About me
whoami
- Alan Li ≡ alanlitw ≡ lebr0nli ≡ a nobody
pwd
- /Users/NYCU
ls ~/favorites
- web/
- pwn/
- breaking\ sandbox/
- CTF/
- Bug\ Bounty/
- programming/
- rock’n’roll/
Work Experience
- Researcher Intern @ DEVCORE
- Find and report 0-day vulnerabilities in various applications (mostly web applications)
- September 2023 - July 2024
Vulnerability Reports
| Company / Product | Vulnerability Type | Time |
|---|---|---|
| QNAP - Video Station | OS Command Injection (CVE-2023-47563) | 2024.09 |
| QNAP - QuFirewall | Path Traversal (CVE-2023-41290, CVE-2023-41291) | 2024.04 |
| QNAP - Photo Station | OS Command Injection (CVE-2023-47562) | 2024.02 |
| QNAP - Photo Station | Cross-site Scripting (CVE-2023-47561) | 2024.02 |
| QNAP - QuMagie | OS Command Injection (CVE-2023-47560) | 2024.01 |
| QNAP - QuMagie | Cross-site Scripting (CVE-2023-47559) | 2024.01 |
| QNAP - QcalAgent | OS Command Injection (CVE-2023-41289) | 2024.01 |
| Quizlet | REDACTED (Priority 2 on Bugcrowd) | 2022.02 |
| Dcard | Insecure Direct Object References | 2021.11 |
| Quizlet | REDACTED (Priority 3 on Bugcrowd) | 2021.09 |
| Quizlet | REDACTED (Priority 3 on Bugcrowd) | 2021.08 |
| Dcard | Open Redirect | 2021.07 |
| Dcard | Open Redirect | 2020.09 |
| Dcard | Insecure Direct Object References | 2020.08 |
| Dcard | Insecure Direct Object References | 2020.08 |
CTF (Capture the Flag)
| Name | Participated as | Rank | Time | Location |
|---|---|---|---|---|
| Asian Cyber Security Challenge | lebr0nli (individual) | 12th (Taiwan 2nd) | 2024.04 | remote |
| AIS3 EOF Final | YAATN ain’t a team name (team) | 1st | 2024.02 | New Taipei, TW |
| AIS3 EOF Quals | lebr0nli (individual) | 2nd | 2024.01 | remote |
| HITCON CTF Final | Blue Water (team) | 9th | 2023.11 | Taipei, TW |
| Balsn CTF | ${CyStick} (team) | 3rd | 2023.11 | remote |
| SECCON CTF Quals | ${CyStick} (team) | 2nd | 2023.09 | remote |
| HITCON CTF Quals | Blue Water (team) | 1st | 2023.09 | remote |
| Asian Cyber Security Challenge | lebr0nli (individual) | 35th (Taiwan 6th) | 2023.02 | remote |
| HITCON CTF | Water Paddler (team) | 11th | 2022.11 | remote |
| Google Capture The Flag Final Stage (Hackceler8) | Water Paddler (team) | Group B 3rd | 2022.09 | London, UK |
| Google Capture The Flag Qualification | Water Paddler (team) | 5th | 2022.07 | remote |
| ångstromCTF | Water Paddler (team) | 3rd | 2022.05 | remote |
| Asian Cyber Security Challenge | lebr0nli (individual) | 56th (Taiwan 6th) | 2021.09 | remote |
| AIS3 Pre-Exam | e^iπ+1day (individual) | 6th | 2021.05 | remote |
I participated in more than 50+ CTFs on CTFtime.org since early 2021 with my one-man CTF team, e^iπ+1day
From May 2022, I joined Water Paddler.
From August 2023, I also joined ${CyStick}.
I usually post my write-ups on this blog, but sometimes I’m too lazy to write them down so I just post my solve scripts on my GitHub Gist :p
Side Project
- GEP (GDB Enhanced Prompt)
- Enhance your GDB with fzf history search, fish-like autosuggestions, tab auto-completion with fzf, and more!
- Python
- GDB plug-in
- PHPFun
- PHP obfuscator
- Python CLI
- Simple Web Interface with Brython
- CTF tool