CakeResume
CakeResume Logo
Log In
Sign Up
Build your Network
My Network
Access your personal network connections and manage your contacts.
CakeResume Meet
Expand your professional network by meeting and connecting with other users.
Community
Engage with other users through discussions, forums, and networking events.
Log In
Sign Up

CakeResume Talent Search

Advanced filters
On
Ready to interview
Open to opportunities
Not open to opportunities
Taiwan
台灣
United States
Taipei City, Taiwan
New Taipei City, Taiwan
Indonesia
台北市, 台灣
India
新北市, 台灣
Taipei, Taiwan
Taichung City, Taiwan
भारत
台中市, 台灣
Jawa Barat, Indonesia
West Java, Indonesia
Ukraine
United Kingdom
Australia
Hsinchu City, Taiwan
New Taipei, Taiwan
IT
Management / Business
Marketing / Advertising
Customer Service
Sales
Design
Media / Communication
Education
Bio, Medical
Engineering
Finance
Game Production
HR
Other
Catering / Food & Beverage
Law
Logistics / Trade
Manufacturing
Construction
Public Social Work
Tech
Advertising / Marketing / Agency
Industry
Education / Training / Recruitment
Design / Art
Culture / Media / Entertainment
Food and Beverage
Health / Social / Environment
Banking / Insurance / Finance
Consultant / Audit
Public administration
Medical
Mobility / Transport
Architecture
Legal / Law
Non-profit / Association
Agriculture
Corporate services
Distribution
Hotel / Tourism / Leisure
Service Industry
Less than 1 year
1-2 years
2-4 years
4-6 years
6-10 years
10-15 years
More than 15 years
AI Smart Matching
On
National Taiwan University
國立台灣大學
國立臺灣大學
Chinese Culture University
Feng Chia University
Fu Jen Catholic University
National Chung Cheng University
National Chung Hsing University
National Taiwan University of Science and Technology
中國文化大學
國立中正大學
國立中興大學
國立台灣科技大學
國立臺灣科技大學
輔仁大學
逢甲大學
Chung Yuan Christian University
Ming Chuan University
National Taipei University of Technology
National Tsing Hua University
National Yang Ming Chiao Tung University
Tamkang University
中原大學
國立台北科技大學
國立清華大學
國立臺北科技大學
國立陽明交通大學
淡江大學
銘傳大學
National Chengchi University
Taiwan
台灣
United States
Taipei City, Taiwan
台北市, 台灣
Indonesia
New Taipei City, Taiwan
新北市, 台灣
India
भारत
Hsinchu City, Taiwan
Taichung City, Taiwan
新竹市, 台灣
台中市, 台灣
Singapore
Canada
Jakarta, Indonesia
Jawa Barat, Indonesia
Kaohsiung City, Taiwan
United Kingdom
Full-time
Part-time
Intern
Word
PowerPoint
Excel
photoshop
JavaScript
Python
Git
Google Drive
JAVA
Microsoft Office
No
Yes
1-5 people
5-10 people
10-15 people
15+ people
Within one month
Within two months
Within three months
Within six months
Within one year
More than one year
Software Engineer
Android Developer
Senior Software Engineer
前端工程師 Front-End Developer
Firmware Engineer, Firmware Developer, Embedded Software Engineer
Project Manager
Front-End / Back-End / Full Stack Web Developer
Investor
Marketing Manager
Open to opportunities
Bachelor of Arts (BA)
Bachelor of Business Administration (BBA)
Bachelor of Science (BS)
Bachelor’s Degree
Master of Arts (MA)
Master of Business Administration (MBA)
Master of Science (MS)
Master’s Degree
Non-Degree Program (e.g. Coursera certificate)
Other
High school
Associate
Bachelor
Master
Doctoral
2021
2019
2018
2017
2016
2015
2014
2012
2011
2010
Current company
Off
Select all
Freelance
Self Employed
Binance
Independent
Lenovo
Logitech
Self-employed
Upwork
方見科技
香港商印芯科技股份有限公司台灣分公司
Interested in working remotely
Not interested in working remotely
Remote Only
Full-time freelancer
Part-time freelancer
Non-freelancer
Chinese - Native or Bilingual
English - Fluent
English - Intermediate
English - Professional
English - Native or Bilingual
English - Beginner
Indonesian - Native or Bilingual
Japanese - Intermediate
Japanese - Beginner
French - Intermediate
English
Chinese
Indonesian
French
Italian
Spanish
4-6 years
6-10 years
10-15 years
More than 15 years
  • Exclude read results
  • Show all experiences
Avatar of 高鈺傑.
Avatar of 高鈺傑.
高鈺傑
CakeResume Premium Badge
Past
資深前端工程師 @比房科技
2022 ~ 2024
Frontend developer.
Within one month
Google analytics, Google Tag, Google Ads Freelance/others 2020/Q/Q2 Planned, developed, and conducted business development from scratch, culminating in the launch of my first self-built SaaS platform inUndertook freelance projects (official website), blogging (side project), programming architecture experimentation, and course participation, among others. Independently managed client acquisition, pricing negotiations, tripartite collaborations, delivery, and ongoing maintenance. Tech Stack: React, Next.js, Firebase, Vercel, tRPC, Prisma, PlanetScale, Supabase, Github Pages, Rollup.js, GraphQL Full Stack Engineer niusnews | 2019/Q/Q3 Independently completed over ten website projects, utilizing Responsive Web Design
Frontend
Backend
Product
Unemployed
Ready to interview
Full-time / Interested in working remotely
4-6 years
暨南大學
電機工程
Avatar of the user.
Avatar of the user.
Available for paid companies
Sr. Full Stack Engineer @類神經網路股份有限公司
2021 ~ Present
資深程式設計師
Within one month
Android
Windows
Linux
Employed
Ready to interview
Full-time / Interested in working remotely
6-10 years
輔仁大學 Fu Jen Catholic University
Computer Science and Information Engineering
Avatar of the user.
Avatar of the user.
Available for paid companies
Past
Production Engineer @Alltech Engineering Finishes (高科工程塗裝)
2023 ~ 2024
研發職
Within one month
Word
PowerPoint
Excel
Unemployed
Ready to interview
Full-time / Interested in working remotely
6-10 years
國立中山大學 National Sun Yat-Sen University
Polymer Science
Avatar of Aken.
Avatar of Aken.
Aken
Past
Java Senior Backend Engineer @Alliance 聯訊網路
2021 ~ 2024
Java Senior Backend Engineer
Within one month
Aken Java Senior Backend Engineer Changhua County, [email protected] I am a person who takes responsibility and works efficiently. Friendly and sociable, with excellent interpersonal skills. When working independently, I maintain high standards for progress and product quality. In teamwork settings, I excel at communicating effectively and problem-solving with colleagues in business-related collaborations. I am proactive and patient in providing assistance to the team, ensuring the completion of mission objectives. Establishing effective channels of cooperation and communication is my consistent approach. I look forward to continuing to contribute my
Java
JavaScript
JQuery
Unemployed
Ready to interview
Full-time / Interested in working remotely
10-15 years
Asia University (TW)
資訊與設計學系
Avatar of the user.
Avatar of the user.
Available for paid companies
Inside Sales Business Development @TDCX Malaysia
2021 ~ Present
主管職
Within one month
Word
PowerPoint
專案管理
Employed
Ready to interview
Full-time / Interested in working remotely
6-10 years
國立台灣大學
生物產業傳播暨發展學系
Avatar of Fuyao Lin.
Avatar of Fuyao Lin.
Fuyao Lin
Past
android工程師/後端工程師/資深工程師 @迅智網路
2021 ~ 2024
Within one month
improving visual color schemes and completing requirements changes such as disaster maps and data monitoring. Additionally, assisting with software deployment with the Taipei City Government Information Office. Toxic Chemicals hazards dispersion simulation service. - software architect analysis and implementation. - c source code analysis. - responsible for backend, using nodeJs runtime with Express framework. Engineer • Compal Electronics DecJanMost work in android application development, including: Independently responsible for Bank SinoPac smartMat(Stampede) awarding system application independently responsible for Stampede subproject - gait-analysis 、demo light control independently responsible for continuous glucose machine(CGM) displaying applications us...
python
FastAPI(Python)
Unemployed
Ready to interview
Full-time / Interested in working remotely
6-10 years
長庚大學
電機工程研究所, undefined
Avatar of 黃雅萱.
Avatar of 黃雅萱.
黃雅萱
Past
Product Development Specialist @Emporium Corporation
2021 ~ 2024
商務開發、專案管理、產品開發
Within one month
for new products. Tracked and evaluated product performance, and provided training and product information to sales staff. Developed over ten brands from scratch and facilitated long-term exclusive agency partnerships. Number one biotech Inc. https://www.no1bio.com Sales representative JulSep 2021 Independently secured orders through business development initiatives. Proposed marketing strategies and cross-functional resource integration independently. Executed quarterly marketing plans and achieved revenue targets. Experience in planning and executing domestic trade shows and exhibitions of various scales. MICE marketing experience Aetos Singapore based in Woodlands Checkpoint
Word
PowerPoint
Excel
Unemployed
Ready to interview
Full-time / Remote Only
6-10 years
北九州YMCA
Japanese
Avatar of lancetw aka Hsin-lin Cheng.
Avatar of lancetw aka Hsin-lin Cheng.
lancetw aka Hsin-lin Cheng
Senior Front End Developer @Gemini Data Inc.
2021 ~ Present
Architect, Principal Software Engineer
Within one month
. Developed mobile-first, responsive design applications, handling 10,000+ data items and supporting large-scale file uploads. Advanced cross-platform compatibility using PWA technology, aligning with the latest web standards. Combined front-end and backend technologies to design industry-standard reports for business printing solutions. Independent Contractor (System Engineer), Various Clients Technologies: PHP (OOP), Python, Ruby, RoR, Node.js, jQuery, Java, Java Web, Golang, C, C++, Microsoft Office Macro (VBA). Delivered custom solutions across diverse technology stacks, addressing specific client needs. Demonstrated versatility by undertaking multiple roles from coding and
api
html5
python django
Employed
Ready to interview
Full-time / Interested in working remotely
10-15 years
Tunghai University
Computer Science
Avatar of 蕭舜誠-Shawn.
Avatar of 蕭舜誠-Shawn.
蕭舜誠-Shawn
Firmware Engineer @Lanner Electronics Inc.
2021 ~ Present
Firmware Engineer, Firmware Developer, Embedded Software Engineer
Within one month
蕭舜誠-Shawn New Taipei City, [email protected] Hi, I’m Shawn. experienced firmware engineer with nearly five years of experties. and a Bachelor’s degree in Electronic Engineering from the NKFUST. Proficient in firmware development using C, with hands-on experience in Embedded Linux System, MCU and Linux System, such as the OOB solution(on NUC980), Platform software Package, and FreeRTOS(on STM32) . comprehended to Python, TensorFlow, and machine learning concepts during university studies. Furthermore, I have proven track record of independently tackling challenging technical projects and embracing new technologies
C
ARM
Linux
Employed
Ready to interview
Full-time / Interested in working remotely
4-6 years
國立高雄科技大學(原國立高雄第一科技大學)
電子工程
Avatar of Chang Vincent.
Avatar of Chang Vincent.
Chang Vincent
Past
Senior Front-End Software Engineer @KKSTREAM 香港商科科串流股份有限公司
2020 ~ 2022
前端工程師 Front-End Developer
Within one month
by a factor of 10. Enhanced real-time object and behavior detection visualization on local devices, winning the Ecosystem Prize at the Audi Innovation Award. May 2017 – Mar 2019 Front-End Developer • QNAP Collaborated on various Proof of Concepts (POCs) with backend engineers and UI designers. Engaged independently in the early-stage front-end development of Cinema28, enabling multimedia streaming to network-attached storage (NAS)-connected devices. Mentored two interns, enabling them to troubleshoot issues and develop features independently within six months. Oct 2012 – Oct 2016 SKILLS Languages: JavaScript (Expert), TypeScript (Expert), HTML (Expert), CSS
Front-End Development
Front-End Web Development
Javascript(ES6)
Unemployed
Ready to interview
Full-time / Interested in working remotely
6-10 years
國立中山大學 National Sun Yat-Sen University
Computer Science

The Most Lightweight and Effective Recruiting Plan

Search resumes and take the initiative to contact job applicants for higher recruiting efficiency. The Choice of Hundreds of Companies.

  • Browse all search results
  • Unlimited access to start new conversations
  • Resumes accessible for only paid companies
  • View users’ email address & phone numbers
Upgrade Now
7-day money-back guarantee, cancel anytime
123456789
Search Tips
1
Search a precise keyword combination
senior backend php
If the number of the search result is not enough, you can remove the less important keywords
2
Use quotes to search for an exact phrase
"business development"
3
Use the minus sign to eliminate results containing certain words
UI designer -UX
Only public resumes are available with the free plan.
Upgrade to an advanced plan to view all search results including tens of thousands of resumes exclusive on CakeResume.
Upgrade Now

Definition of Reputation Credits

Technical Skills
Specialized knowledge and expertise within the profession (e.g. familiar with SEO and use of related tools).
Problem-Solving
Ability to identify, analyze, and prepare solutions to problems.
Adaptability
Ability to navigate unexpected situations; and keep up with shifting priorities, projects, clients, and technology.
Communication
Ability to convey information effectively and is willing to give and receive feedback.
Time Management
Ability to prioritize tasks based on importance; and have them completed within the assigned timeline.
Teamwork
Ability to work cooperatively, communicate effectively, and anticipate each other's demands, resulting in coordinated collective action.
Leadership
Ability to coach, guide, and inspire a team to achieve a shared goal or outcome effectively.
Within one month
Avatar of Yu-Hsiang Huang.
Yu-Hsiang Huang
Associate Technical Manager
不顯示公司名稱
2022 ~ Present
臺灣桃園市中壢區
Professional Background
Current status
Employed
Job Search Progress
Ready to interview
Professions
Security Engineer, Back-end Engineer
Fields of Employment
Cyber Security
Work experience
10-15 years
Management
I've had experience in managing 1-5 people
Skills
Active Directory
IIS
PHP
Laravel
Python
Rust
jQuery
Vue
Penetration Testing
Kali
Metasploit
Burp Suite
Nessus
Acunetix
MySQL / Mariadb
Languages
Chinese
Native or Bilingual
English
Beginner
Job search preferences
Positions
滲透測試、資訊安全、系統開發、程式設計
Job types
Full-time
Locations
台灣, 日本
Remote
Interested in working remotely
Freelance
No
Educations
School
立德大學
Major
資訊工程
Print

Yu-Hsiang Huang

Associate Technical Manager

Obtained MCP certification in server management, proficient in Microsoft operating system. Familiar with server operations such as AD, DNS, DHCP, and IIS.

--------------------

Proficient in system development using PHP/Laravel, Python, as well as other languages like VB.net, Rust, etc. The technologies used include but are not limited to:

[

console, Redis, relational database, multi-thread, multi-process, dependency injection, restful API, schedule, queue, broadcast, i18n, unit test, Selenium, mock, one-click installation.

]


Completed projects:

  1. Independently developed CMS for many companies.
  2. Used GitLab API and Docker SDK, and integrated Nessus and other security tools to develop an automated security assessment system.
  3. Independently developed a security automation framework for reproduction and revalidation.
  4. Independently weaponized the Python package <TFTPY> as a penetration testing tool.


Side projects & special achievements:

  1. Independently developed a program to receive the network traffic information using the SNMP protocol and visualize it graphically.
  2. Independently developed a hexagonal menu and a moving light bar using JavaScript and other technologies.
  3. Independently developed a multi-threaded websocket server using PHP & VB.Net.
  4. Independently developed malicious programs such as brute-force tools, vulnerability PoCs, webshells, packet manipulators, and used WinAPI to control the operating system.
  5. Independently used and modified the Python package <BooFuzz> to develpoed a fuzzer.
  6. Independently developed Nessus plugins.
  7. Independently developed the legal programs to save on cybersecurity software licenses, which can save tens of thousands to hundreds of thousands of New Taiwan Dollars per year, depending on the scale of usage.

--------------------

In the field of cybersecurity, I have obtained the ECSA certification and referred to OSWE study materials, considering myself to have a level of expertise above that of OSWE.


Completed projects:

  1. Participated in the handling of major cybersecurity incidents for government agencies.
  2. Completed numerous penetration testing tasks for many companies, identifying high, medium, and low-risk vulnerabilities, totaling hundreds of system vulnerabilities. Even obtained the RCE vulnerabilities in several commercial products.
  3. Assisted two employers in conducting security regulation-related tests, writing test cases, etc. For example, tests related to IEC 62443 SVV 1-4, such as compliance testing, mitigation plan testing, vulnerability scanning, fuzz testing, penetration testing, and various other tests.
  4. Assisted in manually reproducing and revalidating vulnerabilities, including fixing and developing PoCs.


Side projects & special achievements:

  1. Ranked 344th individually, and 153rd as a team in HTB within four months.
  2. Independently obtained over 40 CVEs, including some in well-known software. Some of the CVEs have been inquired about by an antivirus software company and other unspecified individuals.
  3. Disclosed vulnerabilities without requesting CVEs afterwards, totaling 5 or more.
  4. Undisclosed vulnerabilities total more than 16, including vulnerabilities in NETGEAR, Alcatel, Discuz! X3.4, RCE vulnerabilities in many schools, vulnerabilities in internal systems of many companies, vulnerabilities in many well-known shopping websites, and others.
  5. Participated in patching the security vulnerability in the open-source project phpMyAdmin.
  6. Independently created the p12 file to reproduce CVE-2022-0778 (the p12 file has been saved on GitHub and listed on cvexploits).
  7. Reported a vulnerability in ZyXEL products and received a letter of appreciation.
  8. Reported an information system vulnerability in Realtek and received a reward.
  9. Reported the vulnerability in a company's product serial number rules to prevent the company from suffering losses.

Zhongli District, Taoyuan City, Taiwan
[email protected]

https://github.com/HuangYuHsiangPhone

EDUCATION

Leader University

Master Degree of Computer Science & Information Engineering  •  2007 - 2009


SKILLS

  • Active Directory
  • IIS
  • PHP
  • Laravel
  • Python
  • Rust
  • jQuery
  • Vue
  • Penetration Testing
  • Kali
  • Metasploit
  • Burp Suite
  • Nessus
  • Acunetix

Languages

  • Chinese — native
  • English — basic

WORK & EXPERIENCE

Senior Engineer  •  <Hidden>

Mar. 2022 - Present  |  Taipei, Taiwan

  • Job responsibilities:
    1. Assisted PSIRT and Cybersecurity Testing Team in avoiding unnecessary or incorrect testing steps and collecting information related to vulnerability confirmation.
    2. Studied cybersecurity regulations, such as 62443-4-2, and wrote the test cases. Responsible for pretesting to ensure compliance with Korean cybersecurity regulations.
    3. Wrote the test cases for threat mitigation plans and executed the test cases.
    4. Developed Jira Automation.
    5. Independently modified and weaponized the Python package <TFTPY> as a PT tool.
    6. Used Python, Robot Framework, etc. to independently develop automated testing for reproducing vulnerabilities and mitigation plans.
      [
      setuptools, click, scapy, multi-process.
      Improving the situation of having to modify the automation program significantly when there's a change to web code.
      Packets detection, such as VRRP and ICMP.
      ]
    7. Used PHP, Bat files, and related APIs to independently develop cybersecurity automation systems that meet the needs of various departments.
      [
      console, Redis, relational database, dependency injection, restful api
      schedule, queue, broadcast, i18n, one-click installation
      ]
    8. Reproduced CVEs; some examples are listed below.
      [
      Independently created the p12 file to reproduce CVE-2022-0778 (the p12 file has been saved on GitHub and listed on cvexploits).
      Independently assisted PSIRT in clarifying the scope of impact of CVE-2021-3493 and tracing related Linux code.
  • Cybersecurity achievements:
    1. Independently conducted penetration testing on company's products, discovering several dozens of high-risk vulnerabilities. Some vulnerabilities were memory-related and expected to be applied together for several CVEs.
    2. Succeeded in bypassing the RD's patches many times.
    3. Independently developed the legal programs to save on cybersecurity software licenses, which can save tens of thousands to hundreds of thousands of New Taiwan Dollars per year, depending on the scale of usage.
    4. Reported the vulnerability in the company's product serial number rules to prevent the company from suffering losses.
  • Others:
    1. Independently developed Nessus plugins.
    2. Independently discovered several vulnerabilities on TestLink
      [
      CVE-2022-35196(8.8), etc.
      ]
    3. Independently discovered several vulnerabilities on Moxa MXsecurity
      [
      CVE-2023-41438(0.0), CVE-2023-41440(0.0), etc.
      ]

Associate Technical Manager  •  Bureau Veritas

Aug. 2021 - Feb. 2022  |  Taipei, Taiwan

  • Job responsibilities
    1. Studied cybersecurity regulations, , such as 303645, 62443-4-2, and wrote the test cases.
    2. Independently conducted vulnerability scanning.
    3. Independently conducted fuzz testing and developed specific protocol fuzzer.
    4. Independently conducted penetration testing.
  • Cybersecurity achievements
    1. Independently discovered many high, medium and low cybersecurity vulnerabilities, such as RCE, DoS, injection, in products of various industrial control device manufacturers.
  • Others
    1. Reported a vulnerability in ZyXEL products and received a letter of appreciation.

Staff Engineer / IoT Vulnerability Researcher  •  Panasonic

Apr. 2020 - Aug. 2021  |  Taipei, Taiwan

  • Job responsibilities
    1. Developed a CLI automation security testing system using Python.
      1. Used Docker SDK, GitLab API, etc.
      2. Corrected cross-platform program issues.
      3. Integrated security programs such as Nessus 8.
      4. Automated the setup of an IIS PHP web server using WinAPI.
      5. Decoupled the program.
      6. Unit Test, Code Coverage, Mock.
    2. Independently developed a web automated security testing system using Laravel.
      1. Used bootstrap + Vue + jQuery
      2. Restful API.
      3. Unit test, code coverage, mock, faker.
      4. Integrated the Python CLI program and provided real-time output. 
    3. Penetration testing for IoT devices and web.
  • Cybersecurity achievements
    1. Independently discovered the RCE vulnerability in commercial software developed by my current employer using Python and PHP.
    2. Independently discovered the RCE vulnerability in commercial software developed by another company within the group, using Node.js and C#.
  • Others
    1. Independently discovered high-risk vulnerabilities in the information systems of many listed semiconductor companies in Taiwan.
    2. Independently discovered high-risk vulnerabilities on Discuz! X3.4.
    3. Independently achieved the User privilege in the 130th place on HTB Proper(Win, Hard) on Mar. 23, 2021.
    4. Independently developed jQuery plugins.
    5. Independently developed a hexagonal menu and a moving light bar using JavaScript and other technologies.
    6. Independently discovered information leakage vulnerability in MS IE.
    7. Independently discovered several vulnerabilities on NETGEAR RAX80 and Alcatel I-040GW
      [
      CVE-2020-*****(0.0) x 2
      ]

Vulnerability Analysis Engineer  •  Next Bank

Dec. 2019 - Apr. 2020  |  Taipei, Taiwan

  • Job responsibilities
    1. Participated in Nexpose/Nessus vulnerability scanning automation PoC.
    2. Participated in Fortify source code scanning automation PoC.
    3. Participated in penetration testing.
  • Cybersecurity achievements
    1. Independently discovered several vulnerabilities on iTop
      [
      CVE-2020-12777(7.5),CVE-2020-12778(6.1)
      CVE-2020-12779(5.4),CVE-2020-12780(7.5)
      CVE-2020-12781(8.8)
      ]
  • Others
    1. Independently developed a multi-threaded websocket server using PHP & VB.Net.

Engineer  •  NCCST

Jun. 2018 - Nov. 2019  |  Taipei, Taiwan

  • Job responsibilities
    1. Performing penetration testing on the government information systems.
    2. Black-box and white-box testing.
    3. Reverse engineering of the .NET programs.
    4. Assisted government agencies in setting up the scenario for the 2019 Cyber Offensive and Defensive Exercise (CODE).
    5. Independently developed a report management system and a program for automatically fetching email attachments using Laravel.
  • Cybersecurity achievements
    1. Joined a government attack and defense exercise halfway through and ranked second among approximately 90 attackers as a newcomer. Discovered over 140 vulnerabilities and received corresponding rewards.
    2. Capable of manually bypassing a web application firewall (WAF) to achieve attacks that are difficult for tools to accomplish.
    3. Independently developed scanning and attack tools (such as CVE PoCs, scanners for specific vulnerabilities, PHP & ASPX webshells), using technologies including but not limited to curl, socket, multi-thread.
  • Others
    1. Ranked 344th individually, and 153rd as a team in HTB within four months.
    2. Participated in patching the security vulnerability in the open-source project phpMyAdmin.
    3. A total of at least 34 CVEs have been applied for. Only some are listed as follows:
      1. Independently discovered several vulnerabilities on GSS Tracko, Radar.
        [The request to revoke the CVE ID has been made.(0.0), etc.]
      2. Independently discovered several vulnerabilities on InfoDoc ODMS.
        [The request to revoke the CVE ID has been made.(9.8), etc.]
      3. Independently discovered several vulnerabilities on DrayTek Vigor2925.
        [CVE-2019-16533(6.1), etc.]
      4. Independently discovered several vulnerabilities on ESRI ArcGIS Enterprise.
        [CVE-2019-16193(5.4)]
      5. Independently discovered several vulnerabilities on Avaya Scopia Desktop.
        [CVE-2019-6998(6.4), etc.]
      6. Independently discovered several vulnerabilities on phpMyAdmin.
        [CVE-2019-6798(9.8), etc.]
      7. Independently discovered several vulnerabilities on MyWebSQL.
        [CVE-2019-7731(9.8), etc.]
      8. Independently discovered several vulnerabilities on DbNinja.
        [CVE-2019-7747(9.6), etc.]
      9. Independently discovered several vulnerabilities on webERP.
        [CVE-2018-19434(7.2), etc.]
      10. Independently discovered several vulnerabilities on KindEditor.
        [CVE-2018-18950(7.5), etc.]
      11. Independently discovered several vulnerabilities on PHP-Proxy.
        [CVE-2018-19784(7.5), etc.]

經理   •  合群樹脂實業有限公司

九月 2016 - 五月 2018  |  Taipei, Taiwan

  • 1.客戶開發
      既有客戶聯繫
      找尋新客戶

    2.產品開發製造
      既有規格產品製造
      客製規格產品開發

    3.進銷存管理
      庫存盤點
      進貨
      銷貨
      EXCEL VBA 成本計算等

    4.帳務處理
      應收帳款
      應付帳款
      開立支票等

    5.資訊系統處理
      PC故障維修
      系統實轉虛等

    6.部屬任務安排

    7.廠房修繕

資訊副工程師  •  森霸電力股份有限公司

二月 2012 - 八月 2016  |  Taipei, Taiwan

  • 工作內容:

    1. 程式設計
      PHPBB架設及修改,作為公司公告系統。
      PHP撰寫個人電腦資訊查詢系統,作為採購、報廢等依據。
      PHP撰寫公司表單查詢系統
      PHP撰寫破解AD帳密程序,驗證資安問題。
      PHP撰寫SNMP抓流量並圖形化程序,提供同仁參考網路狀況。
      VB.NET撰寫多執行緒掃網段串改封包程序,驗證資安問題。
      Excel VBA, 公式, 圖表,協助倉管盤點及計算備品價值。
      查看廠商撰寫之電廠系統程式碼(JSP),並成功發現無效存取控管弱點。
      其它

    2. 系統管理
      Windows Server 2003管理
      DNS
      DHCP
      AD(GPO、權限等設定、Login Script)
      Server問題排除
      機房硬體設備(NAS、CDP、RAID)
      其它

    3. 網路管理
      封包攔截分析
      VLAN
      MAC Filter
      Switch
      Router
      Routing Table
      其它

    4. 個人電腦故障排除
      Windows XP、Windows 7
      Office(Excel、Word、Outlook)
      Printer
      IE
      其它

    5. 案件發包
    6. 物品請購
    7. 倉管
    8. 總機系統管理
    9. 文書處理
    10. 門禁&監視器處理
    11. 其他主管交辦事項

專案經理  •  竹貓星球數位股份有限公司

九月 2011 - 一月 2012  |  Taipei, Taiwan

  • 1. 台積電專案系統開發,採用PHP + MySQL + MSSQL。

PHP程式設計師  •  知識科技股份有限公司

十二月 2009 - 五月 2011  |  Taipei, Taiwan

  • 新人獎 - 2011

    工作內容:
    1. jQuery
    2. PHP
    3. MySQL
    4. CI MVC Framework

    5. Windows Server 2003
    6. DNS
    7. IIS
    8. File Server
    9. SVN Server
    10. CA Server

    11. 客制化 PHP 程式設計
    12. Yahoo EWS API
    13. PayPal API
    14. facebook API
    15. Google API

    16. 安全漏洞檢測,成功發現多項漏洞,並提報給公司負責人
    17. 效能等其他問題檢測
Resume
Profile
Print

Yu-Hsiang Huang

Associate Technical Manager

Obtained MCP certification in server management, proficient in Microsoft operating system. Familiar with server operations such as AD, DNS, DHCP, and IIS.

--------------------

Proficient in system development using PHP/Laravel, Python, as well as other languages like VB.net, Rust, etc. The technologies used include but are not limited to:

[

console, Redis, relational database, multi-thread, multi-process, dependency injection, restful API, schedule, queue, broadcast, i18n, unit test, Selenium, mock, one-click installation.

]


Completed projects:

  1. Independently developed CMS for many companies.
  2. Used GitLab API and Docker SDK, and integrated Nessus and other security tools to develop an automated security assessment system.
  3. Independently developed a security automation framework for reproduction and revalidation.
  4. Independently weaponized the Python package <TFTPY> as a penetration testing tool.


Side projects & special achievements:

  1. Independently developed a program to receive the network traffic information using the SNMP protocol and visualize it graphically.
  2. Independently developed a hexagonal menu and a moving light bar using JavaScript and other technologies.
  3. Independently developed a multi-threaded websocket server using PHP & VB.Net.
  4. Independently developed malicious programs such as brute-force tools, vulnerability PoCs, webshells, packet manipulators, and used WinAPI to control the operating system.
  5. Independently used and modified the Python package <BooFuzz> to develpoed a fuzzer.
  6. Independently developed Nessus plugins.
  7. Independently developed the legal programs to save on cybersecurity software licenses, which can save tens of thousands to hundreds of thousands of New Taiwan Dollars per year, depending on the scale of usage.

--------------------

In the field of cybersecurity, I have obtained the ECSA certification and referred to OSWE study materials, considering myself to have a level of expertise above that of OSWE.


Completed projects:

  1. Participated in the handling of major cybersecurity incidents for government agencies.
  2. Completed numerous penetration testing tasks for many companies, identifying high, medium, and low-risk vulnerabilities, totaling hundreds of system vulnerabilities. Even obtained the RCE vulnerabilities in several commercial products.
  3. Assisted two employers in conducting security regulation-related tests, writing test cases, etc. For example, tests related to IEC 62443 SVV 1-4, such as compliance testing, mitigation plan testing, vulnerability scanning, fuzz testing, penetration testing, and various other tests.
  4. Assisted in manually reproducing and revalidating vulnerabilities, including fixing and developing PoCs.


Side projects & special achievements:

  1. Ranked 344th individually, and 153rd as a team in HTB within four months.
  2. Independently obtained over 40 CVEs, including some in well-known software. Some of the CVEs have been inquired about by an antivirus software company and other unspecified individuals.
  3. Disclosed vulnerabilities without requesting CVEs afterwards, totaling 5 or more.
  4. Undisclosed vulnerabilities total more than 16, including vulnerabilities in NETGEAR, Alcatel, Discuz! X3.4, RCE vulnerabilities in many schools, vulnerabilities in internal systems of many companies, vulnerabilities in many well-known shopping websites, and others.
  5. Participated in patching the security vulnerability in the open-source project phpMyAdmin.
  6. Independently created the p12 file to reproduce CVE-2022-0778 (the p12 file has been saved on GitHub and listed on cvexploits).
  7. Reported a vulnerability in ZyXEL products and received a letter of appreciation.
  8. Reported an information system vulnerability in Realtek and received a reward.
  9. Reported the vulnerability in a company's product serial number rules to prevent the company from suffering losses.

Zhongli District, Taoyuan City, Taiwan
[email protected]

https://github.com/HuangYuHsiangPhone

EDUCATION

Leader University

Master Degree of Computer Science & Information Engineering  •  2007 - 2009


SKILLS

  • Active Directory
  • IIS
  • PHP
  • Laravel
  • Python
  • Rust
  • jQuery
  • Vue
  • Penetration Testing
  • Kali
  • Metasploit
  • Burp Suite
  • Nessus
  • Acunetix

Languages

  • Chinese — native
  • English — basic

WORK & EXPERIENCE

Senior Engineer  •  <Hidden>

Mar. 2022 - Present  |  Taipei, Taiwan

  • Job responsibilities:
    1. Assisted PSIRT and Cybersecurity Testing Team in avoiding unnecessary or incorrect testing steps and collecting information related to vulnerability confirmation.
    2. Studied cybersecurity regulations, such as 62443-4-2, and wrote the test cases. Responsible for pretesting to ensure compliance with Korean cybersecurity regulations.
    3. Wrote the test cases for threat mitigation plans and executed the test cases.
    4. Developed Jira Automation.
    5. Independently modified and weaponized the Python package <TFTPY> as a PT tool.
    6. Used Python, Robot Framework, etc. to independently develop automated testing for reproducing vulnerabilities and mitigation plans.
      [
      setuptools, click, scapy, multi-process.
      Improving the situation of having to modify the automation program significantly when there's a change to web code.
      Packets detection, such as VRRP and ICMP.
      ]
    7. Used PHP, Bat files, and related APIs to independently develop cybersecurity automation systems that meet the needs of various departments.
      [
      console, Redis, relational database, dependency injection, restful api
      schedule, queue, broadcast, i18n, one-click installation
      ]
    8. Reproduced CVEs; some examples are listed below.
      [
      Independently created the p12 file to reproduce CVE-2022-0778 (the p12 file has been saved on GitHub and listed on cvexploits).
      Independently assisted PSIRT in clarifying the scope of impact of CVE-2021-3493 and tracing related Linux code.
  • Cybersecurity achievements:
    1. Independently conducted penetration testing on company's products, discovering several dozens of high-risk vulnerabilities. Some vulnerabilities were memory-related and expected to be applied together for several CVEs.
    2. Succeeded in bypassing the RD's patches many times.
    3. Independently developed the legal programs to save on cybersecurity software licenses, which can save tens of thousands to hundreds of thousands of New Taiwan Dollars per year, depending on the scale of usage.
    4. Reported the vulnerability in the company's product serial number rules to prevent the company from suffering losses.
  • Others:
    1. Independently developed Nessus plugins.
    2. Independently discovered several vulnerabilities on TestLink
      [
      CVE-2022-35196(8.8), etc.
      ]
    3. Independently discovered several vulnerabilities on Moxa MXsecurity
      [
      CVE-2023-41438(0.0), CVE-2023-41440(0.0), etc.
      ]

Associate Technical Manager  •  Bureau Veritas

Aug. 2021 - Feb. 2022  |  Taipei, Taiwan

  • Job responsibilities
    1. Studied cybersecurity regulations, , such as 303645, 62443-4-2, and wrote the test cases.
    2. Independently conducted vulnerability scanning.
    3. Independently conducted fuzz testing and developed specific protocol fuzzer.
    4. Independently conducted penetration testing.
  • Cybersecurity achievements
    1. Independently discovered many high, medium and low cybersecurity vulnerabilities, such as RCE, DoS, injection, in products of various industrial control device manufacturers.
  • Others
    1. Reported a vulnerability in ZyXEL products and received a letter of appreciation.

Staff Engineer / IoT Vulnerability Researcher  •  Panasonic

Apr. 2020 - Aug. 2021  |  Taipei, Taiwan

  • Job responsibilities
    1. Developed a CLI automation security testing system using Python.
      1. Used Docker SDK, GitLab API, etc.
      2. Corrected cross-platform program issues.
      3. Integrated security programs such as Nessus 8.
      4. Automated the setup of an IIS PHP web server using WinAPI.
      5. Decoupled the program.
      6. Unit Test, Code Coverage, Mock.
    2. Independently developed a web automated security testing system using Laravel.
      1. Used bootstrap + Vue + jQuery
      2. Restful API.
      3. Unit test, code coverage, mock, faker.
      4. Integrated the Python CLI program and provided real-time output. 
    3. Penetration testing for IoT devices and web.
  • Cybersecurity achievements
    1. Independently discovered the RCE vulnerability in commercial software developed by my current employer using Python and PHP.
    2. Independently discovered the RCE vulnerability in commercial software developed by another company within the group, using Node.js and C#.
  • Others
    1. Independently discovered high-risk vulnerabilities in the information systems of many listed semiconductor companies in Taiwan.
    2. Independently discovered high-risk vulnerabilities on Discuz! X3.4.
    3. Independently achieved the User privilege in the 130th place on HTB Proper(Win, Hard) on Mar. 23, 2021.
    4. Independently developed jQuery plugins.
    5. Independently developed a hexagonal menu and a moving light bar using JavaScript and other technologies.
    6. Independently discovered information leakage vulnerability in MS IE.
    7. Independently discovered several vulnerabilities on NETGEAR RAX80 and Alcatel I-040GW
      [
      CVE-2020-*****(0.0) x 2
      ]

Vulnerability Analysis Engineer  •  Next Bank

Dec. 2019 - Apr. 2020  |  Taipei, Taiwan

  • Job responsibilities
    1. Participated in Nexpose/Nessus vulnerability scanning automation PoC.
    2. Participated in Fortify source code scanning automation PoC.
    3. Participated in penetration testing.
  • Cybersecurity achievements
    1. Independently discovered several vulnerabilities on iTop
      [
      CVE-2020-12777(7.5),CVE-2020-12778(6.1)
      CVE-2020-12779(5.4),CVE-2020-12780(7.5)
      CVE-2020-12781(8.8)
      ]
  • Others
    1. Independently developed a multi-threaded websocket server using PHP & VB.Net.

Engineer  •  NCCST

Jun. 2018 - Nov. 2019  |  Taipei, Taiwan

  • Job responsibilities
    1. Performing penetration testing on the government information systems.
    2. Black-box and white-box testing.
    3. Reverse engineering of the .NET programs.
    4. Assisted government agencies in setting up the scenario for the 2019 Cyber Offensive and Defensive Exercise (CODE).
    5. Independently developed a report management system and a program for automatically fetching email attachments using Laravel.
  • Cybersecurity achievements
    1. Joined a government attack and defense exercise halfway through and ranked second among approximately 90 attackers as a newcomer. Discovered over 140 vulnerabilities and received corresponding rewards.
    2. Capable of manually bypassing a web application firewall (WAF) to achieve attacks that are difficult for tools to accomplish.
    3. Independently developed scanning and attack tools (such as CVE PoCs, scanners for specific vulnerabilities, PHP & ASPX webshells), using technologies including but not limited to curl, socket, multi-thread.
  • Others
    1. Ranked 344th individually, and 153rd as a team in HTB within four months.
    2. Participated in patching the security vulnerability in the open-source project phpMyAdmin.
    3. A total of at least 34 CVEs have been applied for. Only some are listed as follows:
      1. Independently discovered several vulnerabilities on GSS Tracko, Radar.
        [The request to revoke the CVE ID has been made.(0.0), etc.]
      2. Independently discovered several vulnerabilities on InfoDoc ODMS.
        [The request to revoke the CVE ID has been made.(9.8), etc.]
      3. Independently discovered several vulnerabilities on DrayTek Vigor2925.
        [CVE-2019-16533(6.1), etc.]
      4. Independently discovered several vulnerabilities on ESRI ArcGIS Enterprise.
        [CVE-2019-16193(5.4)]
      5. Independently discovered several vulnerabilities on Avaya Scopia Desktop.
        [CVE-2019-6998(6.4), etc.]
      6. Independently discovered several vulnerabilities on phpMyAdmin.
        [CVE-2019-6798(9.8), etc.]
      7. Independently discovered several vulnerabilities on MyWebSQL.
        [CVE-2019-7731(9.8), etc.]
      8. Independently discovered several vulnerabilities on DbNinja.
        [CVE-2019-7747(9.6), etc.]
      9. Independently discovered several vulnerabilities on webERP.
        [CVE-2018-19434(7.2), etc.]
      10. Independently discovered several vulnerabilities on KindEditor.
        [CVE-2018-18950(7.5), etc.]
      11. Independently discovered several vulnerabilities on PHP-Proxy.
        [CVE-2018-19784(7.5), etc.]

經理   •  合群樹脂實業有限公司

九月 2016 - 五月 2018  |  Taipei, Taiwan

  • 1.客戶開發
      既有客戶聯繫
      找尋新客戶

    2.產品開發製造
      既有規格產品製造
      客製規格產品開發

    3.進銷存管理
      庫存盤點
      進貨
      銷貨
      EXCEL VBA 成本計算等

    4.帳務處理
      應收帳款
      應付帳款
      開立支票等

    5.資訊系統處理
      PC故障維修
      系統實轉虛等

    6.部屬任務安排

    7.廠房修繕

資訊副工程師  •  森霸電力股份有限公司

二月 2012 - 八月 2016  |  Taipei, Taiwan

  • 工作內容:

    1. 程式設計
      PHPBB架設及修改,作為公司公告系統。
      PHP撰寫個人電腦資訊查詢系統,作為採購、報廢等依據。
      PHP撰寫公司表單查詢系統
      PHP撰寫破解AD帳密程序,驗證資安問題。
      PHP撰寫SNMP抓流量並圖形化程序,提供同仁參考網路狀況。
      VB.NET撰寫多執行緒掃網段串改封包程序,驗證資安問題。
      Excel VBA, 公式, 圖表,協助倉管盤點及計算備品價值。
      查看廠商撰寫之電廠系統程式碼(JSP),並成功發現無效存取控管弱點。
      其它

    2. 系統管理
      Windows Server 2003管理
      DNS
      DHCP
      AD(GPO、權限等設定、Login Script)
      Server問題排除
      機房硬體設備(NAS、CDP、RAID)
      其它

    3. 網路管理
      封包攔截分析
      VLAN
      MAC Filter
      Switch
      Router
      Routing Table
      其它

    4. 個人電腦故障排除
      Windows XP、Windows 7
      Office(Excel、Word、Outlook)
      Printer
      IE
      其它

    5. 案件發包
    6. 物品請購
    7. 倉管
    8. 總機系統管理
    9. 文書處理
    10. 門禁&監視器處理
    11. 其他主管交辦事項

專案經理  •  竹貓星球數位股份有限公司

九月 2011 - 一月 2012  |  Taipei, Taiwan

  • 1. 台積電專案系統開發,採用PHP + MySQL + MSSQL。

PHP程式設計師  •  知識科技股份有限公司

十二月 2009 - 五月 2011  |  Taipei, Taiwan

  • 新人獎 - 2011

    工作內容:
    1. jQuery
    2. PHP
    3. MySQL
    4. CI MVC Framework

    5. Windows Server 2003
    6. DNS
    7. IIS
    8. File Server
    9. SVN Server
    10. CA Server

    11. 客制化 PHP 程式設計
    12. Yahoo EWS API
    13. PayPal API
    14. facebook API
    15. Google API

    16. 安全漏洞檢測,成功發現多項漏洞,並提報給公司負責人
    17. 效能等其他問題檢測