Tung Pun – Medium

Home

Following

Library

Reading history

Stories

Stats

Tung Pun

The better practice to harden the security rule for CI workflows on GitHub repository

Pain points with common setup

Dec 26, 2024

The better practice to harden the security rule for CI workflows on GitHub repository

Dec 26, 2024

Thoughts on the Security Aspects of GitHub Actions

A few days ago, while reading a document about GitHub actions, I found a bug class that was present in my repositories. I think this is a…

Mar 27, 2024

Thoughts on the Security Aspects of GitHub Actions

Mar 27, 2024

The good, the bad and the techical debt

~It’s just my random thought!

Aug 1, 2021

Aug 1, 2021

Client, not client!

This blog describes one of my findings on a private program. The attack vector is simple, short and elegant (at least for me).

Sep 15, 2019

Client, not client!

Sep 15, 2019

How I found my very first CVE

I am here today to share about a finding in Node.js third-party modules program on HackerOne, which brought me my very first CVE…

Jul 6, 2018

Jul 6, 2018

Analysis a malware spreading via Facebook Messenger

Recently, there is a propagation of a miner malware in our community via Facebook Messenger. Luckily, I have found a sample on the…

Dec 22, 2017

Analysis a malware spreading via Facebook Messenger

Dec 22, 2017

From SSRF to Local File Disclosure

This blog is written about a bug (I believe), that was found on my last weekend. It located on a website from a private program X on…

Nov 8, 2017

From SSRF to Local File Disclosure

Nov 8, 2017

How I built a lightweight MITM-based web-app fuzzer

Since a year ago, I’ve spent most of my working time on doing blackbox pen-test websites, and there I felt too lazy to have a look at every…

Oct 21, 2017

How I built a lightweight MITM-based web-app fuzzer

Oct 21, 2017

Tung Pun

Tung Pun

Hey 👋I’m Tung Pun. Sometimes I share my interesting findings and thought. If you like them, please consider buying me a coffee https://buymeacoffee.com/tungpun

Following

Help
Status
About
Careers
Press
Blog
Privacy
Rules
Terms
Text to speech