CakeResume
CakeResume Logo
Log In
Sign Up
Build your Network
My Network
Access your personal network connections and manage your contacts.
CakeResume Meet
Expand your professional network by meeting and connecting with other users.
Community
Engage with other users through discussions, forums, and networking events.
Log In
Sign Up

CakeResume Talent Search

Advanced filters
On
Ready to interview
Open to opportunities
Not open to opportunities
Taiwan
Taipei City, Taiwan
台灣
Taipei, Taiwan
New Taipei City, Taiwan
台北市, 台灣
Indonesia
United States
India
Jakarta, Indonesia
Taichung City, Taiwan
新北市, 台灣
Pakistan
Taoyuan City, Taiwan
भारत
Canada
United Kingdom
桃園市, 台灣
East Java, Indonesia
Jawa Timur, Indonesia
IT
Management / Business
Design
Marketing / Advertising
Media / Communication
Game Production
Bio, Medical
Customer Service
Education
Engineering
HR
Sales
Tech
Distribution
Advertising / Marketing / Agency
Banking / Insurance / Finance
Culture / Media / Entertainment
Consultant / Audit
Design / Art
Hotel / Tourism / Leisure
Corporate services
Education / Training / Recruitment
Fashion / Luxury / Beauty / Lifestyle
Food and Beverage
Health / Social / Environment
Industry
Mobility / Transport
Non-profit / Association
Public administration
Real estate
Less than 1 year
1-2 years
2-4 years
4-6 years
6-10 years
10-15 years
More than 15 years
AI Smart Matching
On
Aletheia University
National Taipei University of Technology
國立台北科技大學
國立臺北科技大學
真理大學
Fu Jen Catholic University
National Taiwan University of Science and Technology
Tamkang University
Yuan Ze University
元智大學
國立台灣科技大學
國立臺灣科技大學
淡江大學
輔仁大學
National Cheng Kung University
國立成功大學
Chaoyang University of Technology
Chung Hua University
Chung Yuan Christian University
Feng Chia University
National Chengchi University
National Sun Yat-sen University
National Tsing Hua University
Takming University of Science and Technology
中原大學
中華大學
國立中山大學
國立政治大學
國立清華大學
嶺東科技大學
Taiwan
台灣
Taipei City, Taiwan
台北市, 台灣
Indonesia
United States
New Taipei City, Taiwan
Jakarta, Indonesia
新北市, 台灣
India
Taipei, Taiwan
Canada
Japan
Taichung City, Taiwan
Taoyuan City, Taiwan
United Kingdom
भारत
桃園市, 台灣
Great Britain
Hsinchu County, Taiwan
Full-time
Part-time
JavaScript
Git
MySQL
docker
React.js
Vue.js
PHP
HTML5
photoshop
HTML/CSS
No
Yes
1-5 people
5-10 people
10-15 people
15+ people
Within one month
Within two months
Within three months
Within six months
Within one year
More than one year
Front-End / Back-End / Full Stack Web Developer
Software Engineer
前端工程師
前端工程師 Front-End Developer
Product Manager
Backend Developer
軟體工程師
Backend developer/Full-stack developer
Full Stack Developer
Manager
Bachelor of Arts (BA)
Bachelor of Business Administration (BBA)
Bachelor of Science (BS)
Bachelor’s Degree
Engineer’s Degree
Master of Business Administration (MBA)
Master of Science (MS)
Master’s Degree
Non-Degree Program (e.g. Coursera certificate)
Other
High school
Bachelor
Master
2019
2018
2017
2016
2015
2014
2013
2012
2011
2008
Current company
Off
Select all
Freelance
KKBOX
Self-employed
華奧科技有限公司
91APP
A Sun Photonics Co., LTD.,
ACT World TV
Albaraka
Bureau Veritas
FunPodium 奕兆有限公司
Interested in working remotely
Not interested in working remotely
Remote Only
Full-time freelancer
Part-time freelancer
Non-freelancer
English - Intermediate
Chinese - Native or Bilingual
English - Fluent
English - Professional
English - Beginner
English - Native or Bilingual
Indonesian - Native or Bilingual
Japanese - Beginner
Spanish - Beginner
Chinese - Fluent
English
Chinese
Indonesian
French
German
Malay
Russian
Spanish
Vietnamese
4-6 years
6-10 years
10-15 years
More than 15 years
  • Exclude read results
  • Show all experiences
Avatar of Yuchun Lai.
Avatar of Yuchun Lai.
Yuchun Lai
CakeResume Premium Badge
Past
Frontend Engineering Manager, Data Science @Vpon Big Data Group
2022 ~ 2023
Frontend Engineer, Full Stack Engineer
Within one month
and vector tiles to accurately present geographical data of millions of travelers online. 3. Developed a React UI Library with tree select, virtual table, and data chart components for large-scale data presentation. 4. Used Google Apps Script and Google Sheets to quickly set up i18n CMS, sharing backend workload and accelerating product development. Sr. Software Engineer, AdTech • Vpon Big Data Group AprilMay 2019 | Taipei, Taiwan 1. Created Ad. creatives and campaign sites using HTML5, CSS, and JavaScript. 2. Developed an Ad. creative generation platform to automate processes, reducing
HTML
CSS
React
Unemployed
Ready to interview
Full-time / Interested in working remotely
10-15 years
YZU University (元智大學)
Information Communication
Avatar of the user.
Avatar of the user.
Available for paid companies
.Net 資深工程師 @澳創科技
2022 ~ Present
C#.net Development 全端/後端工程師
Within one month
HTML
CSS
MSSQL
Employed
Ready to interview
Full-time / Interested in working remotely
4-6 years
文化大學
Avatar of the user.
Avatar of the user.
Available for paid companies
Past
前端工程師 @Asus 華碩電腦股份有限公司
2023 ~ 2023
前端工程師 Front-End Developer
Within one month
Vue.js
html + css + javascript
git版本控制系統
Unemployed
Ready to interview
Full-time / Interested in working remotely
4-6 years
逢甲大學
光電系
Avatar of 黃俊元.
Avatar of 黃俊元.
黃俊元
Past
Frontend Engineer @個人接案 Freelancer
2023 ~ Present
Frontend Engineer
Within one month
接觸不同產業和商業模式。 專長 - 平台開發 根據 PO/ PM、SA 、企劃 需求方開出的需求規格,再與後端人員配合開發出功能產品( CMS、CRM )。編寫許多操控情境處理、內容欄位報表呈現、組織管理介面開發。 目前主要以 Vue.js 、 Nuxt.js 為主,從平台專案、會員管理
Nuxt.js
vue-cli
JavaScript
Reputation Credits9
Unemployed
Ready to interview
Full-time / Remote Only
4-6 years
嶺東科技大學 Ling Tung University
視覺傳達設計系
Avatar of the user.
Avatar of the user.
Available for paid companies
Web Developer @媽咪愛 MamiLove
2022 ~ Present
Full Stack Web Developer
Within one month
Linux
CentOS
Nginx
Employed
Ready to interview
Full-time / Interested in working remotely
6-10 years
Tamkang University (TKU)
資訊工程學系
Avatar of P.Koteswar.
Avatar of P.Koteswar.
P.Koteswar
Cloud Services Manager @AIA
2021 ~ 2022
DevOps Engineer, Site Reliability Engineer
Within one month
PGsql Manage the overall design and implementation of secure, scalable, and fault-tolerant infrastructure Managing and Automating Infrastructure Using Terraform, Terragrunt and Go Scripting. Deploying and Managing K8s clusters on Multi-Tenant and Dedicated Environments Managing and Administrating PostgreSQL Databases on EKS Postgres S3 data backup & replication setup (CRR) KMS/Secrets replication setup (CMS) Monitoring - Infra, Application dashboards, postgres using Prometheus, Thanos and Grafana Alerting - Infra, Application using Opsgenie, Uptrends and Cloudwatch Monitoring system, application health, security controls & cost Using Prometheus and Vantage Managing VPC, Subnets, NACL, SGs, KMS, CertManager, Secretsmanger, IAM role review Logs...
DevOps / CI / CD
Site Reliability Engineering
Terraform/Ansible/Jenkins
Employed
Ready to interview
Full-time / Interested in working remotely
10-15 years
Sikkim Manipal University
Information Technology
Avatar of Vision Hung.
Avatar of Vision Hung.
Vision Hung
Senior Frontend Engineer @Health2Sync
2018 ~ Present
Sr. Front-end, Sr. Web Developer
Within one month
reporting/chart. Lead the project plan to migrate the front-end framework Vue2 to Vue3. Import Storybook 7, build component specs/testing, and improve the communication efficiency of cross-team cooperation. Import Playwright to implement website system monitoring and E2E testing. Clinic Introduction Page & CMS Back-End Implemented frontend web application from scratch, responsible for planning process chart architecture and integrating Webview services. T ransformed Vue CSR architecture to Nuxt.js SSR, improved SEO ranking and performance score of PageSpeed Insights. Official Website Revamp Revamp the static website to SSR architecture
JavaScript
Github
JQuery
Employed
Ready to interview
Full-time / Interested in working remotely
4-6 years
國立高雄應用科技大學
電子工程系
Avatar of Yu-Hsiang Huang.
Active
Avatar of Yu-Hsiang Huang.
Active
Yu-Hsiang Huang
高級工程師 @不顯示公司名稱
2022 ~ Present
滲透測試、資訊安全、系統開發、程式設計
Within one month
Yu-Hsiang Huang Associate Technical Manager Obtained MCP certification in server management, proficient in Microsoft operating system. Familiar with server operations such as AD, DNS, DHCP, and IISProficient in system development using PHP/Laravel, Python, as well as other languages like VB.net, Rust, etc. The technologies used include but are not limited to: [ console, Redis, relational database, multi-thread, multi-process, dependency injection, restful API, schedule, queue, broadcast, i18n, unit test, Selenium, mock, one-click installation. ] Completed projects: Independently developed CMS for many companies. Used GitLab API and Docker SDK, and integrated Nessus
Active Directory
IIS
PHP
Employed
Ready to interview
Full-time / Interested in working remotely
10-15 years
立德大學
資訊工程
Avatar of 邱建嘉.
Avatar of 邱建嘉.
邱建嘉
Frontend Engineer @晶密股份有限公司
2023 ~ Present
前端工程師
Within one month
的官方網站,主要使用 Next.js 和 Tailwind CSS。(尚未上線) 和 1 名前端工程師,2 名後端工程師共同開發語言學習 APP 的 內容管理系統 (CMS) ,提供課程老師編輯課程影片與課程內容,主要使用 Vue.js 3 與 Vuetify 3。(尚未上線) 為專案添加團隊協作設定,例如: ESlint、Stylelint、Prettier、Commitlint
JavaScript
HTML5
CSS
Employed
Ready to interview
Full-time / Interested in working remotely
4-6 years
國立東華大學
應用數學系
Avatar of YI-XUAN LI.
Avatar of YI-XUAN LI.
YI-XUAN LI
Sr. Product Designer @portto 門戶科技 | Blocto
2022 ~ Present
Product Designer (UI/UX)
Within one month
想法及協助相關事務 專案 Project Web3 - Swap BloctoSwap is the first decentralized exchange on Flow, providing Token exchange and cross-chain transfer. Web3 - Developer dashboard Creating a good onboarding experience, I took over the UI revamp, social login, switch account functionalities, etc., to perfect Blocto Web. Web3 - Wallet Web Desktop/mobile ui design and ux research, plan the motion effects and maintain website. Web2 - CMS (Content Management System) Design and manage CMS, optimize product. 作品集 Portfolio Eva's Website | Behance |  Dribbble |  Red Dot award 2015
Photoshop
Illustrator
InDesign
Employed
Ready to interview
Full-time / Interested in working remotely
4-6 years
Shu-Te University
Visual communication design

The Most Lightweight and Effective Recruiting Plan

Search resumes and take the initiative to contact job applicants for higher recruiting efficiency. The Choice of Hundreds of Companies.

  • Browse all search results
  • Unlimited access to start new conversations
  • Resumes accessible for only paid companies
  • View users’ email address & phone numbers
Upgrade Now
7-day money-back guarantee, cancel anytime
123456789
Search Tips
1
Search a precise keyword combination
senior backend php
If the number of the search result is not enough, you can remove the less important keywords
2
Use quotes to search for an exact phrase
"business development"
3
Use the minus sign to eliminate results containing certain words
UI designer -UX
Only public resumes are available with the free plan.
Upgrade to an advanced plan to view all search results including tens of thousands of resumes exclusive on CakeResume.
Upgrade Now

Definition of Reputation Credits

Technical Skills
Specialized knowledge and expertise within the profession (e.g. familiar with SEO and use of related tools).
Problem-Solving
Ability to identify, analyze, and prepare solutions to problems.
Adaptability
Ability to navigate unexpected situations; and keep up with shifting priorities, projects, clients, and technology.
Communication
Ability to convey information effectively and is willing to give and receive feedback.
Time Management
Ability to prioritize tasks based on importance; and have them completed within the assigned timeline.
Teamwork
Ability to work cooperatively, communicate effectively, and anticipate each other's demands, resulting in coordinated collective action.
Leadership
Ability to coach, guide, and inspire a team to achieve a shared goal or outcome effectively.
Within one month
Avatar of Yu-Hsiang Huang.
Yu-Hsiang Huang
Associate Technical Manager
不顯示公司名稱
2022 ~ Present
臺灣桃園市中壢區
Professional Background
Current status
Employed
Job Search Progress
Ready to interview
Professions
Security Engineer, Back-end Engineer
Fields of Employment
Cyber Security
Work experience
10-15 years
Management
I've had experience in managing 1-5 people
Skills
Active Directory
IIS
PHP
Laravel
Python
Rust
jQuery
Vue
Penetration Testing
Kali
Metasploit
Burp Suite
Nessus
Acunetix
MySQL / Mariadb
Languages
Chinese
Native or Bilingual
English
Beginner
Job search preferences
Positions
滲透測試、資訊安全、系統開發、程式設計
Job types
Full-time
Locations
台灣, 日本
Remote
Interested in working remotely
Freelance
No
Educations
School
立德大學
Major
資訊工程
Print

Yu-Hsiang Huang

Associate Technical Manager

Obtained MCP certification in server management, proficient in Microsoft operating system. Familiar with server operations such as AD, DNS, DHCP, and IIS.

--------------------

Proficient in system development using PHP/Laravel, Python, as well as other languages like VB.net, Rust, etc. The technologies used include but are not limited to:

[

console, Redis, relational database, multi-thread, multi-process, dependency injection, restful API, schedule, queue, broadcast, i18n, unit test, Selenium, mock, one-click installation.

]


Completed projects:

  1. Independently developed CMS for many companies.
  2. Used GitLab API and Docker SDK, and integrated Nessus and other security tools to develop an automated security assessment system.
  3. Independently developed a security automation framework for reproduction and revalidation.
  4. Independently weaponized the Python package <TFTPY> as a penetration testing tool.


Side projects & special achievements:

  1. Independently developed a program to receive the network traffic information using the SNMP protocol and visualize it graphically.
  2. Independently developed a hexagonal menu and a moving light bar using JavaScript and other technologies.
  3. Independently developed a multi-threaded websocket server using PHP & VB.Net.
  4. Independently developed malicious programs such as brute-force tools, vulnerability PoCs, webshells, packet manipulators, and used WinAPI to control the operating system.
  5. Independently used and modified the Python package <BooFuzz> to develpoed a fuzzer.
  6. Independently developed Nessus plugins.
  7. Independently developed the legal programs to save on cybersecurity software licenses, which can save tens of thousands to hundreds of thousands of New Taiwan Dollars per year, depending on the scale of usage.

--------------------

In the field of cybersecurity, I have obtained the ECSA certification and referred to OSWE study materials, considering myself to have a level of expertise above that of OSWE.


Completed projects:

  1. Participated in the handling of major cybersecurity incidents for government agencies.
  2. Completed numerous penetration testing tasks for many companies, identifying high, medium, and low-risk vulnerabilities, totaling hundreds of system vulnerabilities. Even obtained the RCE vulnerabilities in several commercial products.
  3. Assisted two employers in conducting security regulation-related tests, writing test cases, etc. For example, tests related to IEC 62443 SVV 1-4, such as compliance testing, mitigation plan testing, vulnerability scanning, fuzz testing, penetration testing, and various other tests.
  4. Assisted in manually reproducing and revalidating vulnerabilities, including fixing and developing PoCs.


Side projects & special achievements:

  1. Ranked 344th individually, and 153rd as a team in HTB within four months.
  2. Independently obtained over 40 CVEs, including some in well-known software. Some of the CVEs have been inquired about by an antivirus software company and other unspecified individuals.
  3. Disclosed vulnerabilities without requesting CVEs afterwards, totaling 5 or more.
  4. Undisclosed vulnerabilities total more than 16, including vulnerabilities in NETGEAR, Alcatel, Discuz! X3.4, RCE vulnerabilities in many schools, vulnerabilities in internal systems of many companies, vulnerabilities in many well-known shopping websites, and others.
  5. Participated in patching the security vulnerability in the open-source project phpMyAdmin.
  6. Independently created the p12 file to reproduce CVE-2022-0778 (the p12 file has been saved on GitHub and listed on cvexploits).
  7. Reported a vulnerability in ZyXEL products and received a letter of appreciation.
  8. Reported an information system vulnerability in Realtek and received a reward.
  9. Reported the vulnerability in a company's product serial number rules to prevent the company from suffering losses.

Zhongli District, Taoyuan City, Taiwan
[email protected]

https://github.com/HuangYuHsiangPhone

EDUCATION

Leader University

Master Degree of Computer Science & Information Engineering  •  2007 - 2009


SKILLS

  • Active Directory
  • IIS
  • PHP
  • Laravel
  • Python
  • Rust
  • jQuery
  • Vue
  • Penetration Testing
  • Kali
  • Metasploit
  • Burp Suite
  • Nessus
  • Acunetix

Languages

  • Chinese — native
  • English — basic

WORK & EXPERIENCE

Senior Engineer  •  <Hidden>

Mar. 2022 - Present  |  Taipei, Taiwan

  • Job responsibilities:
    1. Assisted PSIRT and Cybersecurity Testing Team in avoiding unnecessary or incorrect testing steps and collecting information related to vulnerability confirmation.
    2. Studied cybersecurity regulations, such as 62443-4-2, and wrote the test cases. Responsible for pretesting to ensure compliance with Korean cybersecurity regulations.
    3. Wrote the test cases for threat mitigation plans and executed the test cases.
    4. Developed Jira Automation.
    5. Independently modified and weaponized the Python package <TFTPY> as a PT tool.
    6. Used Python, Robot Framework, etc. to independently develop automated testing for reproducing vulnerabilities and mitigation plans.
      [
      setuptools, click, scapy, multi-process.
      Improving the situation of having to modify the automation program significantly when there's a change to web code.
      Packets detection, such as VRRP and ICMP.
      ]
    7. Used PHP, Bat files, and related APIs to independently develop cybersecurity automation systems that meet the needs of various departments.
      [
      console, Redis, relational database, dependency injection, restful api
      schedule, queue, broadcast, i18n, one-click installation
      ]
    8. Reproduced CVEs; some examples are listed below.
      [
      Independently created the p12 file to reproduce CVE-2022-0778 (the p12 file has been saved on GitHub and listed on cvexploits).
      Independently assisted PSIRT in clarifying the scope of impact of CVE-2021-3493 and tracing related Linux code.
  • Cybersecurity achievements:
    1. Independently conducted penetration testing on company's products, discovering several dozens of high-risk vulnerabilities. Some vulnerabilities were memory-related and expected to be applied together for several CVEs.
    2. Succeeded in bypassing the RD's patches many times.
    3. Independently developed the legal programs to save on cybersecurity software licenses, which can save tens of thousands to hundreds of thousands of New Taiwan Dollars per year, depending on the scale of usage.
    4. Reported the vulnerability in the company's product serial number rules to prevent the company from suffering losses.
  • Others:
    1. Independently developed Nessus plugins.
    2. Independently discovered several vulnerabilities on TestLink
      [
      CVE-2022-35196(8.8), etc.
      ]
    3. Independently discovered several vulnerabilities on Moxa MXsecurity
      [
      CVE-2023-41438(0.0), CVE-2023-41440(0.0), etc.
      ]

Associate Technical Manager  •  Bureau Veritas

Aug. 2021 - Feb. 2022  |  Taipei, Taiwan

  • Job responsibilities
    1. Studied cybersecurity regulations, , such as 303645, 62443-4-2, and wrote the test cases.
    2. Independently conducted vulnerability scanning.
    3. Independently conducted fuzz testing and developed specific protocol fuzzer.
    4. Independently conducted penetration testing.
  • Cybersecurity achievements
    1. Independently discovered many high, medium and low cybersecurity vulnerabilities, such as RCE, DoS, injection, in products of various industrial control device manufacturers.
  • Others
    1. Reported a vulnerability in ZyXEL products and received a letter of appreciation.

Staff Engineer / IoT Vulnerability Researcher  •  Panasonic

Apr. 2020 - Aug. 2021  |  Taipei, Taiwan

  • Job responsibilities
    1. Developed a CLI automation security testing system using Python.
      1. Used Docker SDK, GitLab API, etc.
      2. Corrected cross-platform program issues.
      3. Integrated security programs such as Nessus 8.
      4. Automated the setup of an IIS PHP web server using WinAPI.
      5. Decoupled the program.
      6. Unit Test, Code Coverage, Mock.
    2. Independently developed a web automated security testing system using Laravel.
      1. Used bootstrap + Vue + jQuery
      2. Restful API.
      3. Unit test, code coverage, mock, faker.
      4. Integrated the Python CLI program and provided real-time output. 
    3. Penetration testing for IoT devices and web.
  • Cybersecurity achievements
    1. Independently discovered the RCE vulnerability in commercial software developed by my current employer using Python and PHP.
    2. Independently discovered the RCE vulnerability in commercial software developed by another company within the group, using Node.js and C#.
  • Others
    1. Independently discovered high-risk vulnerabilities in the information systems of many listed semiconductor companies in Taiwan.
    2. Independently discovered high-risk vulnerabilities on Discuz! X3.4.
    3. Independently achieved the User privilege in the 130th place on HTB Proper(Win, Hard) on Mar. 23, 2021.
    4. Independently developed jQuery plugins.
    5. Independently developed a hexagonal menu and a moving light bar using JavaScript and other technologies.
    6. Independently discovered information leakage vulnerability in MS IE.
    7. Independently discovered several vulnerabilities on NETGEAR RAX80 and Alcatel I-040GW
      [
      CVE-2020-*****(0.0) x 2
      ]

Vulnerability Analysis Engineer  •  Next Bank

Dec. 2019 - Apr. 2020  |  Taipei, Taiwan

  • Job responsibilities
    1. Participated in Nexpose/Nessus vulnerability scanning automation PoC.
    2. Participated in Fortify source code scanning automation PoC.
    3. Participated in penetration testing.
  • Cybersecurity achievements
    1. Independently discovered several vulnerabilities on iTop
      [
      CVE-2020-12777(7.5),CVE-2020-12778(6.1)
      CVE-2020-12779(5.4),CVE-2020-12780(7.5)
      CVE-2020-12781(8.8)
      ]
  • Others
    1. Independently developed a multi-threaded websocket server using PHP & VB.Net.

Engineer  •  NCCST

Jun. 2018 - Nov. 2019  |  Taipei, Taiwan

  • Job responsibilities
    1. Performing penetration testing on the government information systems.
    2. Black-box and white-box testing.
    3. Reverse engineering of the .NET programs.
    4. Assisted government agencies in setting up the scenario for the 2019 Cyber Offensive and Defensive Exercise (CODE).
    5. Independently developed a report management system and a program for automatically fetching email attachments using Laravel.
  • Cybersecurity achievements
    1. Joined a government attack and defense exercise halfway through and ranked second among approximately 90 attackers as a newcomer. Discovered over 140 vulnerabilities and received corresponding rewards.
    2. Capable of manually bypassing a web application firewall (WAF) to achieve attacks that are difficult for tools to accomplish.
    3. Independently developed scanning and attack tools (such as CVE PoCs, scanners for specific vulnerabilities, PHP & ASPX webshells), using technologies including but not limited to curl, socket, multi-thread.
  • Others
    1. Ranked 344th individually, and 153rd as a team in HTB within four months.
    2. Participated in patching the security vulnerability in the open-source project phpMyAdmin.
    3. A total of at least 34 CVEs have been applied for. Only some are listed as follows:
      1. Independently discovered several vulnerabilities on GSS Tracko, Radar.
        [The request to revoke the CVE ID has been made.(0.0), etc.]
      2. Independently discovered several vulnerabilities on InfoDoc ODMS.
        [The request to revoke the CVE ID has been made.(9.8), etc.]
      3. Independently discovered several vulnerabilities on DrayTek Vigor2925.
        [CVE-2019-16533(6.1), etc.]
      4. Independently discovered several vulnerabilities on ESRI ArcGIS Enterprise.
        [CVE-2019-16193(5.4)]
      5. Independently discovered several vulnerabilities on Avaya Scopia Desktop.
        [CVE-2019-6998(6.4), etc.]
      6. Independently discovered several vulnerabilities on phpMyAdmin.
        [CVE-2019-6798(9.8), etc.]
      7. Independently discovered several vulnerabilities on MyWebSQL.
        [CVE-2019-7731(9.8), etc.]
      8. Independently discovered several vulnerabilities on DbNinja.
        [CVE-2019-7747(9.6), etc.]
      9. Independently discovered several vulnerabilities on webERP.
        [CVE-2018-19434(7.2), etc.]
      10. Independently discovered several vulnerabilities on KindEditor.
        [CVE-2018-18950(7.5), etc.]
      11. Independently discovered several vulnerabilities on PHP-Proxy.
        [CVE-2018-19784(7.5), etc.]

經理   •  合群樹脂實業有限公司

九月 2016 - 五月 2018  |  Taipei, Taiwan

  • 1.客戶開發
      既有客戶聯繫
      找尋新客戶

    2.產品開發製造
      既有規格產品製造
      客製規格產品開發

    3.進銷存管理
      庫存盤點
      進貨
      銷貨
      EXCEL VBA 成本計算等

    4.帳務處理
      應收帳款
      應付帳款
      開立支票等

    5.資訊系統處理
      PC故障維修
      系統實轉虛等

    6.部屬任務安排

    7.廠房修繕

資訊副工程師  •  森霸電力股份有限公司

二月 2012 - 八月 2016  |  Taipei, Taiwan

  • 工作內容:

    1. 程式設計
      PHPBB架設及修改,作為公司公告系統。
      PHP撰寫個人電腦資訊查詢系統,作為採購、報廢等依據。
      PHP撰寫公司表單查詢系統
      PHP撰寫破解AD帳密程序,驗證資安問題。
      PHP撰寫SNMP抓流量並圖形化程序,提供同仁參考網路狀況。
      VB.NET撰寫多執行緒掃網段串改封包程序,驗證資安問題。
      Excel VBA, 公式, 圖表,協助倉管盤點及計算備品價值。
      查看廠商撰寫之電廠系統程式碼(JSP),並成功發現無效存取控管弱點。
      其它

    2. 系統管理
      Windows Server 2003管理
      DNS
      DHCP
      AD(GPO、權限等設定、Login Script)
      Server問題排除
      機房硬體設備(NAS、CDP、RAID)
      其它

    3. 網路管理
      封包攔截分析
      VLAN
      MAC Filter
      Switch
      Router
      Routing Table
      其它

    4. 個人電腦故障排除
      Windows XP、Windows 7
      Office(Excel、Word、Outlook)
      Printer
      IE
      其它

    5. 案件發包
    6. 物品請購
    7. 倉管
    8. 總機系統管理
    9. 文書處理
    10. 門禁&監視器處理
    11. 其他主管交辦事項

專案經理  •  竹貓星球數位股份有限公司

九月 2011 - 一月 2012  |  Taipei, Taiwan

  • 1. 台積電專案系統開發,採用PHP + MySQL + MSSQL。

PHP程式設計師  •  知識科技股份有限公司

十二月 2009 - 五月 2011  |  Taipei, Taiwan

  • 新人獎 - 2011

    工作內容:
    1. jQuery
    2. PHP
    3. MySQL
    4. CI MVC Framework

    5. Windows Server 2003
    6. DNS
    7. IIS
    8. File Server
    9. SVN Server
    10. CA Server

    11. 客制化 PHP 程式設計
    12. Yahoo EWS API
    13. PayPal API
    14. facebook API
    15. Google API

    16. 安全漏洞檢測,成功發現多項漏洞,並提報給公司負責人
    17. 效能等其他問題檢測
Resume
Profile
Print

Yu-Hsiang Huang

Associate Technical Manager

Obtained MCP certification in server management, proficient in Microsoft operating system. Familiar with server operations such as AD, DNS, DHCP, and IIS.

--------------------

Proficient in system development using PHP/Laravel, Python, as well as other languages like VB.net, Rust, etc. The technologies used include but are not limited to:

[

console, Redis, relational database, multi-thread, multi-process, dependency injection, restful API, schedule, queue, broadcast, i18n, unit test, Selenium, mock, one-click installation.

]


Completed projects:

  1. Independently developed CMS for many companies.
  2. Used GitLab API and Docker SDK, and integrated Nessus and other security tools to develop an automated security assessment system.
  3. Independently developed a security automation framework for reproduction and revalidation.
  4. Independently weaponized the Python package <TFTPY> as a penetration testing tool.


Side projects & special achievements:

  1. Independently developed a program to receive the network traffic information using the SNMP protocol and visualize it graphically.
  2. Independently developed a hexagonal menu and a moving light bar using JavaScript and other technologies.
  3. Independently developed a multi-threaded websocket server using PHP & VB.Net.
  4. Independently developed malicious programs such as brute-force tools, vulnerability PoCs, webshells, packet manipulators, and used WinAPI to control the operating system.
  5. Independently used and modified the Python package <BooFuzz> to develpoed a fuzzer.
  6. Independently developed Nessus plugins.
  7. Independently developed the legal programs to save on cybersecurity software licenses, which can save tens of thousands to hundreds of thousands of New Taiwan Dollars per year, depending on the scale of usage.

--------------------

In the field of cybersecurity, I have obtained the ECSA certification and referred to OSWE study materials, considering myself to have a level of expertise above that of OSWE.


Completed projects:

  1. Participated in the handling of major cybersecurity incidents for government agencies.
  2. Completed numerous penetration testing tasks for many companies, identifying high, medium, and low-risk vulnerabilities, totaling hundreds of system vulnerabilities. Even obtained the RCE vulnerabilities in several commercial products.
  3. Assisted two employers in conducting security regulation-related tests, writing test cases, etc. For example, tests related to IEC 62443 SVV 1-4, such as compliance testing, mitigation plan testing, vulnerability scanning, fuzz testing, penetration testing, and various other tests.
  4. Assisted in manually reproducing and revalidating vulnerabilities, including fixing and developing PoCs.


Side projects & special achievements:

  1. Ranked 344th individually, and 153rd as a team in HTB within four months.
  2. Independently obtained over 40 CVEs, including some in well-known software. Some of the CVEs have been inquired about by an antivirus software company and other unspecified individuals.
  3. Disclosed vulnerabilities without requesting CVEs afterwards, totaling 5 or more.
  4. Undisclosed vulnerabilities total more than 16, including vulnerabilities in NETGEAR, Alcatel, Discuz! X3.4, RCE vulnerabilities in many schools, vulnerabilities in internal systems of many companies, vulnerabilities in many well-known shopping websites, and others.
  5. Participated in patching the security vulnerability in the open-source project phpMyAdmin.
  6. Independently created the p12 file to reproduce CVE-2022-0778 (the p12 file has been saved on GitHub and listed on cvexploits).
  7. Reported a vulnerability in ZyXEL products and received a letter of appreciation.
  8. Reported an information system vulnerability in Realtek and received a reward.
  9. Reported the vulnerability in a company's product serial number rules to prevent the company from suffering losses.

Zhongli District, Taoyuan City, Taiwan
[email protected]

https://github.com/HuangYuHsiangPhone

EDUCATION

Leader University

Master Degree of Computer Science & Information Engineering  •  2007 - 2009


SKILLS

  • Active Directory
  • IIS
  • PHP
  • Laravel
  • Python
  • Rust
  • jQuery
  • Vue
  • Penetration Testing
  • Kali
  • Metasploit
  • Burp Suite
  • Nessus
  • Acunetix

Languages

  • Chinese — native
  • English — basic

WORK & EXPERIENCE

Senior Engineer  •  <Hidden>

Mar. 2022 - Present  |  Taipei, Taiwan

  • Job responsibilities:
    1. Assisted PSIRT and Cybersecurity Testing Team in avoiding unnecessary or incorrect testing steps and collecting information related to vulnerability confirmation.
    2. Studied cybersecurity regulations, such as 62443-4-2, and wrote the test cases. Responsible for pretesting to ensure compliance with Korean cybersecurity regulations.
    3. Wrote the test cases for threat mitigation plans and executed the test cases.
    4. Developed Jira Automation.
    5. Independently modified and weaponized the Python package <TFTPY> as a PT tool.
    6. Used Python, Robot Framework, etc. to independently develop automated testing for reproducing vulnerabilities and mitigation plans.
      [
      setuptools, click, scapy, multi-process.
      Improving the situation of having to modify the automation program significantly when there's a change to web code.
      Packets detection, such as VRRP and ICMP.
      ]
    7. Used PHP, Bat files, and related APIs to independently develop cybersecurity automation systems that meet the needs of various departments.
      [
      console, Redis, relational database, dependency injection, restful api
      schedule, queue, broadcast, i18n, one-click installation
      ]
    8. Reproduced CVEs; some examples are listed below.
      [
      Independently created the p12 file to reproduce CVE-2022-0778 (the p12 file has been saved on GitHub and listed on cvexploits).
      Independently assisted PSIRT in clarifying the scope of impact of CVE-2021-3493 and tracing related Linux code.
  • Cybersecurity achievements:
    1. Independently conducted penetration testing on company's products, discovering several dozens of high-risk vulnerabilities. Some vulnerabilities were memory-related and expected to be applied together for several CVEs.
    2. Succeeded in bypassing the RD's patches many times.
    3. Independently developed the legal programs to save on cybersecurity software licenses, which can save tens of thousands to hundreds of thousands of New Taiwan Dollars per year, depending on the scale of usage.
    4. Reported the vulnerability in the company's product serial number rules to prevent the company from suffering losses.
  • Others:
    1. Independently developed Nessus plugins.
    2. Independently discovered several vulnerabilities on TestLink
      [
      CVE-2022-35196(8.8), etc.
      ]
    3. Independently discovered several vulnerabilities on Moxa MXsecurity
      [
      CVE-2023-41438(0.0), CVE-2023-41440(0.0), etc.
      ]

Associate Technical Manager  •  Bureau Veritas

Aug. 2021 - Feb. 2022  |  Taipei, Taiwan

  • Job responsibilities
    1. Studied cybersecurity regulations, , such as 303645, 62443-4-2, and wrote the test cases.
    2. Independently conducted vulnerability scanning.
    3. Independently conducted fuzz testing and developed specific protocol fuzzer.
    4. Independently conducted penetration testing.
  • Cybersecurity achievements
    1. Independently discovered many high, medium and low cybersecurity vulnerabilities, such as RCE, DoS, injection, in products of various industrial control device manufacturers.
  • Others
    1. Reported a vulnerability in ZyXEL products and received a letter of appreciation.

Staff Engineer / IoT Vulnerability Researcher  •  Panasonic

Apr. 2020 - Aug. 2021  |  Taipei, Taiwan

  • Job responsibilities
    1. Developed a CLI automation security testing system using Python.
      1. Used Docker SDK, GitLab API, etc.
      2. Corrected cross-platform program issues.
      3. Integrated security programs such as Nessus 8.
      4. Automated the setup of an IIS PHP web server using WinAPI.
      5. Decoupled the program.
      6. Unit Test, Code Coverage, Mock.
    2. Independently developed a web automated security testing system using Laravel.
      1. Used bootstrap + Vue + jQuery
      2. Restful API.
      3. Unit test, code coverage, mock, faker.
      4. Integrated the Python CLI program and provided real-time output. 
    3. Penetration testing for IoT devices and web.
  • Cybersecurity achievements
    1. Independently discovered the RCE vulnerability in commercial software developed by my current employer using Python and PHP.
    2. Independently discovered the RCE vulnerability in commercial software developed by another company within the group, using Node.js and C#.
  • Others
    1. Independently discovered high-risk vulnerabilities in the information systems of many listed semiconductor companies in Taiwan.
    2. Independently discovered high-risk vulnerabilities on Discuz! X3.4.
    3. Independently achieved the User privilege in the 130th place on HTB Proper(Win, Hard) on Mar. 23, 2021.
    4. Independently developed jQuery plugins.
    5. Independently developed a hexagonal menu and a moving light bar using JavaScript and other technologies.
    6. Independently discovered information leakage vulnerability in MS IE.
    7. Independently discovered several vulnerabilities on NETGEAR RAX80 and Alcatel I-040GW
      [
      CVE-2020-*****(0.0) x 2
      ]

Vulnerability Analysis Engineer  •  Next Bank

Dec. 2019 - Apr. 2020  |  Taipei, Taiwan

  • Job responsibilities
    1. Participated in Nexpose/Nessus vulnerability scanning automation PoC.
    2. Participated in Fortify source code scanning automation PoC.
    3. Participated in penetration testing.
  • Cybersecurity achievements
    1. Independently discovered several vulnerabilities on iTop
      [
      CVE-2020-12777(7.5),CVE-2020-12778(6.1)
      CVE-2020-12779(5.4),CVE-2020-12780(7.5)
      CVE-2020-12781(8.8)
      ]
  • Others
    1. Independently developed a multi-threaded websocket server using PHP & VB.Net.

Engineer  •  NCCST

Jun. 2018 - Nov. 2019  |  Taipei, Taiwan

  • Job responsibilities
    1. Performing penetration testing on the government information systems.
    2. Black-box and white-box testing.
    3. Reverse engineering of the .NET programs.
    4. Assisted government agencies in setting up the scenario for the 2019 Cyber Offensive and Defensive Exercise (CODE).
    5. Independently developed a report management system and a program for automatically fetching email attachments using Laravel.
  • Cybersecurity achievements
    1. Joined a government attack and defense exercise halfway through and ranked second among approximately 90 attackers as a newcomer. Discovered over 140 vulnerabilities and received corresponding rewards.
    2. Capable of manually bypassing a web application firewall (WAF) to achieve attacks that are difficult for tools to accomplish.
    3. Independently developed scanning and attack tools (such as CVE PoCs, scanners for specific vulnerabilities, PHP & ASPX webshells), using technologies including but not limited to curl, socket, multi-thread.
  • Others
    1. Ranked 344th individually, and 153rd as a team in HTB within four months.
    2. Participated in patching the security vulnerability in the open-source project phpMyAdmin.
    3. A total of at least 34 CVEs have been applied for. Only some are listed as follows:
      1. Independently discovered several vulnerabilities on GSS Tracko, Radar.
        [The request to revoke the CVE ID has been made.(0.0), etc.]
      2. Independently discovered several vulnerabilities on InfoDoc ODMS.
        [The request to revoke the CVE ID has been made.(9.8), etc.]
      3. Independently discovered several vulnerabilities on DrayTek Vigor2925.
        [CVE-2019-16533(6.1), etc.]
      4. Independently discovered several vulnerabilities on ESRI ArcGIS Enterprise.
        [CVE-2019-16193(5.4)]
      5. Independently discovered several vulnerabilities on Avaya Scopia Desktop.
        [CVE-2019-6998(6.4), etc.]
      6. Independently discovered several vulnerabilities on phpMyAdmin.
        [CVE-2019-6798(9.8), etc.]
      7. Independently discovered several vulnerabilities on MyWebSQL.
        [CVE-2019-7731(9.8), etc.]
      8. Independently discovered several vulnerabilities on DbNinja.
        [CVE-2019-7747(9.6), etc.]
      9. Independently discovered several vulnerabilities on webERP.
        [CVE-2018-19434(7.2), etc.]
      10. Independently discovered several vulnerabilities on KindEditor.
        [CVE-2018-18950(7.5), etc.]
      11. Independently discovered several vulnerabilities on PHP-Proxy.
        [CVE-2018-19784(7.5), etc.]

經理   •  合群樹脂實業有限公司

九月 2016 - 五月 2018  |  Taipei, Taiwan

  • 1.客戶開發
      既有客戶聯繫
      找尋新客戶

    2.產品開發製造
      既有規格產品製造
      客製規格產品開發

    3.進銷存管理
      庫存盤點
      進貨
      銷貨
      EXCEL VBA 成本計算等

    4.帳務處理
      應收帳款
      應付帳款
      開立支票等

    5.資訊系統處理
      PC故障維修
      系統實轉虛等

    6.部屬任務安排

    7.廠房修繕

資訊副工程師  •  森霸電力股份有限公司

二月 2012 - 八月 2016  |  Taipei, Taiwan

  • 工作內容:

    1. 程式設計
      PHPBB架設及修改,作為公司公告系統。
      PHP撰寫個人電腦資訊查詢系統,作為採購、報廢等依據。
      PHP撰寫公司表單查詢系統
      PHP撰寫破解AD帳密程序,驗證資安問題。
      PHP撰寫SNMP抓流量並圖形化程序,提供同仁參考網路狀況。
      VB.NET撰寫多執行緒掃網段串改封包程序,驗證資安問題。
      Excel VBA, 公式, 圖表,協助倉管盤點及計算備品價值。
      查看廠商撰寫之電廠系統程式碼(JSP),並成功發現無效存取控管弱點。
      其它

    2. 系統管理
      Windows Server 2003管理
      DNS
      DHCP
      AD(GPO、權限等設定、Login Script)
      Server問題排除
      機房硬體設備(NAS、CDP、RAID)
      其它

    3. 網路管理
      封包攔截分析
      VLAN
      MAC Filter
      Switch
      Router
      Routing Table
      其它

    4. 個人電腦故障排除
      Windows XP、Windows 7
      Office(Excel、Word、Outlook)
      Printer
      IE
      其它

    5. 案件發包
    6. 物品請購
    7. 倉管
    8. 總機系統管理
    9. 文書處理
    10. 門禁&監視器處理
    11. 其他主管交辦事項

專案經理  •  竹貓星球數位股份有限公司

九月 2011 - 一月 2012  |  Taipei, Taiwan

  • 1. 台積電專案系統開發,採用PHP + MySQL + MSSQL。

PHP程式設計師  •  知識科技股份有限公司

十二月 2009 - 五月 2011  |  Taipei, Taiwan

  • 新人獎 - 2011

    工作內容:
    1. jQuery
    2. PHP
    3. MySQL
    4. CI MVC Framework

    5. Windows Server 2003
    6. DNS
    7. IIS
    8. File Server
    9. SVN Server
    10. CA Server

    11. 客制化 PHP 程式設計
    12. Yahoo EWS API
    13. PayPal API
    14. facebook API
    15. Google API

    16. 安全漏洞檢測,成功發現多項漏洞,並提報給公司負責人
    17. 效能等其他問題檢測