Co-founder & Full-stack Engineer  •  Nov. 2019 – Present
CityChaser Studio

External Links

• Kyronus – Award Winners Interview by Bahamut Game Community
• Kyronus – Facebook fanpage
• Kyronus – Promotional Video

Web Development Intern  •  July 2019 – Aug. 2019
IT Department, FarEasTone Telecom

A leading telecommunications company in Taiwan, striving to close the gap between people to achieve the objective of “Closing the distance”. As the 5G era approaches, FET aims in Big Data, AI, IoT, and other digital applications, to not only bring people closer together in mind, also to reduce the gap between people and new technology.

Project – KPI Dashboard
Constructed web-based dashboard to produce detailed monthly KPI reports automatically.

Key tech: web UI library, database, object-relational mapping, PSD to HTML, secure transport protocol. 

• Used jQuery to built mobile UI adopting Responsive Web Design to work smoothly on both mobile and desktop devices.
• Built real-time dashboard chart with Apache ECharts and implemented periodically API requesting using JavaScript closure.
  
• Enabled HR to import KPI data from Microsoft Excel spreadsheets into Django model.
  
• Automatically generated monthly KPI reports using shell script and Linux crontab and thus decreased HR daily workload by 13%.
  
• Directed 3-person team and completed the project 2 weeks in advance with an additional 13-page documentation slashing job handover.
  
• Proposed AAA (Authentication, Authorization, and Accounting) secure transport protocol using Kerberos and Microsoft Active Directory.
  

Project – Fraud Call Detection
Trained ML model for fraud call detection.

Key tech: classifier, feature engineering, data pre-processing. 

• Utilized Recursive Feature Elimination (RFE) and bagged decision trees to trim number of features from 52 to 20 and successfully reduced training time by up to 20%.
  
• Applied weighted average ensemble (LightGBM, GradientBoosting, XGBoost, CatBoost, and RandomForest) to final prediction and thus improved precision rate by up to 10%.
  
• Built a multi-classifier with 94% precision to detect fraud call with FarEasTone Telecom's anonymous data.
  

Trainee  •  2021 TeamT5 Winter Security Camp

• Analyzed Kimsuky (carrying out ongoing cyber-espionage campaign against South Korean think-tanks) malicious DLL file and thus earned the qualification of 5-day cybersecurity camp.
  
• Joined 5-day intensive cybersecurity camp covering topics in Malware Analysis, Incident Response, Windows Reverse Engineering, and Vulnerability Research. 
  
• Learned Windows PE Inspection using pestudio, CFF Explorer, Detect it easy for static malware analysis.
  
• Analyzed spearing phishing email, fake documents through parsing OLE and OpenXML files to disclose encoded and threaten files or malicious code.
  
• Applied associative search by grep command on suspicious log events and inferred whole attack chain.
  
• Practiced attacking insecure firmware based on OpenWrt in several aspects, such as tracing filesystem through binwalk, brute-forcing password using wordlists based on Mirai botnet, XSS attacking, and so on.
  
• Final project: CVE 2019-5736 Container Security for Docker.
  

Trainee  •  2020 Qiskit Global Summer School

• Attended 3 weeks of lectures and programming labs on quantum physics, quantum algorithms, and quantum technology, including a final project.
  
• Learned basics of quantum computing and fundamental quantum computing algorithms such as Grover's search algorithm and Shor's factorization algorithm.
  
• Built and run simple quantum circuits on cloud quantum computers using IBM’s open-source quantum computing library Qiskit.
  
• Certified as Quantum Computing developer by accomplishing 8 assignments related to quantum computing algorithms, quantum error correction, and superconducting Qubits, etc.
  
• Final project: Estimating ground state energy of LiH molecule using VQE.
  

Trainee  •  2020 Advanced Information Security Summer School

• Ranked within the top 10% out of 612 participators in capture-the-flag and thus earned the qualification of 5-day training courses.
  
• Received 5-day training courses in ICS attack cases, Threat Hunting, fake news detection, SecDevOps, and red team exercise, etc.
  
• Exercised revealing hidden and often unintended relationships within Active Directory environment using BloodHoundAD.
  
• Executed permission escalation through PrintSpoofer and dumped security account manager (SAM) file to obtain LM and NTLM Hash by samdump2 and Creddump7
  
• Executed password spraying through smb protocol by crackmapexec and thus successfully retrieved specific intranet host's password.
  
• Final project: GPS spoofing and fake alert with arbitrary content in public warning level using USRP b210.
  

Question Commitee  •  Information Technology Software Academy (ITSA)

• HTTP Parser: to build simple GUI and parse HTTP response.
• Streaming Video with Web Worker: to build a grayscale standardization filter with web worker and apply on video streaming.
• Rate Limiter: to implement rate limiter in Token Bucket strategy and prevent DoS attacking.
• Promise Queue: to implement a promise queue in ECAMScript 6 Class and control execution order of promises.
• Reverse proxy in Node.js: to build simple reverse proxy as logger and record traffic flow in given format.
• Node.js Server with Load Balancing in Source IP Hash Policy: to implement simple Node.js server with load balancing using source IP Hash policy.