Home | b4r

b4r

/ˈbar/ • nouns

Security Researcher and CTF Player with @Try4gain. Mostly into IDA reverse engineering, Wireshark forensics, curl web exploitation, and Linux.

Besides security shit, I enjoy playing a pixel art games and watching anime.

Latest posts

six cves in one open-source e-commerce project

how i reported six shopper cves spanning authorization bypass, privilege escalation, race conditions, idor, and xss

b b4r
May 22, 2026
4 min read

vulnerability advisory cve web exploitation laravel
my first CVE, CVE-2026-44692

authenticated sharp users could download unrelated laravel storage objects through the generic download endpoint

b b4r
May 8, 2026
7 min read

vulnerability cve web exploitation laravel
how one cve turned into multiple csirt.go.id certs

one vulnerability. multiple targets. multiple certificates.

b b4r
March 10, 2026
2 min read

web exploitation bug bounty
aseng forensic challs always give me a new insight

upsolved it tho :p

b b4r
February 17, 2026
6 min read

forensics ctf disk-image pcap crypto reverse
the type of an ordinary ransomware challs

a writeup of ara7ctf 2026 for/horseman

b b4r
February 7, 2026
4 min read

digital forensic reverse engineering ransomware ctf
LKS internal selection is very fun hahaha...

a complete write up of insanetemple for my beloved juniors

b b4r
January 30, 2026
3 min read

web exploitation ctf

See all posts →