https://ngothienan.github.io/ Recent content on ancorn_ | Ngô Thiên An https://pbs.twimg.com/profile_images/1634910718846963717/RJTIDn4s_400x400.jpg https://pbs.twimg.com/profile_images/1634910718846963717/RJTIDn4s_400x400.jpg Hugo -- 0.156.0 en Thu, 05 Mar 2026 00:24:25 +0700 https://ngothienan.github.io/posts/ai-driven-code-analysis---the-future-of-whitebox-security-testing/ Thu, 05 Mar 2026 00:24:25 +0700 https://ngothienan.github.io/posts/ai-driven-code-analysis---the-future-of-whitebox-security-testing/ <h2 id="icymi-in-case-you-missed-it">ICYMI (In Case You Missed It)</h2> <p>Let&rsquo;s be real—whitebox pentesting involves <em>a lot</em> of tedious, repetitive steps. From reading and wrapping your head around the context, digging through the logic, hunting for bugs, exploiting them, to the absolute drag of writing reports&hellip; it&rsquo;s a grind. But guess what? AI can now totally carry us through almost all of these phases! In this post, I&rsquo;m going to flex <strong>Antigravity</strong> along with its full arsenal of skills and rules to pull off a buttery smooth whitebox pentest.</p> https://ngothienan.github.io/posts/poc--cve-2024-24842---unauthenticated-php-object-injection-in-plugin-knowledge-base/ Mon, 19 Feb 2024 21:24:25 +0700 https://ngothienan.github.io/posts/poc--cve-2024-24842---unauthenticated-php-object-injection-in-plugin-knowledge-base/ <p><a href="https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/echo-knowledge-base/knowledge-base-for-documentation-faqs-with-ai-assistance-11302-unauthenticated-php-object-injection-in-is-article-recently-viewed">Knowledge Base for Documentation, FAQs with AI Assistance plugin - Unauthenticated PHP Object Injection</a></p> <h2 id="-table-of-content">✋ Table of content</h2> <ol> <li>About Knowledge Base for Documentation, FAQs with AI Assistance plugin</li> <li>The security vulnerability</li> <li>The patch</li> <li>Conclusion</li> </ol> <p>This blog post is about the <strong>Knowledge Base for Documentation, FAQs with AI Assistance</strong> plugin vulnerability. If you&rsquo;re using this plugin, please update the plugin to at least version <strong>11.31.0</strong>.</p> <h2 id="about-knowledge-base-for-documentation-faqs-with-ai-assistance-plugin">About Knowledge Base for Documentation, FAQs with AI Assistance plugin</h2> <p>The plugin <strong>Knowledge Base for Documentation, FAQs with AI Assistance</strong> (versions 11.30.2 and below), which is estimated to have over 10,000 active installations.</p> https://ngothienan.github.io/posts/poc-cve-2020-7769---command-injection-in-nodemailer/ Sun, 03 Sep 2023 21:24:25 +0700 https://ngothienan.github.io/posts/poc-cve-2020-7769---command-injection-in-nodemailer/ <h2 id="introduction">Introduction</h2> <p><a href="https://security.snyk.io/vuln/SNYK-JS-NODEMAILER-1038834">Command Injection in nodemailer</a></p> <p>Someday, i read some product code and found out that application using nodemailer to send email. After spending some second to audit <strong>package-lock</strong> file, i saw it had this CVE.</p> <p>But i read that details and their POC, i still not understand what they want to deliver.</p> <p>Found their commit to fix their bug and already know where the bug from <a href="https://github.com/nodemailer/nodemailer/commit/ba31c64c910d884579875c52d57ac45acc47aa54">https://github.com/nodemailer/nodemailer/commit/ba31c64c910d884579875c52d57ac45acc47aa54</a></p> <p>It comes from <strong>send</strong> function, with arbitrary command flag injection in <strong>sendmail</strong> transport. <img loading="lazy" src="https://ngothienan.github.io/CVE-2020-7769/1.png"></p> https://ngothienan.github.io/about/ Mon, 01 Jan 0001 00:00:00 +0000 https://ngothienan.github.io/about/ <h1 id="hey-im-ngô-thiên-an-or-you-can-call-me-ancorn_-">Hey, I’m Ngô Thiên An or you can call me ancorn_ 👋</h1> <p>OSWE-certified <strong>Penetration Testing Expert</strong>, <strong>Security Researcher</strong>, and Bug Bounty Hunter chilling in Da Nang, Vietnam.</p> <blockquote> <p>&ldquo;In breaking things, we learn how they work.&rdquo; — my mindset in the wild world of cyber</p> </blockquote> <hr> <h3 id="what-i-do">What I Do</h3> <ul> <li><strong>Penetration Tester</strong> @ VNPT-VCI</li> <li><strong>Security Researcher</strong> @ Synack Red Team</li> <li><strong>Software Engineer</strong> @ Chative</li> </ul> <h3 id="certs--badges">Certs &amp; Badges</h3> <ul> <li><strong><a href="https://credentials.offsec.com/48359340-2060-40ef-9153-e08f66868dc2">OffSec Web Expert (OSWE)</a></strong></li> <li><strong><a href="https://www.coursera.org/account/accomplishments/specialization/certificate/UXG4DSQXMFBD">Google Project Management</a></strong></li> </ul> <h3 id="wins--brags">Wins &amp; Brags</h3> <ul> <li><em><a href="https://acropolis.synack.com/inductees/ancorn_">Synack - Acropolis</a></em></li> <li><em><a href="https://support.apple.com/en-vn/122162">Apple - Hall Of Fame</a></em></li> <li><em><a href="https://patchstack.com/database/leaderboard/all">Patchstack - Wordpress Bug Bounty Program</a></em></li> <li><em><a href="https://www.wordfence.com/threat-intel/vulnerabilities/researchers/ngo-thien-an-ancorn">Wordfence - Wordpress Bug Bounty Program</a></em></li> </ul> <h3 id="my-cves">My CVEs:</h3> <ul> <li><em><a href="https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-simple-registration/simple-registration-for-woocommerce-156-unauthenticated-privilege-escalation">CVE-2024-32511 (9.8)</a></em></li> <li><em><a href="https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/echo-knowledge-base/knowledge-base-for-documentation-faqs-with-ai-assistance-11302-unauthenticated-php-object-injection-in-is-article-recently-viewed">CVE-2024-24842 (9.8)</a></em></li> <li><em><a href="https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/s2member/s2member-240315-limited-privilege-escalation">CVE-2024-31237 (9.1)</a></em></li> <li><em><a href="https://www.wordfence.com/threat-intel/vulnerabilities/researchers/ngo-thien-an-ancorn?sortby=cvss_score&amp;sort=desc#jump">240 CVE+</a></em></li> </ul> <h3 id="news--posts">News &amp; Posts</h3> <ul> <li><em><a href="https://www.facebook.com/vnptcyberimmunity/posts/pfbid02G2TLGAMouTZ9D6b79g8KEzmyr5iEPDos4zJBXbykSt73NFchUT1HBwCg65grBgYol">VNPT - Nói về Ngô Thiên An</a></em></li> <li><em><a href="https://daihoc.fpt.edu.vn/chua-phan-loai/nam-sinh-dh-fpt-kiem-vai-nghin-usd-moi-thang-tu-nhung-cuoc-san-lo-hong-bao-mat/">FPT University - Nam sinh ĐH FPT kiếm vài nghìn USD mỗi tháng từ những “cuộc săn” lỗ hổng bảo mật</a></em></li> <li><em><a href="https://cafef.vn/nam-sinh-dh-fpt-kiem-vai-nghin-usd-moi-thang-tu-nhung-cuoc-san-lo-hong-bao-mat-188240527201839792.chn">CafeF - Nam sinh ĐH FPT kiếm vài nghìn USD mỗi tháng từ những “cuộc săn” lỗ hổng bảo mật</a></em></li> <li><em><a href="https://www.facebook.com/Theanh28/posts/%C4%91%C3%A2y-l%C3%A0-ng%C3%B4-thi%C3%AAn-an-ng%C6%B0%E1%BB%9Di-sau-khi-%C4%91%C6%B0%E1%BB%A3c-wordfence-c%E1%BA%A5p-m%C3%A3-cve-2023-4308-%E1%BB%9F-c%E1%BA%A5p%C4%91%E1%BB%99-hi/769192032062568/">TheAnh28 - Ngô Thiên An</a></em></li> <li><em><a href="https://chative.io/blog/release-1-3-2-inbox-improvements-and-better-app-security/">Chative - Better App Security</a></em></li> <li><em><a href="https://chative.io/blog/release-1-6-take-control-with-custom-permissions/">Chative - App Security</a></em></li> </ul> <h3 id="my-hobbies">My hobbies:</h3> <ul> <li>📈 Exploring Economics, Financial Markets, and Real Estate.</li> <li>🈯 Learning basic Chinese.</li> <li>🍈 Enjoying Durian (the ultimate fruit!).</li> <li>🤖 Tinkering with AI agents and LLMs.</li> </ul> <hr> <p>I learn by <strong>finding problems and breaking them</strong> — that’s why I love cybersecurity. This blog? My playground for <strong>pentest tips</strong>, <strong>bug bounty stories</strong>, and random cyber rants.</p>