About me
whoami
- Alan Li ≡ alanlitw ≡ lebr0nli ≡ a nobody
pwd
- /Users/NCU_CSIE
ls ~/favorites
- web/
- CTF/
- Bug\ Bounty/
- pwn/
- programming/
- rock’n’roll/
Bug Bounty / CVE
| Company / Product | Vulnerability Type | Time |
|---|---|---|
| QNAP - Photo Station | OS Command Injection (CVE-2023-47562) | 2024.02 |
| QNAP - Photo Station | Cross-site Scripting (CVE-2023-47561) | 2024.02 |
| QNAP - QuMagie | OS Command Injection (CVE-2023-47560) | 2024.01 |
| QNAP - QuMagie | Cross-site Scripting (CVE-2023-47559) | 2024.01 |
| QNAP - QcalAgent | OS Command Injection (CVE-2023-41289) | 2024.01 |
| Quizlet | REDACTED (Priority 2) | 2022.02 |
| Dcard | Insecure Direct Object References | 2021.11 |
| Quizlet | REDACTED (Priority 3) | 2021.09 |
| Quizlet | REDACTED (Priority 3) | 2021.08 |
| Dcard | Open Redirect | 2021.07 |
| Dcard | Open Redirect | 2020.09 |
| Dcard | Insecure Direct Object References | 2020.08 |
| Dcard | Insecure Direct Object References | 2020.08 |
CTF (Capture the Flag)
| Name | Participated as | Rank | Time | Location |
|---|---|---|---|---|
| AIS3 EOF Final | YAATN ain’t a team name (team) | 1st | 2024.02 | New Taipei, TW |
| AIS3 EOF Quals | lebr0nli (solo) | 2nd | 2024.01 | remote |
| HITCON CTF Final | Blue Water (team) | 9th | 2023.11 | Taipei, TW |
| Balsn CTF | ${CyStick} (team) | 3rd | 2023.11 | remote |
| SECCON CTF Quals | ${CyStick} (team) | 2nd | 2023.09 | remote |
| HITCON CTF Quals | Blue Water (team) | 1st | 2023.09 | remote |
| Asian Cyber Security Challenge | lebr0nli (solo) | 35th (Taiwan 6th) | 2023.02 | remote |
| HITCON CTF | Water Paddler (team) | 11th | 2022.11 | remote |
| Google Capture The Flag Final Stage (Hackceler8) | Water Paddler (team) | Group B 3rd | 2022.09 | London, UK |
| Google Capture The Flag Qualification | Water Paddler (team) | 5th | 2022.07 | remote |
| ångstromCTF | Water Paddler (team) | 3rd | 2022.05 | remote |
| Asian Cyber Security Challenge | lebr0nli (solo) | 56th (Taiwan 6th) | 2021.09 | remote |
| AIS3 Pre-Exam | e^iπ+1day (solo) | 6th | 2021.05 | remote |
I participated in more than 50+ CTFs on CTFtime.org since early 2021 with my one-man CTF team, e^iπ+1day
From May 2022, I joined Water Paddler.
From August 2023, I also joined ${CyStick}.
Side Project
- GEP (GDB Enhanced Prompt)
- Python
- GDB plug-in
- fzf history search, fish-like autosuggestions, auto-completion with floating window, partial string matching in history, and more!
- Bookroll PDF Downloader
- JavaScript
- Chrome Extension
- A tool for NCU students
- NCU eeclass ppt to pdf downloader
- JavaScript
- Chrome Extension
- A tool for NCU students
- PHPFun
- Python CLI
- Simple Web Interface with Brython
- PHP obfuscator
- CTF tool
- Mo-PTT iOS App Adblocker
- Logos + Objective-C
- Adblock
- iOS jailbreak tweak
- iOS reverse engineering
- AES-256 File Encrypt/Decrypt Library written in MASM
- x86 Assembly
- Term project of the Assembly Language and System Programming course