==== Resume (CV) Birthyear: 1999 Nickname: Ziva / Zefa Name: Azhar Basyiri Hartono A.K.A: Zefanya Ivanka Abraham Mail (General): contact@iyu.my.id Telegram (Business): @indoneziva ==== Education: Senior High School , 2017 Origin Of Institute: SMAN 12 Bekasi Major: Natural Science Junior High School, 2014 Origin Of Institute: SMPN 38 Bekasi Major: General Elementary School, 2011 Origin Of Institute: SDN Harapan Baru 5 Bekasi Major: General ==== Skill: Simple Household Doing basic household chores (Sweeping, Mopping) & Observer of social and political issues independently (Limited Scale) Computer & Information System Basic use of operating systems (Linux, Windows, iOS, Android, Symbian, BlackBerry) & Cyber Security Analyst ==== Experience: Apple - Security Researcher, 2022 A security hole in the default photo application which can restore a deleted old iCloud photos by adding as many photos as possible from the third party or default file application and send it to the default photo application Twitter - Security Researcher, 2022 Successfully made the system unable to reset the password of the account due to an ostensibly false reading so that identity information could not be synchronized with each other Telegram - Security Researcher, 2022 Can successfully enter the group even if the admin or moderator has banned Smartfren - Security Researcher, 2022 I provide criticism and suggestions on security issues and other important things on the SFShop service to make it more secure and comfortable for all users who use the service Twitter - Security Researcher, 2022 Found a security vulnerability that malicious links were inserted by hackers using multiple robotic accounts distributed into videos that would attract users to watch them (Links in the form of videos that can be played like user uploads in general), redirect users automatically to malicious websites that have the potential to harm users, further investigation found that the hacker's domain was from Russia & China and the link managed to trick the virus detection check so it didn't look dangerous, the hacker's technique used skipping the link several times before arriving at the actual malicious website's destination Bukalapak - Security Researcher, 2022 The description of the security hole is kept secret (Only for internal parties from Bukalapak ; the vulnerability has been reported through BukaBounty) for user safety Update From Bukalapak: Hi, Thank you for your report. After going through the verification process, we categorize your findings as invalid (Out of scope). Social Engineering is a report that is not included in our bug bounty scope. Therefore, according to the rules of BukaBounty, you are not yet entitled to receive rewards. Thank you for participating in BukaBounty! Regards, NPT [Initial Name] (Cyber Incident Responder) Update From Me (Response): This security vulnerability is the same as in Shopee Indonesia (No Click / Zero Click) without the user having to do anything but this security hole is still kept secret by me for the safety of other users even though it is categorized as Social Engineering by Bukalapak Tasya ID Media Security - Researcher, 2021 Bug (25-12-2021): I as the former owner of Tasya ID Media found a zero day attack that can't be fixed, this finding was found by me while visiting the interstitial page of Tasya ID Media which forced downloads, the visit was made with an Apple device and has not been found on an Android device or Computer, Tasya ID Media does not provide download files in any form and does not force users to take download actions, the source code of the website from Tasya ID Media does not provide source code malicious and all source code is publicly available Fixed (28-12-2021): This issue was resolved by a third-party independent researcher; Errors on WebKit when experiencing heavy activity by running a series of activities on the browser by opening tabs a lot or quickly or closing tabs and immediately opening certain static web-based websites will result in triggering downloads accidentally, the solution is to periodically delete cookies and cache and if wanting to turn off JavaScript is recommended for visitors when visiting static websites, this bug is harmless but users should still be careful not to click download if a pop up appears on the first visit because the integrity of the website is questionable whether it is original or compromised by malicious source code from hacker Facebook - Security Researcher, 2021 Found that one mobile number can be used on two or more accounts Bypass face verification by using a solid white color photo Twitter - Security Researcher, 2021 Found out that there was data theft from accounts run by robots by distributing fake quiz forms with prizes (For doxing targeted user data) Found many unverified accounts (phone numbers and e-mails) to spread mentions or DMs used to track targeted users (Journalist, Activist, Opposition, Politician) OVO Indonesia - Security Researcher, 2021 Found an application security vulnerability on Apple devices that can bypass the the user's PIN so that it can enter the application (Physical access to the device is required) Indonesia Stock Exchange - Investor, 2021 Learn about stocks and company performance Become a small investor and return big losses Telkomsel - Security Researcher, 2020 Found a security hole that the card that has been unregistered can still be used and runs smoothly like a normal registered card 3 Indonesia - Security Researcher, 2020 Found a loophole that registration data can be changed remotely without the user's knowledge so the real user loses access to the card Kopega PLN Sektor Priok - Industrial Cleaner, 2020 Outdoor cleaning (Bunker, Street, Park, Seaside) Indoor cleaning (Office, Control Room) Cimigo Indonesia - Product Research, 2020 Assess the feasibility of the product before it is marketed to the public Keep the secret of product that will be issued by the company Street - Tramp, 2020 Become a beggar on the street Observing and living the social life of the lower class with love Tasya ID Media - Owner, 2019-2021 Learn to manage my own media self-taught Interact with people and international media on a non-profit basis Television Stations - Paid Audience, 2019-2020 Enliven the event that is being broadcast either live or postponed Maintain order in the atmosphere of indoors and outdoors InfinityFree - Forum Volunteer Support, 2019 Ask and answer about hosting and websites problems to other users Providing users with tips and tricks about hosting and websites Media Monitoring - Club Writer, 2019 Learn to write as a content creator Writers who write about any topic of interest Telkomsel - Security Researcher, 2018 Finding security holes that other users can carry MITM (Man In The Middle) attacks so that they can carry out unauthorized transactions without the knowledge and confirmation of the real user IPPO Fried Chicken - Sales Officer, 2018 Make fried chicken & put it in the display case Take orders & serve customers who want to buy Secret Recipe Indonesia - Restaurant Crew, 2018 Baking cakes in a microwave oven Serving customers who want to buy Asian Games 2018 (Test Event) - Volunteer, 2017 Providing for the needs of athletes Maintaining the cleanliness of the sports arena Maintain security so that the event runs smoothly CAFE V - Waiter, 2017 Setting the table & cleaning dirty tableware Take customer orders & deliver to the cook Street - Scavenger, 2017 Looking for a offline job by job fair Picking up trash on the street to resell FB, IG, Twitter - White Hat Hacker, 2017 I got into all the old social media belonging to my middle school girl friend by hacking it and I already told her and apologize directly Ministry of Education & Culture - Security Researcher, 2017 I found a security loophole that using repeated answers can log all users out on one server and can slow down exam time Exam browser can be minimized in a certain way so that users can cheat in exams without worrying about exiting the system