whoami

  • Alan Li ≡ alanlitw ≡ lebr0nli ≡ Nobody

pwd

  • /Users/NCU_CSIE

ls ~/favorites

  • web/
  • CTF/
  • Bug\ Bounty/
  • pwn/
  • programming/
  • rock’n’roll/

Bug Bounty

Company Vulnerability Type or Priority Reward Time
Quizlet Priority 2 Bounty 2022.02
Dcard IDOR Bounty and Hall of Fame 2021.11
Quizlet Priority 3 Bounty 2021.09
Quizlet Priority 3 Bounty 2021.08
Dcard Open Redirect Bounty and Hall of Fame 2021.07
Dcard Open Redirect Bounty and Hall of Fame 2020.09
Dcard IDOR Bounty and Hall of Fame 2020.08
Dcard IDOR Bounty and Hall of Fame 2020.08

Some links:

Quizlet Bug Bounty Program https://quizlet.com/security

Dcard Bug Bounty Hall of Fame Page https://dcard.tw/hacker

My Bugcrowd profile https://bugcrowd.com/alanlitw

My Intigriti profile https://app.intigriti.com/profile/alanlitw

CTF (Capture the Flag)

Contest Participated as Rank Time Location
Google Capture The Flag Final Stage (Hackceler8) Water Paddler (team) Group B 3rd 2022.09 London, UK
Google Capture The Flag Qualification Water Paddler (team) 5th 2022.07 online
ångstromCTF Water Paddler (team) 3rd 2022.05 online
Asian Cyber Security Challenge Qualification lebr0nli (solo) 56th (Taiwan 6th) 2021.09 online
AIS3 Pre-Exam e^iπ+1day (solo) 6th 2021.05 online

I also participated in more than 40+ CTFs on CTFtime.org since early 2021 with my one-man CTF team, e^iπ+1day

From May 2022, I joined Water Paddler and started to play CTF with them.

My CVE

CVE ID Description CVSS Score Refs
CVE-2021-41945 Improper Input Validation in httpx 6.4 [1] [2]

Last modified at: 2022.05.10

Side Project

Collaborative Project

  • pwndbg
    • Exploit Development and Reverse Engineering with GDB Made Easy
    • Python
    • My commits
  • Hackbar
    • A browser extension for Penetration Testing
    • Javascript
    • My commits