Yu-Hsiang Huang

Associate Technical Manager

Obtained MCP certification in server management, proficient in Microsoft operating system. Familiar with server operations such as AD, DNS, DHCP, and IIS.

--------------------

Proficient in system development using PHP/Laravel, Python, as well as other languages like VB.net, Rust, etc. The technologies used include but are not limited to:

[

console, Redis, relational database, multi-thread, multi-process, dependency injection, restful API, schedule, queue, broadcast, i18n, unit test, Selenium, mock, one-click installation.

]


Completed projects:

  1. Independently developed CMS for many companies.
  2. Used GitLab API and Docker SDK, and integrated Nessus and other security tools to develop an automated security assessment system.
  3. Independently developed a security automation framework for reproduction and revalidation.
  4. Independently weaponized the Python package <TFTPY> as a penetration testing tool.


Side projects & special achievements:

  1. Independently developed a program to receive the network traffic information using the SNMP protocol and visualize it graphically.
  2. Independently developed a hexagonal menu and a moving light bar using JavaScript and other technologies.
  3. Independently developed a multi-threaded websocket server using PHP & VB.Net.
  4. Independently developed malicious programs such as brute-force tools, vulnerability PoCs, webshells, packet manipulators, and used WinAPI to control the operating system.
  5. Independently used and modified the Python package <BooFuzz> to develpoed a fuzzer.
  6. Independently developed Nessus plugins.
  7. Independently developed the legal programs to save on cybersecurity software licenses, which can save tens of thousands to hundreds of thousands of New Taiwan Dollars per year, depending on the scale of usage.

--------------------

In the field of cybersecurity, I have obtained the ECSA certification and referred to OSWE study materials, considering myself to have a level of expertise above that of OSWE.


Completed projects:

  1. Participated in the handling of major cybersecurity incidents for government agencies.
  2. Completed numerous penetration testing tasks for many companies, identifying high, medium, and low-risk vulnerabilities, totaling hundreds of system vulnerabilities. Even obtained the RCE vulnerabilities in several commercial products.
  3. Assisted two employers in conducting security regulation-related tests, writing test cases, etc. For example, tests related to IEC 62443 SVV 1-4, such as compliance testing, mitigation plan testing, vulnerability scanning, fuzz testing, penetration testing, and various other tests.
  4. Assisted in manually reproducing and revalidating vulnerabilities, including fixing and developing PoCs.


Side projects & special achievements:

  1. Ranked 344th individually, and 153rd as a team in HTB within four months.
  2. Independently obtained over 40 CVEs, including some in well-known software. Some of the CVEs have been inquired about by an antivirus software company and other unspecified individuals.
  3. Disclosed vulnerabilities without requesting CVEs afterwards, totaling 5 or more.
  4. Undisclosed vulnerabilities total more than 16, including vulnerabilities in NETGEAR, Alcatel, Discuz! X3.4, RCE vulnerabilities in many schools, vulnerabilities in internal systems of many companies, vulnerabilities in many well-known shopping websites, and others.
  5. Participated in patching the security vulnerability in the open-source project phpMyAdmin.
  6. Independently created the p12 file to reproduce CVE-2022-0778 (the p12 file has been saved on GitHub and listed on cvexploits).
  7. Reported a vulnerability in ZyXEL products and received a letter of appreciation.
  8. Reported an information system vulnerability in Realtek and received a reward.
  9. Reported the vulnerability in a company's product serial number rules to prevent the company from suffering losses.

Zhongli District, Taoyuan City, Taiwan
[email protected]

https://github.com/HuangYuHsiangPhone

EDUCATION

Leader University

Master Degree of Computer Science & Information Engineering  •  2007 - 2009


SKILLS

  • Active Directory
  • IIS
  • PHP
  • Laravel
  • Python
  • Rust
  • jQuery
  • Vue
  • Penetration Testing
  • Kali
  • Metasploit
  • Burp Suite
  • Nessus
  • Acunetix

Languages

  • Chinese — native
  • English — basic

WORK & EXPERIENCE

Senior Engineer  •  <Hidden>

Mar. 2022 - Present  |  Taipei, Taiwan

  • Job responsibilities:
    1. Assisted PSIRT and Cybersecurity Testing Team in avoiding unnecessary or incorrect testing steps and collecting information related to vulnerability confirmation.
    2. Studied cybersecurity regulations, such as 62443-4-2, and wrote the test cases. Responsible for pretesting to ensure compliance with Korean cybersecurity regulations.
    3. Wrote the test cases for threat mitigation plans and executed the test cases.
    4. Developed Jira Automation.
    5. Independently modified and weaponized the Python package <TFTPY> as a PT tool.
    6. Used Python, Robot Framework, etc. to independently develop automated testing for reproducing vulnerabilities and mitigation plans.
      [
      setuptools, click, scapy, multi-process.
      Improving the situation of having to modify the automation program significantly when there's a change to web code.
      Packets detection, such as VRRP and ICMP.
      ]
    7. Used PHP, Bat files, and related APIs to independently develop cybersecurity automation systems that meet the needs of various departments.
      [
      console, Redis, relational database, dependency injection, restful api
      schedule, queue, broadcast, i18n, one-click installation
      ]
    8. Reproduced CVEs; some examples are listed below.
      [
      Independently created the p12 file to reproduce CVE-2022-0778 (the p12 file has been saved on GitHub and listed on cvexploits).
      Independently assisted PSIRT in clarifying the scope of impact of CVE-2021-3493 and tracing related Linux code.
  • Cybersecurity achievements:
    1. Independently conducted penetration testing on company's products, discovering several dozens of high-risk vulnerabilities. Some vulnerabilities were memory-related and expected to be applied together for several CVEs.
    2. Succeeded in bypassing the RD's patches many times.
    3. Independently developed the legal programs to save on cybersecurity software licenses, which can save tens of thousands to hundreds of thousands of New Taiwan Dollars per year, depending on the scale of usage.
    4. Reported the vulnerability in the company's product serial number rules to prevent the company from suffering losses.
  • Others:
    1. Independently developed Nessus plugins.
    2. Independently discovered several vulnerabilities on TestLink
      [
      CVE-2022-35196(8.8), etc.
      ]
    3. Independently discovered several vulnerabilities on Moxa MXsecurity
      [
      CVE-2023-41438(0.0), CVE-2023-41440(0.0), etc.
      ]

Associate Technical Manager  •  Bureau Veritas

Aug. 2021 - Feb. 2022  |  Taipei, Taiwan

  • Job responsibilities
    1. Studied cybersecurity regulations, , such as 303645, 62443-4-2, and wrote the test cases.
    2. Independently conducted vulnerability scanning.
    3. Independently conducted fuzz testing and developed specific protocol fuzzer.
    4. Independently conducted penetration testing.
  • Cybersecurity achievements
    1. Independently discovered many high, medium and low cybersecurity vulnerabilities, such as RCE, DoS, injection, in products of various industrial control device manufacturers.
  • Others
    1. Reported a vulnerability in ZyXEL products and received a letter of appreciation.

Staff Engineer / IoT Vulnerability Researcher  •  Panasonic

Apr. 2020 - Aug. 2021  |  Taipei, Taiwan

  • Job responsibilities
    1. Developed a CLI automation security testing system using Python.
      1. Used Docker SDK, GitLab API, etc.
      2. Corrected cross-platform program issues.
      3. Integrated security programs such as Nessus 8.
      4. Automated the setup of an IIS PHP web server using WinAPI.
      5. Decoupled the program.
      6. Unit Test, Code Coverage, Mock.
    2. Independently developed a web automated security testing system using Laravel.
      1. Used bootstrap + Vue + jQuery
      2. Restful API.
      3. Unit test, code coverage, mock, faker.
      4. Integrated the Python CLI program and provided real-time output. 
    3. Penetration testing for IoT devices and web.
  • Cybersecurity achievements
    1. Independently discovered the RCE vulnerability in commercial software developed by my current employer using Python and PHP.
    2. Independently discovered the RCE vulnerability in commercial software developed by another company within the group, using Node.js and C#.
  • Others
    1. Independently discovered high-risk vulnerabilities in the information systems of many listed semiconductor companies in Taiwan.
    2. Independently discovered high-risk vulnerabilities on Discuz! X3.4.
    3. Independently achieved the User privilege in the 130th place on HTB Proper(Win, Hard) on Mar. 23, 2021.
    4. Independently developed jQuery plugins.
    5. Independently developed a hexagonal menu and a moving light bar using JavaScript and other technologies.
    6. Independently discovered information leakage vulnerability in MS IE.
    7. Independently discovered several vulnerabilities on NETGEAR RAX80 and Alcatel I-040GW
      [
      CVE-2020-*****(0.0) x 2
      ]

Vulnerability Analysis Engineer  •  Next Bank

Dec. 2019 - Apr. 2020  |  Taipei, Taiwan

  • Job responsibilities
    1. Participated in Nexpose/Nessus vulnerability scanning automation PoC.
    2. Participated in Fortify source code scanning automation PoC.
    3. Participated in penetration testing.
  • Cybersecurity achievements
    1. Independently discovered several vulnerabilities on iTop
      [
      CVE-2020-12777(7.5),CVE-2020-12778(6.1)
      CVE-2020-12779(5.4),CVE-2020-12780(7.5)
      CVE-2020-12781(8.8)
      ]
  • Others
    1. Independently developed a multi-threaded websocket server using PHP & VB.Net.

Engineer  •  NCCST

Jun. 2018 - Nov. 2019  |  Taipei, Taiwan

  • Job responsibilities
    1. Performing penetration testing on the government information systems.
    2. Black-box and white-box testing.
    3. Reverse engineering of the .NET programs.
    4. Assisted government agencies in setting up the scenario for the 2019 Cyber Offensive and Defensive Exercise (CODE).
    5. Independently developed a report management system and a program for automatically fetching email attachments using Laravel.
  • Cybersecurity achievements
    1. Joined a government attack and defense exercise halfway through and ranked second among approximately 90 attackers as a newcomer. Discovered over 140 vulnerabilities and received corresponding rewards.
    2. Capable of manually bypassing a web application firewall (WAF) to achieve attacks that are difficult for tools to accomplish.
    3. Independently developed scanning and attack tools (such as CVE PoCs, scanners for specific vulnerabilities, PHP & ASPX webshells), using technologies including but not limited to curl, socket, multi-thread.
  • Others
    1. Ranked 344th individually, and 153rd as a team in HTB within four months.
    2. Participated in patching the security vulnerability in the open-source project phpMyAdmin.
    3. A total of at least 34 CVEs have been applied for. Only some are listed as follows:
      1. Independently discovered several vulnerabilities on GSS Tracko, Radar.
        [The request to revoke the CVE ID has been made.(0.0), etc.]
      2. Independently discovered several vulnerabilities on InfoDoc ODMS.
        [The request to revoke the CVE ID has been made.(9.8), etc.]
      3. Independently discovered several vulnerabilities on DrayTek Vigor2925.
        [CVE-2019-16533(6.1), etc.]
      4. Independently discovered several vulnerabilities on ESRI ArcGIS Enterprise.
        [CVE-2019-16193(5.4)]
      5. Independently discovered several vulnerabilities on Avaya Scopia Desktop.
        [CVE-2019-6998(6.4), etc.]
      6. Independently discovered several vulnerabilities on phpMyAdmin.
        [CVE-2019-6798(9.8), etc.]
      7. Independently discovered several vulnerabilities on MyWebSQL.
        [CVE-2019-7731(9.8), etc.]
      8. Independently discovered several vulnerabilities on DbNinja.
        [CVE-2019-7747(9.6), etc.]
      9. Independently discovered several vulnerabilities on webERP.
        [CVE-2018-19434(7.2), etc.]
      10. Independently discovered several vulnerabilities on KindEditor.
        [CVE-2018-18950(7.5), etc.]
      11. Independently discovered several vulnerabilities on PHP-Proxy.
        [CVE-2018-19784(7.5), etc.]

經理   •  合群樹脂實業有限公司

九月 2016 - 五月 2018  |  Taipei, Taiwan

  • 1.客戶開發
      既有客戶聯繫
      找尋新客戶

    2.產品開發製造
      既有規格產品製造
      客製規格產品開發

    3.進銷存管理
      庫存盤點
      進貨
      銷貨
      EXCEL VBA 成本計算等

    4.帳務處理
      應收帳款
      應付帳款
      開立支票等

    5.資訊系統處理
      PC故障維修
      系統實轉虛等

    6.部屬任務安排

    7.廠房修繕

資訊副工程師  •  森霸電力股份有限公司

二月 2012 - 八月 2016  |  Taipei, Taiwan

  • 工作內容:

    1. 程式設計
      PHPBB架設及修改,作為公司公告系統。
      PHP撰寫個人電腦資訊查詢系統,作為採購、報廢等依據。
      PHP撰寫公司表單查詢系統
      PHP撰寫破解AD帳密程序,驗證資安問題。
      PHP撰寫SNMP抓流量並圖形化程序,提供同仁參考網路狀況。
      VB.NET撰寫多執行緒掃網段串改封包程序,驗證資安問題。
      Excel VBA, 公式, 圖表,協助倉管盤點及計算備品價值。
      查看廠商撰寫之電廠系統程式碼(JSP),並成功發現無效存取控管弱點。
      其它

    2. 系統管理
      Windows Server 2003管理
      DNS
      DHCP
      AD(GPO、權限等設定、Login Script)
      Server問題排除
      機房硬體設備(NAS、CDP、RAID)
      其它

    3. 網路管理
      封包攔截分析
      VLAN
      MAC Filter
      Switch
      Router
      Routing Table
      其它

    4. 個人電腦故障排除
      Windows XP、Windows 7
      Office(Excel、Word、Outlook)
      Printer
      IE
      其它

    5. 案件發包
    6. 物品請購
    7. 倉管
    8. 總機系統管理
    9. 文書處理
    10. 門禁&監視器處理
    11. 其他主管交辦事項

專案經理  •  竹貓星球數位股份有限公司

九月 2011 - 一月 2012  |  Taipei, Taiwan

  • 1. 台積電專案系統開發,採用PHP + MySQL + MSSQL。

PHP程式設計師  •  知識科技股份有限公司

十二月 2009 - 五月 2011  |  Taipei, Taiwan

  • 新人獎 - 2011

    工作內容:
    1. jQuery
    2. PHP
    3. MySQL
    4. CI MVC Framework

    5. Windows Server 2003
    6. DNS
    7. IIS
    8. File Server
    9. SVN Server
    10. CA Server

    11. 客制化 PHP 程式設計
    12. Yahoo EWS API
    13. PayPal API
    14. facebook API
    15. Google API

    16. 安全漏洞檢測,成功發現多項漏洞,並提報給公司負責人
    17. 效能等其他問題檢測
Powered By
CakeResume