Home | b4r

b4r

/ˈbar/ • nouns

Security Researcher and CTF Player with @Try4gain. Mostly into IDA reverse engineering, Wireshark forensics, curl web exploitation, and Linux.

Besides security shit, I enjoy playing a pixel art games and watching anime.

Latest posts

a neat little cve in filament

cve-2026-48067 came from a scope mismatch in filament AttachAction and AssociateAction

b b4r
May 25, 2026
2 min read

vulnerability cve web exploitation laravel
cross-tenant credential disclosure in itflow

cve-2026-47755 let a low-privileged authenticated user pull another client credentials and totp secrets in itflow

b b4r
May 25, 2026
3 min read

vulnerability cve web exploitation idor
six cves in one open-source e-commerce project

how i reported six shopper cves spanning authorization bypass, privilege escalation, race conditions, idor, and xss

b b4r
May 22, 2026
4 min read

vulnerability advisory cve web exploitation laravel
my first CVE, CVE-2026-44692

authenticated sharp users could download unrelated laravel storage objects through the generic download endpoint

b b4r
May 8, 2026
7 min read

vulnerability cve web exploitation laravel
how one cve turned into multiple csirt.go.id certs

one vulnerability. multiple targets. multiple certificates.

b b4r
March 10, 2026
2 min read

web exploitation bug bounty
aseng forensic challs always give me a new insight

upsolved it tho :p

b b4r
February 17, 2026
6 min read

forensics ctf disk-image pcap crypto reverse

See all posts →