CakeResume
CakeResume Logo
Log In
Sign Up
Build your Network
My Network
Access your personal network connections and manage your contacts.
CakeResume Meet
Expand your professional network by meeting and connecting with other users.
Community
Engage with other users through discussions, forums, and networking events.
Log In
Sign Up

CakeResume Talent Search

Advanced filters
On
Ready to interview
Open to opportunities
Not open to opportunities
United States
Taiwan
台灣
Taipei City, Taiwan
Egypt
Taoyuan City, Taiwan
مصر
台北市, 台灣
桃園市, 台灣
Cairo, Egypt
Chicago, United States
Ho Chi Minh, Vietnam
India
Taipei, Taiwan
Thành phố Hồ Chí Minh, Việt Nam
Vietnam
Việt Nam
محافظة القاهرة, مصر
Argentina
Aurora, United States
Media / Communication
Design
IT
Construction
Customer Service
Education
Engineering
Finance
Catering / Food & Beverage
Game Production
HR
Law
Management / Business
Manufacturing
Marketing / Advertising
Sales
Tech
Design / Art
Fashion / Luxury / Beauty / Lifestyle
Advertising / Marketing / Agency
Banking / Insurance / Finance
Culture / Media / Entertainment
Industry
Architecture
Consultant / Audit
Food and Beverage
Legal / Law
Public administration
Less than 1 year
1-2 years
2-4 years
4-6 years
6-10 years
10-15 years
More than 15 years
AI Smart Matching
On
Chaoyang University of Technology
National Sun Yat-sen University
國立中山大學
朝陽科技大學
Aletheia University
Birmingham City University
Chung Yuan Christian University
National Kaohsiung University of Applied Sciences
National United University
Rutgers University
Shih Chien University
State University of Jakarta
Universitas Negeri Jakarta
University of California Irvine
University of California, Irvine
University of North Carolina at Chapel Hill
中原大學
國立聯合大學
國立高雄應用科技大學
實踐大學
真理大學
United States
Taiwan
台灣
Taipei City, Taiwan
台北市, 台灣
Egypt
مصر
Cairo, Egypt
Ho Chi Minh, Vietnam
India
Taoyuan City, Taiwan
Thành phố Hồ Chí Minh, Việt Nam
United Arab Emirates
Vietnam
Việt Nam
الامارات العربية المتحدة
محافظة القاهرة, مصر
桃園市, 台灣
Australia
Austria
Full-time
Part-time
PowerPoint
Word
Excel
Google Drive
Leadership
illustrator
photoshop
Analysis
Business Development
Communication
No
Yes
1-5 people
5-10 people
10-15 people
15+ people
Within one month
Within two months
Within three months
Within six months
Within one year
More than one year
CEO
Open to opportunities
Aeronautical Engineering
CEO & Co-Founder
CG Artist
Civil Project Manager
Construction Electrician
Couples Management and/or Caretaking
Embedded Software Engineer
Engineer Project
Bachelor of Arts (BA)
Bachelor of Business Administration (BBA)
Bachelor of Engineering (BEng)
Bachelor of Fine Arts (BFA)
Bachelor of Science (BS)
Bachelor’s Degree
Master of Science (MS)
Master’s Degree
Non-Degree Program (e.g. Coursera certificate)
Other
Associate
Bachelor
Master
2019
2018
2016
2013
2012
2010
2009
2007
2004
1986
Current company
Off
Select all
Childs Dreyfuss Group
Dr. Seth and Corinne Kaplan
GabrielInspiresME.com
Glencoe Union Church
Mig and Tig Furniture
Self Employed
17LIVE Inc.
A-TEAM Design 樺諺國際 Product Design Company
AVIX Technology Inc.
Abela & Co Catering
Interested in working remotely
Not interested in working remotely
Remote Only
Full-time freelancer
Part-time freelancer
Non-freelancer
English - Fluent
Chinese - Native or Bilingual
English - Professional
English - Intermediate
English - Native or Bilingual
Arabic - Professional
Arabic - Native or Bilingual
French - Intermediate
German - Intermediate
Polish - Native or Bilingual
English
Chinese
4-6 years
6-10 years
10-15 years
More than 15 years
  • Exclude read results
  • Show all experiences
Avatar of the user.
Avatar of the user.
Available for paid companies
Garrett Jabbour - Best AC Contractor @Garrett Jabbour
2013 ~ Present
CEO & Co-Founder
More than one year
Word
PowerPoint
Excel
Employed
Full-time / Interested in working remotely
4-6 years
Avatar of Competitive Plumbing And Hvac.
Avatar of Competitive Plumbing And Hvac.
Competitive Plumbing And Hvac
Professional Plumbing, Leak and Heating Services. @Competitive Plumbing And Hvac
2016 ~ Present
Plumbing Services
More than one year
adaptations. All installations are designed and installed to the latest regulations, Competitive Plumbing, And HVAC recommendations to ensure an efficient and quality installation. Plumbing & Heating Services are approved installers which enables us to offer longer warranties than standard. We also supply & install other manufactures of domestic and light commercial boilers. Education Carnegie Vanguard High School, Other, Business, 2010 ~ 2013 We dedicate Monday evenings to our program of societies and clubs. The Lower Sixth are encouraged to take on leadership roles within societies and clubs, setting the direction and content. This opportunity provides excellent support
PowerPoint
english
Employed
Full-time / Not interested in working remotely
4-6 years
Carnegie Vanguard High School
Business
Avatar of Leslie Crenshaw.
Avatar of Leslie Crenshaw.
Leslie Crenshaw
Couples Management and/or Caretaking
More than one year
numerous states with defunct properties. One half of a two-person team responsible for restoring the physical, code compliant functioning of said properties while simultaneously returning an income generating status through interdepartmental operations. R.C. Construction ,JanPerformed custom renovation and remodeling services in the residential and light commercial fields. Additionally responsible for marketing, client retention, and hiring of personnel. AllPro Residential , JanMay 2018 Partner/Office Manager. Just to name a few of the hats I wore on behalf of the company: advertising/marketing, basic accounting and bookkeeping, public relations/networking
Adaptability
Advertising [Online and Offline]
Attention to Details
Full-time / Interested in working remotely
More than 15 years
The School of Hard Knocks
Life
Avatar of 陳柏霖.
Avatar of 陳柏霖.
陳柏霖
Product Planner @Asus 華碩電腦股份有限公司
2022 ~ Present
Sr./ project manager
Within one month
the competitor study (Dell, HP) regard to the BIOS Setup Menu. Discuss with RD leader to narrow down the features. 2. Manage the AI Audio and Camera vendor and negotiate the contract details. 3. Plan part of features of the new App-My ASUS for commercial, which including the account management, dashboard, and notification. 4. Integrate the rule of the LED Light indicator for commercial product which including the Notebook, All in One, and Desktop. Sr. Project Manager at HODWA Co., Ltd. [Project Process- NPI] 1. Innovate and
Word
Google Drive
Excel
Employed
Full-time / Interested in working remotely
6-10 years
National Sun Yat-Sen University 國立中山大學
企業管理學系
Avatar of Yu-Hsiang Huang.
Active
Avatar of Yu-Hsiang Huang.
Active
Yu-Hsiang Huang
高級工程師 @不顯示公司名稱
2022 ~ Present
滲透測試、資訊安全、系統開發、程式設計
Within one month
automation framework for reproduction and revalidation. Independently weaponized the Python package <TFTPY> as a penetration testing tool. Side projects & special achievements: Independently developed a program to receive the network traffic information using the SNMP protocol and visualize it graphically. Independently developed a hexagonal menu and a moving light bar using JavaScript and other technologies. Independently developed a multi-threaded websocket server using PHP & VB.Net. Independently developed malicious programs such as brute-force tools, vulnerability PoCs, webshells, packet manipulators, and used WinAPI to control the operating system. Independently used and modified the Python
Active Directory
IIS
PHP
Employed
Ready to interview
Full-time / Interested in working remotely
10-15 years
立德大學
資訊工程
Avatar of the user.
Avatar of the user.
Available for paid companies
Sr. UI/UX Designer @PNY Technologies Inc.
2023 ~ Present
UI/UX設計師
Within one month
Adobe Photoshop
Adobe Illustrator
Figma
Employed
Ready to interview
Full-time / Remote Only
10-15 years
中原大學
商業設計
Avatar of Aref Malakootifar.
Avatar of Aref Malakootifar.
Aref Malakootifar
Founder & 3D Artist @Three Eyed Monkey Studio
2021 ~ Present
CG Artist
Within six months
Aref Malakootifar Founder & CG Artist Vienna, Austria Creative and collaborative 3D artist with 10 years of experience working on diverse CG projects including art direction, creating interactive real-time visualization, animation for cinematic films, CG Commercials, video games character/props/environment, architecture visualization, event rendering and etc. https://temstudio.co www.linkedin.com/in/arefma [email protected] Experience Founder & 3D Artist • Three Eyed Monkey Studio JanuaryPresent * Developing top-notch interactive real-time applications for architecture, automotive, products and other industries * Making new solutions by implementing
3ds max
Unreal Engine
Substance Painter
Employed
Part-time / Remote Only
6-10 years
University of Applied Sciences Salzburg
3D Animation
Avatar of Wayne Hsu.
Avatar of Wayne Hsu.
Wayne Hsu
UX Designer @OneDegree
2020 ~ Present
Senior Product Designer
Within one month
Wayne HSU Product (UIUX) Designer Wayne is a multi-disciplinary Product Designer with 6.5 years of delivering feasible UX/UI deliverables for commercial products (Web & App) from end to end in various sectors, including fintech (2B), manufacturing (2B), and retail (2C). He led a thorough UX audit that streamlined a huge product's flow within 2 months (Agile) and delivered a brand-new functionality from UX to UI that engaged many clients (Waterfall). Wayne considers himself as an analytical, observant, and conscientious person who's always drawn to engage in complex challenges. Plus, he
Sketch
Zeplin
Photoshop
Employed
Full-time / Interested in working remotely
6-10 years
Shin Chien University
Departments of communications Design
Avatar of the user.
Avatar of the user.
Available for paid companies
Past
Commercial Validation engineer @HP Taiwan 台灣惠普科技股份有限公司
2022 ~ 2023
Software Test Engineer
Within six months
Computer Software
Analysis
Component Testing
Unemployed
Full-time / Interested in working remotely
10-15 years
Hsing Wu University of Science and Technology
Bachelor degrees
Avatar of 陳韻如 Eunice Chen.
Avatar of 陳韻如 Eunice Chen.
陳韻如 Eunice Chen
藝人助理 @多曼尼家族傳播有限公司
2022 ~ Present
演藝經紀
Within one year
陳韻如 Eunice Chen Where your comfort zone ends, your life begins. [email protected] 學歷 Education 國立高雄應用科技大學, 學士學位, 觀光管理, 2015 ~ 2019 National Kaohsiung University of Applied Sciences, Bachelor degree, Tourism Management國立新竹高級商業職業學校, 高中文憑, 資料處理, 2013 ~ 2015 National HsinChu Commercial Vocational High School, Data Processing 語言 Languege 中文 Mandarin - 精通 Native 台語 Taiwanese-精通 Native 英文 English
Snapseed
Lightroom
BLS(基本救命術證照)
Employed
Not open to opportunities
Full-time / Interested in working remotely
4-6 years
高雄應用科技大學
觀光管理

The Most Lightweight and Effective Recruiting Plan

Search resumes and take the initiative to contact job applicants for higher recruiting efficiency. The Choice of Hundreds of Companies.

  • Browse all search results
  • Unlimited access to start new conversations
  • Resumes accessible for only paid companies
  • View users’ email address & phone numbers
Upgrade Now
7-day money-back guarantee, cancel anytime
12345
Search Tips
1
Search a precise keyword combination
senior backend php
If the number of the search result is not enough, you can remove the less important keywords
2
Use quotes to search for an exact phrase
"business development"
3
Use the minus sign to eliminate results containing certain words
UI designer -UX
Only public resumes are available with the free plan.
Upgrade to an advanced plan to view all search results including tens of thousands of resumes exclusive on CakeResume.
Upgrade Now

Definition of Reputation Credits

Technical Skills
Specialized knowledge and expertise within the profession (e.g. familiar with SEO and use of related tools).
Problem-Solving
Ability to identify, analyze, and prepare solutions to problems.
Adaptability
Ability to navigate unexpected situations; and keep up with shifting priorities, projects, clients, and technology.
Communication
Ability to convey information effectively and is willing to give and receive feedback.
Time Management
Ability to prioritize tasks based on importance; and have them completed within the assigned timeline.
Teamwork
Ability to work cooperatively, communicate effectively, and anticipate each other's demands, resulting in coordinated collective action.
Leadership
Ability to coach, guide, and inspire a team to achieve a shared goal or outcome effectively.
Within one month
Avatar of Yu-Hsiang Huang.
Yu-Hsiang Huang
Associate Technical Manager
不顯示公司名稱
2022 ~ Present
臺灣桃園市中壢區
Professional Background
Current status
Employed
Job Search Progress
Ready to interview
Professions
Security Engineer, Back-end Engineer
Fields of Employment
Cyber Security
Work experience
10-15 years
Management
I've had experience in managing 1-5 people
Skills
Active Directory
IIS
PHP
Laravel
Python
Rust
jQuery
Vue
Penetration Testing
Kali
Metasploit
Burp Suite
Nessus
Acunetix
MySQL / Mariadb
Languages
Chinese
Native or Bilingual
English
Beginner
Job search preferences
Positions
滲透測試、資訊安全、系統開發、程式設計
Job types
Full-time
Locations
台灣, 日本
Remote
Interested in working remotely
Freelance
No
Educations
School
立德大學
Major
資訊工程
Print

Yu-Hsiang Huang

Associate Technical Manager

Obtained MCP certification in server management, proficient in Microsoft operating system. Familiar with server operations such as AD, DNS, DHCP, and IIS.

--------------------

Proficient in system development using PHP/Laravel, Python, as well as other languages like VB.net, Rust, etc. The technologies used include but are not limited to:

[

console, Redis, relational database, multi-thread, multi-process, dependency injection, restful API, schedule, queue, broadcast, i18n, unit test, Selenium, mock, one-click installation.

]


Completed projects:

  1. Independently developed CMS for many companies.
  2. Used GitLab API and Docker SDK, and integrated Nessus and other security tools to develop an automated security assessment system.
  3. Independently developed a security automation framework for reproduction and revalidation.
  4. Independently weaponized the Python package <TFTPY> as a penetration testing tool.


Side projects & special achievements:

  1. Independently developed a program to receive the network traffic information using the SNMP protocol and visualize it graphically.
  2. Independently developed a hexagonal menu and a moving light bar using JavaScript and other technologies.
  3. Independently developed a multi-threaded websocket server using PHP & VB.Net.
  4. Independently developed malicious programs such as brute-force tools, vulnerability PoCs, webshells, packet manipulators, and used WinAPI to control the operating system.
  5. Independently used and modified the Python package <BooFuzz> to develpoed a fuzzer.
  6. Independently developed Nessus plugins.
  7. Independently developed the legal programs to save on cybersecurity software licenses, which can save tens of thousands to hundreds of thousands of New Taiwan Dollars per year, depending on the scale of usage.

--------------------

In the field of cybersecurity, I have obtained the ECSA certification and referred to OSWE study materials, considering myself to have a level of expertise above that of OSWE.


Completed projects:

  1. Participated in the handling of major cybersecurity incidents for government agencies.
  2. Completed numerous penetration testing tasks for many companies, identifying high, medium, and low-risk vulnerabilities, totaling hundreds of system vulnerabilities. Even obtained the RCE vulnerabilities in several commercial products.
  3. Assisted two employers in conducting security regulation-related tests, writing test cases, etc. For example, tests related to IEC 62443 SVV 1-4, such as compliance testing, mitigation plan testing, vulnerability scanning, fuzz testing, penetration testing, and various other tests.
  4. Assisted in manually reproducing and revalidating vulnerabilities, including fixing and developing PoCs.


Side projects & special achievements:

  1. Ranked 344th individually, and 153rd as a team in HTB within four months.
  2. Independently obtained over 40 CVEs, including some in well-known software. Some of the CVEs have been inquired about by an antivirus software company and other unspecified individuals.
  3. Disclosed vulnerabilities without requesting CVEs afterwards, totaling 5 or more.
  4. Undisclosed vulnerabilities total more than 16, including vulnerabilities in NETGEAR, Alcatel, Discuz! X3.4, RCE vulnerabilities in many schools, vulnerabilities in internal systems of many companies, vulnerabilities in many well-known shopping websites, and others.
  5. Participated in patching the security vulnerability in the open-source project phpMyAdmin.
  6. Independently created the p12 file to reproduce CVE-2022-0778 (the p12 file has been saved on GitHub and listed on cvexploits).
  7. Reported a vulnerability in ZyXEL products and received a letter of appreciation.
  8. Reported an information system vulnerability in Realtek and received a reward.
  9. Reported the vulnerability in a company's product serial number rules to prevent the company from suffering losses.

Zhongli District, Taoyuan City, Taiwan
[email protected]

https://github.com/HuangYuHsiangPhone

EDUCATION

Leader University

Master Degree of Computer Science & Information Engineering  •  2007 - 2009


SKILLS

  • Active Directory
  • IIS
  • PHP
  • Laravel
  • Python
  • Rust
  • jQuery
  • Vue
  • Penetration Testing
  • Kali
  • Metasploit
  • Burp Suite
  • Nessus
  • Acunetix

Languages

  • Chinese — native
  • English — basic

WORK & EXPERIENCE

Senior Engineer  •  <Hidden>

Mar. 2022 - Present  |  Taipei, Taiwan

  • Job responsibilities:
    1. Assisted PSIRT and Cybersecurity Testing Team in avoiding unnecessary or incorrect testing steps and collecting information related to vulnerability confirmation.
    2. Studied cybersecurity regulations, such as 62443-4-2, and wrote the test cases. Responsible for pretesting to ensure compliance with Korean cybersecurity regulations.
    3. Wrote the test cases for threat mitigation plans and executed the test cases.
    4. Developed Jira Automation.
    5. Independently modified and weaponized the Python package <TFTPY> as a PT tool.
    6. Used Python, Robot Framework, etc. to independently develop automated testing for reproducing vulnerabilities and mitigation plans.
      [
      setuptools, click, scapy, multi-process.
      Improving the situation of having to modify the automation program significantly when there's a change to web code.
      Packets detection, such as VRRP and ICMP.
      ]
    7. Used PHP, Bat files, and related APIs to independently develop cybersecurity automation systems that meet the needs of various departments.
      [
      console, Redis, relational database, dependency injection, restful api
      schedule, queue, broadcast, i18n, one-click installation
      ]
    8. Reproduced CVEs; some examples are listed below.
      [
      Independently created the p12 file to reproduce CVE-2022-0778 (the p12 file has been saved on GitHub and listed on cvexploits).
      Independently assisted PSIRT in clarifying the scope of impact of CVE-2021-3493 and tracing related Linux code.
  • Cybersecurity achievements:
    1. Independently conducted penetration testing on company's products, discovering several dozens of high-risk vulnerabilities. Some vulnerabilities were memory-related and expected to be applied together for several CVEs.
    2. Succeeded in bypassing the RD's patches many times.
    3. Independently developed the legal programs to save on cybersecurity software licenses, which can save tens of thousands to hundreds of thousands of New Taiwan Dollars per year, depending on the scale of usage.
    4. Reported the vulnerability in the company's product serial number rules to prevent the company from suffering losses.
  • Others:
    1. Independently developed Nessus plugins.
    2. Independently discovered several vulnerabilities on TestLink
      [
      CVE-2022-35196(8.8), etc.
      ]
    3. Independently discovered several vulnerabilities on Moxa MXsecurity
      [
      CVE-2023-41438(0.0), CVE-2023-41440(0.0), etc.
      ]

Associate Technical Manager  •  Bureau Veritas

Aug. 2021 - Feb. 2022  |  Taipei, Taiwan

  • Job responsibilities
    1. Studied cybersecurity regulations, , such as 303645, 62443-4-2, and wrote the test cases.
    2. Independently conducted vulnerability scanning.
    3. Independently conducted fuzz testing and developed specific protocol fuzzer.
    4. Independently conducted penetration testing.
  • Cybersecurity achievements
    1. Independently discovered many high, medium and low cybersecurity vulnerabilities, such as RCE, DoS, injection, in products of various industrial control device manufacturers.
  • Others
    1. Reported a vulnerability in ZyXEL products and received a letter of appreciation.

Staff Engineer / IoT Vulnerability Researcher  •  Panasonic

Apr. 2020 - Aug. 2021  |  Taipei, Taiwan

  • Job responsibilities
    1. Developed a CLI automation security testing system using Python.
      1. Used Docker SDK, GitLab API, etc.
      2. Corrected cross-platform program issues.
      3. Integrated security programs such as Nessus 8.
      4. Automated the setup of an IIS PHP web server using WinAPI.
      5. Decoupled the program.
      6. Unit Test, Code Coverage, Mock.
    2. Independently developed a web automated security testing system using Laravel.
      1. Used bootstrap + Vue + jQuery
      2. Restful API.
      3. Unit test, code coverage, mock, faker.
      4. Integrated the Python CLI program and provided real-time output. 
    3. Penetration testing for IoT devices and web.
  • Cybersecurity achievements
    1. Independently discovered the RCE vulnerability in commercial software developed by my current employer using Python and PHP.
    2. Independently discovered the RCE vulnerability in commercial software developed by another company within the group, using Node.js and C#.
  • Others
    1. Independently discovered high-risk vulnerabilities in the information systems of many listed semiconductor companies in Taiwan.
    2. Independently discovered high-risk vulnerabilities on Discuz! X3.4.
    3. Independently achieved the User privilege in the 130th place on HTB Proper(Win, Hard) on Mar. 23, 2021.
    4. Independently developed jQuery plugins.
    5. Independently developed a hexagonal menu and a moving light bar using JavaScript and other technologies.
    6. Independently discovered information leakage vulnerability in MS IE.
    7. Independently discovered several vulnerabilities on NETGEAR RAX80 and Alcatel I-040GW
      [
      CVE-2020-*****(0.0) x 2
      ]

Vulnerability Analysis Engineer  •  Next Bank

Dec. 2019 - Apr. 2020  |  Taipei, Taiwan

  • Job responsibilities
    1. Participated in Nexpose/Nessus vulnerability scanning automation PoC.
    2. Participated in Fortify source code scanning automation PoC.
    3. Participated in penetration testing.
  • Cybersecurity achievements
    1. Independently discovered several vulnerabilities on iTop
      [
      CVE-2020-12777(7.5),CVE-2020-12778(6.1)
      CVE-2020-12779(5.4),CVE-2020-12780(7.5)
      CVE-2020-12781(8.8)
      ]
  • Others
    1. Independently developed a multi-threaded websocket server using PHP & VB.Net.

Engineer  •  NCCST

Jun. 2018 - Nov. 2019  |  Taipei, Taiwan

  • Job responsibilities
    1. Performing penetration testing on the government information systems.
    2. Black-box and white-box testing.
    3. Reverse engineering of the .NET programs.
    4. Assisted government agencies in setting up the scenario for the 2019 Cyber Offensive and Defensive Exercise (CODE).
    5. Independently developed a report management system and a program for automatically fetching email attachments using Laravel.
  • Cybersecurity achievements
    1. Joined a government attack and defense exercise halfway through and ranked second among approximately 90 attackers as a newcomer. Discovered over 140 vulnerabilities and received corresponding rewards.
    2. Capable of manually bypassing a web application firewall (WAF) to achieve attacks that are difficult for tools to accomplish.
    3. Independently developed scanning and attack tools (such as CVE PoCs, scanners for specific vulnerabilities, PHP & ASPX webshells), using technologies including but not limited to curl, socket, multi-thread.
  • Others
    1. Ranked 344th individually, and 153rd as a team in HTB within four months.
    2. Participated in patching the security vulnerability in the open-source project phpMyAdmin.
    3. A total of at least 34 CVEs have been applied for. Only some are listed as follows:
      1. Independently discovered several vulnerabilities on GSS Tracko, Radar.
        [The request to revoke the CVE ID has been made.(0.0), etc.]
      2. Independently discovered several vulnerabilities on InfoDoc ODMS.
        [The request to revoke the CVE ID has been made.(9.8), etc.]
      3. Independently discovered several vulnerabilities on DrayTek Vigor2925.
        [CVE-2019-16533(6.1), etc.]
      4. Independently discovered several vulnerabilities on ESRI ArcGIS Enterprise.
        [CVE-2019-16193(5.4)]
      5. Independently discovered several vulnerabilities on Avaya Scopia Desktop.
        [CVE-2019-6998(6.4), etc.]
      6. Independently discovered several vulnerabilities on phpMyAdmin.
        [CVE-2019-6798(9.8), etc.]
      7. Independently discovered several vulnerabilities on MyWebSQL.
        [CVE-2019-7731(9.8), etc.]
      8. Independently discovered several vulnerabilities on DbNinja.
        [CVE-2019-7747(9.6), etc.]
      9. Independently discovered several vulnerabilities on webERP.
        [CVE-2018-19434(7.2), etc.]
      10. Independently discovered several vulnerabilities on KindEditor.
        [CVE-2018-18950(7.5), etc.]
      11. Independently discovered several vulnerabilities on PHP-Proxy.
        [CVE-2018-19784(7.5), etc.]

經理   •  合群樹脂實業有限公司

九月 2016 - 五月 2018  |  Taipei, Taiwan

  • 1.客戶開發
      既有客戶聯繫
      找尋新客戶

    2.產品開發製造
      既有規格產品製造
      客製規格產品開發

    3.進銷存管理
      庫存盤點
      進貨
      銷貨
      EXCEL VBA 成本計算等

    4.帳務處理
      應收帳款
      應付帳款
      開立支票等

    5.資訊系統處理
      PC故障維修
      系統實轉虛等

    6.部屬任務安排

    7.廠房修繕

資訊副工程師  •  森霸電力股份有限公司

二月 2012 - 八月 2016  |  Taipei, Taiwan

  • 工作內容:

    1. 程式設計
      PHPBB架設及修改,作為公司公告系統。
      PHP撰寫個人電腦資訊查詢系統,作為採購、報廢等依據。
      PHP撰寫公司表單查詢系統
      PHP撰寫破解AD帳密程序,驗證資安問題。
      PHP撰寫SNMP抓流量並圖形化程序,提供同仁參考網路狀況。
      VB.NET撰寫多執行緒掃網段串改封包程序,驗證資安問題。
      Excel VBA, 公式, 圖表,協助倉管盤點及計算備品價值。
      查看廠商撰寫之電廠系統程式碼(JSP),並成功發現無效存取控管弱點。
      其它

    2. 系統管理
      Windows Server 2003管理
      DNS
      DHCP
      AD(GPO、權限等設定、Login Script)
      Server問題排除
      機房硬體設備(NAS、CDP、RAID)
      其它

    3. 網路管理
      封包攔截分析
      VLAN
      MAC Filter
      Switch
      Router
      Routing Table
      其它

    4. 個人電腦故障排除
      Windows XP、Windows 7
      Office(Excel、Word、Outlook)
      Printer
      IE
      其它

    5. 案件發包
    6. 物品請購
    7. 倉管
    8. 總機系統管理
    9. 文書處理
    10. 門禁&監視器處理
    11. 其他主管交辦事項

專案經理  •  竹貓星球數位股份有限公司

九月 2011 - 一月 2012  |  Taipei, Taiwan

  • 1. 台積電專案系統開發,採用PHP + MySQL + MSSQL。

PHP程式設計師  •  知識科技股份有限公司

十二月 2009 - 五月 2011  |  Taipei, Taiwan

  • 新人獎 - 2011

    工作內容:
    1. jQuery
    2. PHP
    3. MySQL
    4. CI MVC Framework

    5. Windows Server 2003
    6. DNS
    7. IIS
    8. File Server
    9. SVN Server
    10. CA Server

    11. 客制化 PHP 程式設計
    12. Yahoo EWS API
    13. PayPal API
    14. facebook API
    15. Google API

    16. 安全漏洞檢測,成功發現多項漏洞,並提報給公司負責人
    17. 效能等其他問題檢測
Resume
Profile
Print

Yu-Hsiang Huang

Associate Technical Manager

Obtained MCP certification in server management, proficient in Microsoft operating system. Familiar with server operations such as AD, DNS, DHCP, and IIS.

--------------------

Proficient in system development using PHP/Laravel, Python, as well as other languages like VB.net, Rust, etc. The technologies used include but are not limited to:

[

console, Redis, relational database, multi-thread, multi-process, dependency injection, restful API, schedule, queue, broadcast, i18n, unit test, Selenium, mock, one-click installation.

]


Completed projects:

  1. Independently developed CMS for many companies.
  2. Used GitLab API and Docker SDK, and integrated Nessus and other security tools to develop an automated security assessment system.
  3. Independently developed a security automation framework for reproduction and revalidation.
  4. Independently weaponized the Python package <TFTPY> as a penetration testing tool.


Side projects & special achievements:

  1. Independently developed a program to receive the network traffic information using the SNMP protocol and visualize it graphically.
  2. Independently developed a hexagonal menu and a moving light bar using JavaScript and other technologies.
  3. Independently developed a multi-threaded websocket server using PHP & VB.Net.
  4. Independently developed malicious programs such as brute-force tools, vulnerability PoCs, webshells, packet manipulators, and used WinAPI to control the operating system.
  5. Independently used and modified the Python package <BooFuzz> to develpoed a fuzzer.
  6. Independently developed Nessus plugins.
  7. Independently developed the legal programs to save on cybersecurity software licenses, which can save tens of thousands to hundreds of thousands of New Taiwan Dollars per year, depending on the scale of usage.

--------------------

In the field of cybersecurity, I have obtained the ECSA certification and referred to OSWE study materials, considering myself to have a level of expertise above that of OSWE.


Completed projects:

  1. Participated in the handling of major cybersecurity incidents for government agencies.
  2. Completed numerous penetration testing tasks for many companies, identifying high, medium, and low-risk vulnerabilities, totaling hundreds of system vulnerabilities. Even obtained the RCE vulnerabilities in several commercial products.
  3. Assisted two employers in conducting security regulation-related tests, writing test cases, etc. For example, tests related to IEC 62443 SVV 1-4, such as compliance testing, mitigation plan testing, vulnerability scanning, fuzz testing, penetration testing, and various other tests.
  4. Assisted in manually reproducing and revalidating vulnerabilities, including fixing and developing PoCs.


Side projects & special achievements:

  1. Ranked 344th individually, and 153rd as a team in HTB within four months.
  2. Independently obtained over 40 CVEs, including some in well-known software. Some of the CVEs have been inquired about by an antivirus software company and other unspecified individuals.
  3. Disclosed vulnerabilities without requesting CVEs afterwards, totaling 5 or more.
  4. Undisclosed vulnerabilities total more than 16, including vulnerabilities in NETGEAR, Alcatel, Discuz! X3.4, RCE vulnerabilities in many schools, vulnerabilities in internal systems of many companies, vulnerabilities in many well-known shopping websites, and others.
  5. Participated in patching the security vulnerability in the open-source project phpMyAdmin.
  6. Independently created the p12 file to reproduce CVE-2022-0778 (the p12 file has been saved on GitHub and listed on cvexploits).
  7. Reported a vulnerability in ZyXEL products and received a letter of appreciation.
  8. Reported an information system vulnerability in Realtek and received a reward.
  9. Reported the vulnerability in a company's product serial number rules to prevent the company from suffering losses.

Zhongli District, Taoyuan City, Taiwan
[email protected]

https://github.com/HuangYuHsiangPhone

EDUCATION

Leader University

Master Degree of Computer Science & Information Engineering  •  2007 - 2009


SKILLS

  • Active Directory
  • IIS
  • PHP
  • Laravel
  • Python
  • Rust
  • jQuery
  • Vue
  • Penetration Testing
  • Kali
  • Metasploit
  • Burp Suite
  • Nessus
  • Acunetix

Languages

  • Chinese — native
  • English — basic

WORK & EXPERIENCE

Senior Engineer  •  <Hidden>

Mar. 2022 - Present  |  Taipei, Taiwan

  • Job responsibilities:
    1. Assisted PSIRT and Cybersecurity Testing Team in avoiding unnecessary or incorrect testing steps and collecting information related to vulnerability confirmation.
    2. Studied cybersecurity regulations, such as 62443-4-2, and wrote the test cases. Responsible for pretesting to ensure compliance with Korean cybersecurity regulations.
    3. Wrote the test cases for threat mitigation plans and executed the test cases.
    4. Developed Jira Automation.
    5. Independently modified and weaponized the Python package <TFTPY> as a PT tool.
    6. Used Python, Robot Framework, etc. to independently develop automated testing for reproducing vulnerabilities and mitigation plans.
      [
      setuptools, click, scapy, multi-process.
      Improving the situation of having to modify the automation program significantly when there's a change to web code.
      Packets detection, such as VRRP and ICMP.
      ]
    7. Used PHP, Bat files, and related APIs to independently develop cybersecurity automation systems that meet the needs of various departments.
      [
      console, Redis, relational database, dependency injection, restful api
      schedule, queue, broadcast, i18n, one-click installation
      ]
    8. Reproduced CVEs; some examples are listed below.
      [
      Independently created the p12 file to reproduce CVE-2022-0778 (the p12 file has been saved on GitHub and listed on cvexploits).
      Independently assisted PSIRT in clarifying the scope of impact of CVE-2021-3493 and tracing related Linux code.
  • Cybersecurity achievements:
    1. Independently conducted penetration testing on company's products, discovering several dozens of high-risk vulnerabilities. Some vulnerabilities were memory-related and expected to be applied together for several CVEs.
    2. Succeeded in bypassing the RD's patches many times.
    3. Independently developed the legal programs to save on cybersecurity software licenses, which can save tens of thousands to hundreds of thousands of New Taiwan Dollars per year, depending on the scale of usage.
    4. Reported the vulnerability in the company's product serial number rules to prevent the company from suffering losses.
  • Others:
    1. Independently developed Nessus plugins.
    2. Independently discovered several vulnerabilities on TestLink
      [
      CVE-2022-35196(8.8), etc.
      ]
    3. Independently discovered several vulnerabilities on Moxa MXsecurity
      [
      CVE-2023-41438(0.0), CVE-2023-41440(0.0), etc.
      ]

Associate Technical Manager  •  Bureau Veritas

Aug. 2021 - Feb. 2022  |  Taipei, Taiwan

  • Job responsibilities
    1. Studied cybersecurity regulations, , such as 303645, 62443-4-2, and wrote the test cases.
    2. Independently conducted vulnerability scanning.
    3. Independently conducted fuzz testing and developed specific protocol fuzzer.
    4. Independently conducted penetration testing.
  • Cybersecurity achievements
    1. Independently discovered many high, medium and low cybersecurity vulnerabilities, such as RCE, DoS, injection, in products of various industrial control device manufacturers.
  • Others
    1. Reported a vulnerability in ZyXEL products and received a letter of appreciation.

Staff Engineer / IoT Vulnerability Researcher  •  Panasonic

Apr. 2020 - Aug. 2021  |  Taipei, Taiwan

  • Job responsibilities
    1. Developed a CLI automation security testing system using Python.
      1. Used Docker SDK, GitLab API, etc.
      2. Corrected cross-platform program issues.
      3. Integrated security programs such as Nessus 8.
      4. Automated the setup of an IIS PHP web server using WinAPI.
      5. Decoupled the program.
      6. Unit Test, Code Coverage, Mock.
    2. Independently developed a web automated security testing system using Laravel.
      1. Used bootstrap + Vue + jQuery
      2. Restful API.
      3. Unit test, code coverage, mock, faker.
      4. Integrated the Python CLI program and provided real-time output. 
    3. Penetration testing for IoT devices and web.
  • Cybersecurity achievements
    1. Independently discovered the RCE vulnerability in commercial software developed by my current employer using Python and PHP.
    2. Independently discovered the RCE vulnerability in commercial software developed by another company within the group, using Node.js and C#.
  • Others
    1. Independently discovered high-risk vulnerabilities in the information systems of many listed semiconductor companies in Taiwan.
    2. Independently discovered high-risk vulnerabilities on Discuz! X3.4.
    3. Independently achieved the User privilege in the 130th place on HTB Proper(Win, Hard) on Mar. 23, 2021.
    4. Independently developed jQuery plugins.
    5. Independently developed a hexagonal menu and a moving light bar using JavaScript and other technologies.
    6. Independently discovered information leakage vulnerability in MS IE.
    7. Independently discovered several vulnerabilities on NETGEAR RAX80 and Alcatel I-040GW
      [
      CVE-2020-*****(0.0) x 2
      ]

Vulnerability Analysis Engineer  •  Next Bank

Dec. 2019 - Apr. 2020  |  Taipei, Taiwan

  • Job responsibilities
    1. Participated in Nexpose/Nessus vulnerability scanning automation PoC.
    2. Participated in Fortify source code scanning automation PoC.
    3. Participated in penetration testing.
  • Cybersecurity achievements
    1. Independently discovered several vulnerabilities on iTop
      [
      CVE-2020-12777(7.5),CVE-2020-12778(6.1)
      CVE-2020-12779(5.4),CVE-2020-12780(7.5)
      CVE-2020-12781(8.8)
      ]
  • Others
    1. Independently developed a multi-threaded websocket server using PHP & VB.Net.

Engineer  •  NCCST

Jun. 2018 - Nov. 2019  |  Taipei, Taiwan

  • Job responsibilities
    1. Performing penetration testing on the government information systems.
    2. Black-box and white-box testing.
    3. Reverse engineering of the .NET programs.
    4. Assisted government agencies in setting up the scenario for the 2019 Cyber Offensive and Defensive Exercise (CODE).
    5. Independently developed a report management system and a program for automatically fetching email attachments using Laravel.
  • Cybersecurity achievements
    1. Joined a government attack and defense exercise halfway through and ranked second among approximately 90 attackers as a newcomer. Discovered over 140 vulnerabilities and received corresponding rewards.
    2. Capable of manually bypassing a web application firewall (WAF) to achieve attacks that are difficult for tools to accomplish.
    3. Independently developed scanning and attack tools (such as CVE PoCs, scanners for specific vulnerabilities, PHP & ASPX webshells), using technologies including but not limited to curl, socket, multi-thread.
  • Others
    1. Ranked 344th individually, and 153rd as a team in HTB within four months.
    2. Participated in patching the security vulnerability in the open-source project phpMyAdmin.
    3. A total of at least 34 CVEs have been applied for. Only some are listed as follows:
      1. Independently discovered several vulnerabilities on GSS Tracko, Radar.
        [The request to revoke the CVE ID has been made.(0.0), etc.]
      2. Independently discovered several vulnerabilities on InfoDoc ODMS.
        [The request to revoke the CVE ID has been made.(9.8), etc.]
      3. Independently discovered several vulnerabilities on DrayTek Vigor2925.
        [CVE-2019-16533(6.1), etc.]
      4. Independently discovered several vulnerabilities on ESRI ArcGIS Enterprise.
        [CVE-2019-16193(5.4)]
      5. Independently discovered several vulnerabilities on Avaya Scopia Desktop.
        [CVE-2019-6998(6.4), etc.]
      6. Independently discovered several vulnerabilities on phpMyAdmin.
        [CVE-2019-6798(9.8), etc.]
      7. Independently discovered several vulnerabilities on MyWebSQL.
        [CVE-2019-7731(9.8), etc.]
      8. Independently discovered several vulnerabilities on DbNinja.
        [CVE-2019-7747(9.6), etc.]
      9. Independently discovered several vulnerabilities on webERP.
        [CVE-2018-19434(7.2), etc.]
      10. Independently discovered several vulnerabilities on KindEditor.
        [CVE-2018-18950(7.5), etc.]
      11. Independently discovered several vulnerabilities on PHP-Proxy.
        [CVE-2018-19784(7.5), etc.]

經理   •  合群樹脂實業有限公司

九月 2016 - 五月 2018  |  Taipei, Taiwan

  • 1.客戶開發
      既有客戶聯繫
      找尋新客戶

    2.產品開發製造
      既有規格產品製造
      客製規格產品開發

    3.進銷存管理
      庫存盤點
      進貨
      銷貨
      EXCEL VBA 成本計算等

    4.帳務處理
      應收帳款
      應付帳款
      開立支票等

    5.資訊系統處理
      PC故障維修
      系統實轉虛等

    6.部屬任務安排

    7.廠房修繕

資訊副工程師  •  森霸電力股份有限公司

二月 2012 - 八月 2016  |  Taipei, Taiwan

  • 工作內容:

    1. 程式設計
      PHPBB架設及修改,作為公司公告系統。
      PHP撰寫個人電腦資訊查詢系統,作為採購、報廢等依據。
      PHP撰寫公司表單查詢系統
      PHP撰寫破解AD帳密程序,驗證資安問題。
      PHP撰寫SNMP抓流量並圖形化程序,提供同仁參考網路狀況。
      VB.NET撰寫多執行緒掃網段串改封包程序,驗證資安問題。
      Excel VBA, 公式, 圖表,協助倉管盤點及計算備品價值。
      查看廠商撰寫之電廠系統程式碼(JSP),並成功發現無效存取控管弱點。
      其它

    2. 系統管理
      Windows Server 2003管理
      DNS
      DHCP
      AD(GPO、權限等設定、Login Script)
      Server問題排除
      機房硬體設備(NAS、CDP、RAID)
      其它

    3. 網路管理
      封包攔截分析
      VLAN
      MAC Filter
      Switch
      Router
      Routing Table
      其它

    4. 個人電腦故障排除
      Windows XP、Windows 7
      Office(Excel、Word、Outlook)
      Printer
      IE
      其它

    5. 案件發包
    6. 物品請購
    7. 倉管
    8. 總機系統管理
    9. 文書處理
    10. 門禁&監視器處理
    11. 其他主管交辦事項

專案經理  •  竹貓星球數位股份有限公司

九月 2011 - 一月 2012  |  Taipei, Taiwan

  • 1. 台積電專案系統開發,採用PHP + MySQL + MSSQL。

PHP程式設計師  •  知識科技股份有限公司

十二月 2009 - 五月 2011  |  Taipei, Taiwan

  • 新人獎 - 2011

    工作內容:
    1. jQuery
    2. PHP
    3. MySQL
    4. CI MVC Framework

    5. Windows Server 2003
    6. DNS
    7. IIS
    8. File Server
    9. SVN Server
    10. CA Server

    11. 客制化 PHP 程式設計
    12. Yahoo EWS API
    13. PayPal API
    14. facebook API
    15. Google API

    16. 安全漏洞檢測,成功發現多項漏洞,並提報給公司負責人
    17. 效能等其他問題檢測