowd’s email: “We are thrilled to confirm you as a 2018 Bugcrowd MVP!

Because of your awesome work, you join a select group of your peers to already have reached this tier, out of our 73,000+ community.”

Reference: https://www.bugcrowd.com/the-2018-mvp-researchers/


Fast Track Program 2017 – By Mitra Integrasi Informatika, PT

Description: The program that designed by Mitra Integrasi Informatika to develop the employee’s career to more focus on one specific area (between management or technical specialist).

The program material has covers the competency development, talent management, succession planning, career path, and boost motivation for potential development.

With the permission of Allah and then by the management consideration, I was passed this program at July 2017.


The Best Engagement Team on 2016 at Mitra Integrasi Informatika, PT

Description: Award for Consulting & Advisory Services Dept. (specifically for security team) as the Best Engagement Team on 2016.

Note: The appreciation that given by Mitra Integrasi Informatika at every year for the team category.


Top Achiever Award Plus 2016 – by Metrodata Electronics, PT

Description: The highest appreciation that given by Metrodata Electronics, PT in every year for the selected people that exceeds the bar of performance.

I was awarded with an incentive tour to New Zealand (awarding at Kick-off-Meeting Metrodata 2017).


Extra Miles Award 2015 – an Innovation Award by Mitra Integrasi Informatika, PT

Description: A yearly innovation award that given by Mitra Integrasi Informatika, PT for every people / group that success to create the new business that proven at the market.

My Colleagues and Me was awarded with this one at 2015 because we successfully create an end-to-end Security Solution and Consulting Services for company.


Credits: featured images by: Gold vector created by freepik – www.freepik.com

Share

You may also like...