Saturday, January 3, 2015

Posted by Paulos Yibelo
2 comments | 10:45 AM

Sometimes you look back at your life and say, "I am doing the best I can". and sometimes, you just know you screwed up while you are being screwed (up!)... probably caught STD! 2014 wasn't a year of STD‬'s. Infact, in 2014, I change my lifestyle, done some crappy things, and some great things. like stopped hacking for hire and work in a responsible manner, write meme's and ofcorce improve, the obvious, your favorite, my sense of humor.

This year was the year I really walked into a change to my-self. I am not a self-organized kind of guy, so I don’t have a schedule and staff. But I am hoping to change that (slightly), for the upcoming year.
I would never had pursued security if I didn’t find my first and excited bug on Facebook this July (which paid well) by luck. Then, I decide to create a blog, continue learning, share, eat, sleep, s***, go to class, live(), repeat. (*cough cough*)

Hall Of Fame & Acknowledgments

Hall of Fame count: 11

Since my first XSS from Facebook, I mainly focused on exploiting Facebook again but also tried to maintain a real white-hate hacker relation with the internet by finding and reporting bugs in a responsible manner and not harming them. So, found, reported and help fix the issues white-hat style (takes patience) and get acknowledgements from multiple major companies, including:

                Facebook ( Bounties & HOF ), SoundCloud ( Swag & HOF ) , AVG (Certificate & Swag ), FreshDesk ( Swag ) , Stripe ( Swag ), ShareLatex ( HOF ), AT&T ( HOF ), PinoyHackNews ( HOF ), FoxyCart ( Goodies and HOF ), LinkedIn ( Goodies and Shirt ) Microsoft ( HOF )…

Bonus Inspiration - “Standing in the hall of fame, and the world is gonna know your name, cause you burn with the brightest flame


Blog count: 35 posts in 6 months.

 Started a blog at (this one) at August 2014
 Shared random findings & theories since

Stop Selling Exploits

I am not going to lie to you; I used to sell 0days for about 2 month at sites like 1337day using anonymous account. But seeing I was actually helping people break things and after learning there is an alternative way called bounty hunting, I completely left exploit-writing.

Advance JavaScript skill

JavaScript, as a web pentester is an essential tool into finding bugs, understanding and automating processes. However, my skill with JavaScript was considered a basic knowledge so I practiced Object Oriented JS for 2 days.


CVE Count: 9

Every white-hat hacker must have at least 1 CVE right? Well, now I have 9, hehe. Reported some modem, cms and app flaws that mainly focused on ZTE modems. which somewhat makes me a responsible person, which I am. (not a joke)
Here I am, this is me…” I forget the song title to search for its lyrics, but (hopefully) you get the idea.


  1. The last song is a stallion song. it is "Bryan Adams - Here I Am" - wise choice. ;-)

    1. Haha, yes. Thanks!