CakeResume
CakeResume Logo
Log In
Sign Up
Build your Network
My Network
Access your personal network connections and manage your contacts.
CakeResume Meet
Expand your professional network by meeting and connecting with other users.
Community
Engage with other users through discussions, forums, and networking events.
Log In
Sign Up

CakeResume Talent Search

Advanced filters
On
Ready to interview
Open to opportunities
Not open to opportunities
Taiwan
Taipei City, Taiwan
台灣
Taipei, Taiwan
New Taipei City, Taiwan
台北市, 台灣
Taichung City, Taiwan
新北市, 台灣
India
Taoyuan City, Taiwan
United States
भारत
Kaohsiung City, Taiwan
Tainan City, Taiwan
桃園市, 台灣
台中市, 台灣
高雄市, 台灣
Banqiao District, New Taipei City, Taiwan
Canada
Deutschland
IT
Engineering
Management / Business
Customer Service
Design
Game Production
Media / Communication
Public Social Work
Tech
Banking / Insurance / Finance
Advertising / Marketing / Agency
Industry
Consultant / Audit
Corporate services
Culture / Media / Entertainment
Health / Social / Environment
Hotel / Tourism / Leisure
Medical
Mobility / Transport
Real estate
Less than 1 year
1-2 years
2-4 years
4-6 years
6-10 years
10-15 years
More than 15 years
AI Smart Matching
On
Ming Chuan University
National Taipei University of Technology
國立台北科技大學
國立臺北科技大學
銘傳大學
Chung Yuan Christian University
Fu Jen Catholic University
National Kaohsiung University of Applied Sciences
National Taiwan University
National Taiwan University of Science and Technology
Shih Hsin University
Tatung University
世新大學
中原大學
國立台灣大學
國立台灣科技大學
國立臺灣大學
國立臺灣科技大學
國立高雄應用科技大學
大同大學
輔仁大學
Chaoyang University of Technology
National Chin-Yi University of Technology
National Kaohsiung University of Science and Technology
National Sun Yat-sen University
National Taichung University of Science and Technology
National Tsing Hua University
Tamkang University
國立中山大學
國立勤益科技大學
Taiwan
台灣
Taipei City, Taiwan
台北市, 台灣
New Taipei City, Taiwan
新北市, 台灣
United States
India
Taichung City, Taiwan
台中市, 台灣
Kaohsiung City, Taiwan
भारत
Hsinchu City, Taiwan
Taoyuan City, Taiwan
新竹市, 台灣
桃園市, 台灣
高雄市, 台灣
Deutschland
Germany
Hsinchu County, Taiwan
Full-time
Part-time
Intern
Python
Selenium
JavaScript
Git
docker
MySQL
JAVA
PHP
AWS
Linux
No
Yes
1-5 people
5-10 people
10-15 people
15+ people
Within one month
Within two months
Within three months
Within six months
Within one year
More than one year
QA automation engineer / Software development engineer in test
後端工程師
軟體工程師
Software Engineer / Backend Engineer
AI工程師、機器學習工程師、深度學習工程師、資料科學家、Machine Learning Engineer、Deep Learning Engineer、Data Scientist
Product Manager
QA自動化測試工程師
Senior Software Engineer
Senior software quality assurance engineer
Automation QA engineer ,SDET
Bachelor of Business Administration (BBA)
Bachelor of Engineering (BEng)
Bachelor of Science (BS)
Bachelor’s Degree
Engineer’s Degree
Master of Business Administration (MBA)
Master of Science (MS)
Master’s Degree
Non-Degree Program (e.g. Coursera certificate)
Other
Associate
Bachelor
Master
Doctoral
2019
2018
2017
2016
2015
2014
2013
2012
2010
2009
Current company
Off
Select all
Exosite
Trend Micro
三博鹿網路科技股份有限公司
博裕科技
塔圖科技股份有限公司
恩克斯網路科技股份有限公司
找樂子創意流通股份有限公司
104資訊科技股份有限公司
91APP
ASUS
Interested in working remotely
Not interested in working remotely
Remote Only
Full-time freelancer
Part-time freelancer
Non-freelancer
Chinese - Native or Bilingual
English - Intermediate
English - Fluent
English - Beginner
English - Professional
English - Native or Bilingual
Japanese - Beginner
Japanese - Intermediate
Chinese - Fluent
Chinese - Professional
Chinese
English
Korean
Russian
4-6 years
6-10 years
10-15 years
More than 15 years
  • Exclude read results
  • Show all experiences
Avatar of 黃凱弘 Kyle Huang.
Avatar of 黃凱弘 Kyle Huang.
黃凱弘 Kyle Huang
Past
Senior QA engineer @DeepHow
2023 ~ Present
QA automation engineer / Software development engineer in test
Within one month
黃凱弘 Kyle Huang 7 年經驗的軟體手動 & 自動化 QA,喜歡用 Python 撰寫各種小工具解決生活中許多 routine 的工作 QA automation engineer / Software development engineer in test Taipei/ Hsinchu, TW [email protected] Manual Test planning Establish test cases Writing test reports New function testing, regression testing, user acceptance testing (UAT) Bug tracking Test case management: TestRail , Testmo Issue management: Jira, FogBugz Automation Programing language: Python Framework: Appium, Selenium, Unittest, Pytest, Allure DB: PostgreSQL, NoSQL
Python
Appium
SQL
Unemployed
Ready to interview
Full-time / Interested in working remotely
6-10 years
國立中山大學 National Sun Yat-Sen University
應用數學系 統計組
Avatar of the user.
Avatar of the user.
Available for paid companies
軟體工程師 @Eunodata
2022 ~ Present
軟體工程師
Within one month
JavaScript
Java
jQuery
Employed
Ready to interview
Full-time / Interested in working remotely
6-10 years
國立台北科技大學 NTUT
Java & Android 人才培育專班
Avatar of the user.
Avatar of the user.
Available for paid companies
Past
Senior Software Engineer @玉山商業銀行股份有限公司
2021 ~ 2023
軟體工程師
Within one month
Java
Spring Boot
JavaScript
Unemployed
Ready to interview
Full-time / Interested in working remotely
4-6 years
國立高雄科技大學(原國立高雄第一科技大學)
Information Management
Avatar of the user.
Avatar of the user.
Available for paid companies
Software Development Manager @聯禦科技有限公司
2023 ~ Present
PM/產品經理/專案管理
Within one month
Python
Flask
FastAPI
Employed
Ready to interview
Full-time / Interested in working remotely
6-10 years
國立台灣海洋大學
航運管理學系
Avatar of Ryan Po-Hsuan Chang.
Avatar of Ryan Po-Hsuan Chang.
Ryan Po-Hsuan Chang
資深全端工程師 @誠諾工程技術股份有限公司
2023 ~ Present
Front-End / Back-End / Full Stack Web Developer
Within one month
持續精進自己的技術。 Kaohsiung City, Taiwan https://ryanxuan930.github.io/ [email protected]技能 Frontend Nuxt (Vue 3) Next (React) Pinia TypeScript Tailwind CSS SCSS PrimeVue Next UI Backend Laravel PHP MySQL Docker Apache Others Python Selenium Arduino Linux 工作經歷 資深全端工程師 • 誠諾工程技術股份有限公司 十月目前職位 主要負責專案: .公司新官網 .新ERP系統 .承包網
Vue.js
JavaScript
Python
Employed
Ready to interview
Full-time / Remote Only
4-6 years
國立中山大學 National Sun Yat-Sen University
人文暨科技跨領域學士學位學程
Avatar of 李慕全(MuChuan Li).
Avatar of 李慕全(MuChuan Li).
李慕全(MuChuan Li)
Past
Service Provider @Taron Solutions Limited
2023 ~ 2023
AI工程師、機器學習工程師、電腦視覺工程師、資料科學家、Machine Learning Engineer、Computer Vision Engineer、Data Scientist
Within one month
今的文章,爬取網站包含:PubMed、Google Patent、Internet Archive Scholar。 • 資料清理:將文章內容依照公司標準做整理,並新增數據至公司資料庫。 技術:Python、Beautiful Soup、Selenium、Prompt Engineering、MySQL 微算機系統實習 課程助教 • 國立臺北科技大學(National Taipei University of Technology, Taipei Tech) 二月七月 2022 • 設計課程內容並提供同學作業及專
Machine Learning
Computer Vision
Pytorch/Tensorflow
Unemployed
Ready to interview
Full-time / Interested in working remotely
4-6 years
國立臺北科技大學
資訊工程
Avatar of 邱義塵.
Avatar of 邱義塵.
邱義塵
Past
Data Engineer @Rooit Inc. (XO App)
2023 ~ 2023
AI工程師、機器學習工程師、深度學習工程師、資料科學家、Machine Learning Engineer、Deep Learning Engineer、Data Scientist
Within one month
料科學家、Machine Learning Engineer、Deep Learning Engineer、Data Scientist 城市,TW [email protected] 工作經歷 獨角獸多媒體設計有限公司, 遊戲測試工程師, Nov 2023 ~ Now Python/Postman/Selenium/Gitlab - 已測試遊戲 Slot 3款 旗牌 4款 對戰 1款 - 完善團隊遊戲測試計畫公版和測試流程 - 利用selenium建立遊戲和後台自動化測
Python
Data Analysis
Data Science
Unemployed
Ready to interview
Full-time / Interested in working remotely
6-10 years
中國醫藥大學(China Medical University)
臨床醫學研究所
Avatar of 林育維.
Avatar of 林育維.
林育維
ASP.NET Full Stack Engineer @日月光半導體製造股份有限公司
2024 ~ Present
後端工程師/軟體工程師
Within one month
的程控單位。 【重車工令單系統】 使用ASP、VB script開發 建置系統相應的oracle table和procedure 整合報表、扣帳入庫系統 【Python自行開發小程式】 使用 Selenium 開發自動簽核系統,降低30%手動簽核時間 透過爬蟲彙整產線報表並自動發Mail 使用telnetlib自動登入ERP系統執行每日check Projects WITS
Vue.js
Python
Java
Employed
Ready to interview
Full-time / Interested in working remotely
4-6 years
義守大學
資訊管理學系
Avatar of Yu-Hsiang Huang.
Active
Avatar of Yu-Hsiang Huang.
Active
Yu-Hsiang Huang
高級工程師 @不顯示公司名稱
2022 ~ Present
滲透測試、資訊安全、系統開發、程式設計
Within one month
Yu-Hsiang Huang Associate Technical Manager Obtained MCP certification in server management, proficient in Microsoft operating system. Familiar with server operations such as AD, DNS, DHCP, and IISProficient in system development using PHP/Laravel, Python, as well as other languages like VB.net, Rust, etc. The technologies used include but are not limited to: [ console, Redis, relational database, multi-thread, multi-process, dependency injection, restful API, schedule, queue, broadcast, i18n, unit test, Selenium, mock, one-click installation. ] Completed projects: Independently developed CMS for many companies. Used GitLab API and Docker SDK, and integrated Nessus
Active Directory
IIS
PHP
Employed
Ready to interview
Full-time / Interested in working remotely
10-15 years
立德大學
資訊工程
Avatar of 朱信翰.
Avatar of 朱信翰.
朱信翰
Past
資深前端工程師 @致達數位科技有限公司
2022 ~ 2023
Front-end Engineer
Within one month
南。 3. 參與體育投注平台專案的早期開發,負責共用組件和切版 RWD。 4. 實施多語言功能( i18n ),增強網站的國際化。 5. 使用 Selenium IDE 進行功能測試,確保功能穩定運行。 助教 • Lidemy Mentor Program 一月十二月 2019 | Taipei, Taiwan 1. 於2017年參加Lidemy的前身—Huli的免費前端程式教學
JavaScript ES6+
React
Redux
Unemployed
Ready to interview
Full-time / Interested in working remotely
4-6 years
中原大學 Chung Yuan Christian University
資訊工程學系

The Most Lightweight and Effective Recruiting Plan

Search resumes and take the initiative to contact job applicants for higher recruiting efficiency. The Choice of Hundreds of Companies.

  • Browse all search results
  • Unlimited access to start new conversations
  • Resumes accessible for only paid companies
  • View users’ email address & phone numbers
Upgrade Now
7-day money-back guarantee, cancel anytime
123456789
Search Tips
1
Search a precise keyword combination
senior backend php
If the number of the search result is not enough, you can remove the less important keywords
2
Use quotes to search for an exact phrase
"business development"
3
Use the minus sign to eliminate results containing certain words
UI designer -UX
Only public resumes are available with the free plan.
Upgrade to an advanced plan to view all search results including tens of thousands of resumes exclusive on CakeResume.
Upgrade Now

Definition of Reputation Credits

Technical Skills
Specialized knowledge and expertise within the profession (e.g. familiar with SEO and use of related tools).
Problem-Solving
Ability to identify, analyze, and prepare solutions to problems.
Adaptability
Ability to navigate unexpected situations; and keep up with shifting priorities, projects, clients, and technology.
Communication
Ability to convey information effectively and is willing to give and receive feedback.
Time Management
Ability to prioritize tasks based on importance; and have them completed within the assigned timeline.
Teamwork
Ability to work cooperatively, communicate effectively, and anticipate each other's demands, resulting in coordinated collective action.
Leadership
Ability to coach, guide, and inspire a team to achieve a shared goal or outcome effectively.
Within one month
Avatar of Yu-Hsiang Huang.
Yu-Hsiang Huang
Associate Technical Manager
不顯示公司名稱
2022 ~ Present
臺灣桃園市中壢區
Professional Background
Current status
Employed
Job Search Progress
Ready to interview
Professions
Security Engineer, Back-end Engineer
Fields of Employment
Cyber Security
Work experience
10-15 years
Management
I've had experience in managing 1-5 people
Skills
Active Directory
IIS
PHP
Laravel
Python
Rust
jQuery
Vue
Penetration Testing
Kali
Metasploit
Burp Suite
Nessus
Acunetix
MySQL / Mariadb
Languages
Chinese
Native or Bilingual
English
Beginner
Job search preferences
Positions
滲透測試、資訊安全、系統開發、程式設計
Job types
Full-time
Locations
台灣, 日本
Remote
Interested in working remotely
Freelance
No
Educations
School
立德大學
Major
資訊工程
Print

Yu-Hsiang Huang

Associate Technical Manager

Obtained MCP certification in server management, proficient in Microsoft operating system. Familiar with server operations such as AD, DNS, DHCP, and IIS.

--------------------

Proficient in system development using PHP/Laravel, Python, as well as other languages like VB.net, Rust, etc. The technologies used include but are not limited to:

[

console, Redis, relational database, multi-thread, multi-process, dependency injection, restful API, schedule, queue, broadcast, i18n, unit test, Selenium, mock, one-click installation.

]


Completed projects:

  1. Independently developed CMS for many companies.
  2. Used GitLab API and Docker SDK, and integrated Nessus and other security tools to develop an automated security assessment system.
  3. Independently developed a security automation framework for reproduction and revalidation.
  4. Independently weaponized the Python package <TFTPY> as a penetration testing tool.


Side projects & special achievements:

  1. Independently developed a program to receive the network traffic information using the SNMP protocol and visualize it graphically.
  2. Independently developed a hexagonal menu and a moving light bar using JavaScript and other technologies.
  3. Independently developed a multi-threaded websocket server using PHP & VB.Net.
  4. Independently developed malicious programs such as brute-force tools, vulnerability PoCs, webshells, packet manipulators, and used WinAPI to control the operating system.
  5. Independently used and modified the Python package <BooFuzz> to develpoed a fuzzer.
  6. Independently developed Nessus plugins.
  7. Independently developed the legal programs to save on cybersecurity software licenses, which can save tens of thousands to hundreds of thousands of New Taiwan Dollars per year, depending on the scale of usage.

--------------------

In the field of cybersecurity, I have obtained the ECSA certification and referred to OSWE study materials, considering myself to have a level of expertise above that of OSWE.


Completed projects:

  1. Participated in the handling of major cybersecurity incidents for government agencies.
  2. Completed numerous penetration testing tasks for many companies, identifying high, medium, and low-risk vulnerabilities, totaling hundreds of system vulnerabilities. Even obtained the RCE vulnerabilities in several commercial products.
  3. Assisted two employers in conducting security regulation-related tests, writing test cases, etc. For example, tests related to IEC 62443 SVV 1-4, such as compliance testing, mitigation plan testing, vulnerability scanning, fuzz testing, penetration testing, and various other tests.
  4. Assisted in manually reproducing and revalidating vulnerabilities, including fixing and developing PoCs.


Side projects & special achievements:

  1. Ranked 344th individually, and 153rd as a team in HTB within four months.
  2. Independently obtained over 40 CVEs, including some in well-known software. Some of the CVEs have been inquired about by an antivirus software company and other unspecified individuals.
  3. Disclosed vulnerabilities without requesting CVEs afterwards, totaling 5 or more.
  4. Undisclosed vulnerabilities total more than 16, including vulnerabilities in NETGEAR, Alcatel, Discuz! X3.4, RCE vulnerabilities in many schools, vulnerabilities in internal systems of many companies, vulnerabilities in many well-known shopping websites, and others.
  5. Participated in patching the security vulnerability in the open-source project phpMyAdmin.
  6. Independently created the p12 file to reproduce CVE-2022-0778 (the p12 file has been saved on GitHub and listed on cvexploits).
  7. Reported a vulnerability in ZyXEL products and received a letter of appreciation.
  8. Reported an information system vulnerability in Realtek and received a reward.
  9. Reported the vulnerability in a company's product serial number rules to prevent the company from suffering losses.

Zhongli District, Taoyuan City, Taiwan
[email protected]

https://github.com/HuangYuHsiangPhone

EDUCATION

Leader University

Master Degree of Computer Science & Information Engineering  •  2007 - 2009


SKILLS

  • Active Directory
  • IIS
  • PHP
  • Laravel
  • Python
  • Rust
  • jQuery
  • Vue
  • Penetration Testing
  • Kali
  • Metasploit
  • Burp Suite
  • Nessus
  • Acunetix

Languages

  • Chinese — native
  • English — basic

WORK & EXPERIENCE

Senior Engineer  •  <Hidden>

Mar. 2022 - Present  |  Taipei, Taiwan

  • Job responsibilities:
    1. Assisted PSIRT and Cybersecurity Testing Team in avoiding unnecessary or incorrect testing steps and collecting information related to vulnerability confirmation.
    2. Studied cybersecurity regulations, such as 62443-4-2, and wrote the test cases. Responsible for pretesting to ensure compliance with Korean cybersecurity regulations.
    3. Wrote the test cases for threat mitigation plans and executed the test cases.
    4. Developed Jira Automation.
    5. Independently modified and weaponized the Python package <TFTPY> as a PT tool.
    6. Used Python, Robot Framework, etc. to independently develop automated testing for reproducing vulnerabilities and mitigation plans.
      [
      setuptools, click, scapy, multi-process.
      Improving the situation of having to modify the automation program significantly when there's a change to web code.
      Packets detection, such as VRRP and ICMP.
      ]
    7. Used PHP, Bat files, and related APIs to independently develop cybersecurity automation systems that meet the needs of various departments.
      [
      console, Redis, relational database, dependency injection, restful api
      schedule, queue, broadcast, i18n, one-click installation
      ]
    8. Reproduced CVEs; some examples are listed below.
      [
      Independently created the p12 file to reproduce CVE-2022-0778 (the p12 file has been saved on GitHub and listed on cvexploits).
      Independently assisted PSIRT in clarifying the scope of impact of CVE-2021-3493 and tracing related Linux code.
  • Cybersecurity achievements:
    1. Independently conducted penetration testing on company's products, discovering several dozens of high-risk vulnerabilities. Some vulnerabilities were memory-related and expected to be applied together for several CVEs.
    2. Succeeded in bypassing the RD's patches many times.
    3. Independently developed the legal programs to save on cybersecurity software licenses, which can save tens of thousands to hundreds of thousands of New Taiwan Dollars per year, depending on the scale of usage.
    4. Reported the vulnerability in the company's product serial number rules to prevent the company from suffering losses.
  • Others:
    1. Independently developed Nessus plugins.
    2. Independently discovered several vulnerabilities on TestLink
      [
      CVE-2022-35196(8.8), etc.
      ]
    3. Independently discovered several vulnerabilities on Moxa MXsecurity
      [
      CVE-2023-41438(0.0), CVE-2023-41440(0.0), etc.
      ]

Associate Technical Manager  •  Bureau Veritas

Aug. 2021 - Feb. 2022  |  Taipei, Taiwan

  • Job responsibilities
    1. Studied cybersecurity regulations, , such as 303645, 62443-4-2, and wrote the test cases.
    2. Independently conducted vulnerability scanning.
    3. Independently conducted fuzz testing and developed specific protocol fuzzer.
    4. Independently conducted penetration testing.
  • Cybersecurity achievements
    1. Independently discovered many high, medium and low cybersecurity vulnerabilities, such as RCE, DoS, injection, in products of various industrial control device manufacturers.
  • Others
    1. Reported a vulnerability in ZyXEL products and received a letter of appreciation.

Staff Engineer / IoT Vulnerability Researcher  •  Panasonic

Apr. 2020 - Aug. 2021  |  Taipei, Taiwan

  • Job responsibilities
    1. Developed a CLI automation security testing system using Python.
      1. Used Docker SDK, GitLab API, etc.
      2. Corrected cross-platform program issues.
      3. Integrated security programs such as Nessus 8.
      4. Automated the setup of an IIS PHP web server using WinAPI.
      5. Decoupled the program.
      6. Unit Test, Code Coverage, Mock.
    2. Independently developed a web automated security testing system using Laravel.
      1. Used bootstrap + Vue + jQuery
      2. Restful API.
      3. Unit test, code coverage, mock, faker.
      4. Integrated the Python CLI program and provided real-time output. 
    3. Penetration testing for IoT devices and web.
  • Cybersecurity achievements
    1. Independently discovered the RCE vulnerability in commercial software developed by my current employer using Python and PHP.
    2. Independently discovered the RCE vulnerability in commercial software developed by another company within the group, using Node.js and C#.
  • Others
    1. Independently discovered high-risk vulnerabilities in the information systems of many listed semiconductor companies in Taiwan.
    2. Independently discovered high-risk vulnerabilities on Discuz! X3.4.
    3. Independently achieved the User privilege in the 130th place on HTB Proper(Win, Hard) on Mar. 23, 2021.
    4. Independently developed jQuery plugins.
    5. Independently developed a hexagonal menu and a moving light bar using JavaScript and other technologies.
    6. Independently discovered information leakage vulnerability in MS IE.
    7. Independently discovered several vulnerabilities on NETGEAR RAX80 and Alcatel I-040GW
      [
      CVE-2020-*****(0.0) x 2
      ]

Vulnerability Analysis Engineer  •  Next Bank

Dec. 2019 - Apr. 2020  |  Taipei, Taiwan

  • Job responsibilities
    1. Participated in Nexpose/Nessus vulnerability scanning automation PoC.
    2. Participated in Fortify source code scanning automation PoC.
    3. Participated in penetration testing.
  • Cybersecurity achievements
    1. Independently discovered several vulnerabilities on iTop
      [
      CVE-2020-12777(7.5),CVE-2020-12778(6.1)
      CVE-2020-12779(5.4),CVE-2020-12780(7.5)
      CVE-2020-12781(8.8)
      ]
  • Others
    1. Independently developed a multi-threaded websocket server using PHP & VB.Net.

Engineer  •  NCCST

Jun. 2018 - Nov. 2019  |  Taipei, Taiwan

  • Job responsibilities
    1. Performing penetration testing on the government information systems.
    2. Black-box and white-box testing.
    3. Reverse engineering of the .NET programs.
    4. Assisted government agencies in setting up the scenario for the 2019 Cyber Offensive and Defensive Exercise (CODE).
    5. Independently developed a report management system and a program for automatically fetching email attachments using Laravel.
  • Cybersecurity achievements
    1. Joined a government attack and defense exercise halfway through and ranked second among approximately 90 attackers as a newcomer. Discovered over 140 vulnerabilities and received corresponding rewards.
    2. Capable of manually bypassing a web application firewall (WAF) to achieve attacks that are difficult for tools to accomplish.
    3. Independently developed scanning and attack tools (such as CVE PoCs, scanners for specific vulnerabilities, PHP & ASPX webshells), using technologies including but not limited to curl, socket, multi-thread.
  • Others
    1. Ranked 344th individually, and 153rd as a team in HTB within four months.
    2. Participated in patching the security vulnerability in the open-source project phpMyAdmin.
    3. A total of at least 34 CVEs have been applied for. Only some are listed as follows:
      1. Independently discovered several vulnerabilities on GSS Tracko, Radar.
        [The request to revoke the CVE ID has been made.(0.0), etc.]
      2. Independently discovered several vulnerabilities on InfoDoc ODMS.
        [The request to revoke the CVE ID has been made.(9.8), etc.]
      3. Independently discovered several vulnerabilities on DrayTek Vigor2925.
        [CVE-2019-16533(6.1), etc.]
      4. Independently discovered several vulnerabilities on ESRI ArcGIS Enterprise.
        [CVE-2019-16193(5.4)]
      5. Independently discovered several vulnerabilities on Avaya Scopia Desktop.
        [CVE-2019-6998(6.4), etc.]
      6. Independently discovered several vulnerabilities on phpMyAdmin.
        [CVE-2019-6798(9.8), etc.]
      7. Independently discovered several vulnerabilities on MyWebSQL.
        [CVE-2019-7731(9.8), etc.]
      8. Independently discovered several vulnerabilities on DbNinja.
        [CVE-2019-7747(9.6), etc.]
      9. Independently discovered several vulnerabilities on webERP.
        [CVE-2018-19434(7.2), etc.]
      10. Independently discovered several vulnerabilities on KindEditor.
        [CVE-2018-18950(7.5), etc.]
      11. Independently discovered several vulnerabilities on PHP-Proxy.
        [CVE-2018-19784(7.5), etc.]

經理   •  合群樹脂實業有限公司

九月 2016 - 五月 2018  |  Taipei, Taiwan

  • 1.客戶開發
      既有客戶聯繫
      找尋新客戶

    2.產品開發製造
      既有規格產品製造
      客製規格產品開發

    3.進銷存管理
      庫存盤點
      進貨
      銷貨
      EXCEL VBA 成本計算等

    4.帳務處理
      應收帳款
      應付帳款
      開立支票等

    5.資訊系統處理
      PC故障維修
      系統實轉虛等

    6.部屬任務安排

    7.廠房修繕

資訊副工程師  •  森霸電力股份有限公司

二月 2012 - 八月 2016  |  Taipei, Taiwan

  • 工作內容:

    1. 程式設計
      PHPBB架設及修改,作為公司公告系統。
      PHP撰寫個人電腦資訊查詢系統,作為採購、報廢等依據。
      PHP撰寫公司表單查詢系統
      PHP撰寫破解AD帳密程序,驗證資安問題。
      PHP撰寫SNMP抓流量並圖形化程序,提供同仁參考網路狀況。
      VB.NET撰寫多執行緒掃網段串改封包程序,驗證資安問題。
      Excel VBA, 公式, 圖表,協助倉管盤點及計算備品價值。
      查看廠商撰寫之電廠系統程式碼(JSP),並成功發現無效存取控管弱點。
      其它

    2. 系統管理
      Windows Server 2003管理
      DNS
      DHCP
      AD(GPO、權限等設定、Login Script)
      Server問題排除
      機房硬體設備(NAS、CDP、RAID)
      其它

    3. 網路管理
      封包攔截分析
      VLAN
      MAC Filter
      Switch
      Router
      Routing Table
      其它

    4. 個人電腦故障排除
      Windows XP、Windows 7
      Office(Excel、Word、Outlook)
      Printer
      IE
      其它

    5. 案件發包
    6. 物品請購
    7. 倉管
    8. 總機系統管理
    9. 文書處理
    10. 門禁&監視器處理
    11. 其他主管交辦事項

專案經理  •  竹貓星球數位股份有限公司

九月 2011 - 一月 2012  |  Taipei, Taiwan

  • 1. 台積電專案系統開發,採用PHP + MySQL + MSSQL。

PHP程式設計師  •  知識科技股份有限公司

十二月 2009 - 五月 2011  |  Taipei, Taiwan

  • 新人獎 - 2011

    工作內容:
    1. jQuery
    2. PHP
    3. MySQL
    4. CI MVC Framework

    5. Windows Server 2003
    6. DNS
    7. IIS
    8. File Server
    9. SVN Server
    10. CA Server

    11. 客制化 PHP 程式設計
    12. Yahoo EWS API
    13. PayPal API
    14. facebook API
    15. Google API

    16. 安全漏洞檢測,成功發現多項漏洞,並提報給公司負責人
    17. 效能等其他問題檢測
Resume
Profile
Print

Yu-Hsiang Huang

Associate Technical Manager

Obtained MCP certification in server management, proficient in Microsoft operating system. Familiar with server operations such as AD, DNS, DHCP, and IIS.

--------------------

Proficient in system development using PHP/Laravel, Python, as well as other languages like VB.net, Rust, etc. The technologies used include but are not limited to:

[

console, Redis, relational database, multi-thread, multi-process, dependency injection, restful API, schedule, queue, broadcast, i18n, unit test, Selenium, mock, one-click installation.

]


Completed projects:

  1. Independently developed CMS for many companies.
  2. Used GitLab API and Docker SDK, and integrated Nessus and other security tools to develop an automated security assessment system.
  3. Independently developed a security automation framework for reproduction and revalidation.
  4. Independently weaponized the Python package <TFTPY> as a penetration testing tool.


Side projects & special achievements:

  1. Independently developed a program to receive the network traffic information using the SNMP protocol and visualize it graphically.
  2. Independently developed a hexagonal menu and a moving light bar using JavaScript and other technologies.
  3. Independently developed a multi-threaded websocket server using PHP & VB.Net.
  4. Independently developed malicious programs such as brute-force tools, vulnerability PoCs, webshells, packet manipulators, and used WinAPI to control the operating system.
  5. Independently used and modified the Python package <BooFuzz> to develpoed a fuzzer.
  6. Independently developed Nessus plugins.
  7. Independently developed the legal programs to save on cybersecurity software licenses, which can save tens of thousands to hundreds of thousands of New Taiwan Dollars per year, depending on the scale of usage.

--------------------

In the field of cybersecurity, I have obtained the ECSA certification and referred to OSWE study materials, considering myself to have a level of expertise above that of OSWE.


Completed projects:

  1. Participated in the handling of major cybersecurity incidents for government agencies.
  2. Completed numerous penetration testing tasks for many companies, identifying high, medium, and low-risk vulnerabilities, totaling hundreds of system vulnerabilities. Even obtained the RCE vulnerabilities in several commercial products.
  3. Assisted two employers in conducting security regulation-related tests, writing test cases, etc. For example, tests related to IEC 62443 SVV 1-4, such as compliance testing, mitigation plan testing, vulnerability scanning, fuzz testing, penetration testing, and various other tests.
  4. Assisted in manually reproducing and revalidating vulnerabilities, including fixing and developing PoCs.


Side projects & special achievements:

  1. Ranked 344th individually, and 153rd as a team in HTB within four months.
  2. Independently obtained over 40 CVEs, including some in well-known software. Some of the CVEs have been inquired about by an antivirus software company and other unspecified individuals.
  3. Disclosed vulnerabilities without requesting CVEs afterwards, totaling 5 or more.
  4. Undisclosed vulnerabilities total more than 16, including vulnerabilities in NETGEAR, Alcatel, Discuz! X3.4, RCE vulnerabilities in many schools, vulnerabilities in internal systems of many companies, vulnerabilities in many well-known shopping websites, and others.
  5. Participated in patching the security vulnerability in the open-source project phpMyAdmin.
  6. Independently created the p12 file to reproduce CVE-2022-0778 (the p12 file has been saved on GitHub and listed on cvexploits).
  7. Reported a vulnerability in ZyXEL products and received a letter of appreciation.
  8. Reported an information system vulnerability in Realtek and received a reward.
  9. Reported the vulnerability in a company's product serial number rules to prevent the company from suffering losses.

Zhongli District, Taoyuan City, Taiwan
[email protected]

https://github.com/HuangYuHsiangPhone

EDUCATION

Leader University

Master Degree of Computer Science & Information Engineering  •  2007 - 2009


SKILLS

  • Active Directory
  • IIS
  • PHP
  • Laravel
  • Python
  • Rust
  • jQuery
  • Vue
  • Penetration Testing
  • Kali
  • Metasploit
  • Burp Suite
  • Nessus
  • Acunetix

Languages

  • Chinese — native
  • English — basic

WORK & EXPERIENCE

Senior Engineer  •  <Hidden>

Mar. 2022 - Present  |  Taipei, Taiwan

  • Job responsibilities:
    1. Assisted PSIRT and Cybersecurity Testing Team in avoiding unnecessary or incorrect testing steps and collecting information related to vulnerability confirmation.
    2. Studied cybersecurity regulations, such as 62443-4-2, and wrote the test cases. Responsible for pretesting to ensure compliance with Korean cybersecurity regulations.
    3. Wrote the test cases for threat mitigation plans and executed the test cases.
    4. Developed Jira Automation.
    5. Independently modified and weaponized the Python package <TFTPY> as a PT tool.
    6. Used Python, Robot Framework, etc. to independently develop automated testing for reproducing vulnerabilities and mitigation plans.
      [
      setuptools, click, scapy, multi-process.
      Improving the situation of having to modify the automation program significantly when there's a change to web code.
      Packets detection, such as VRRP and ICMP.
      ]
    7. Used PHP, Bat files, and related APIs to independently develop cybersecurity automation systems that meet the needs of various departments.
      [
      console, Redis, relational database, dependency injection, restful api
      schedule, queue, broadcast, i18n, one-click installation
      ]
    8. Reproduced CVEs; some examples are listed below.
      [
      Independently created the p12 file to reproduce CVE-2022-0778 (the p12 file has been saved on GitHub and listed on cvexploits).
      Independently assisted PSIRT in clarifying the scope of impact of CVE-2021-3493 and tracing related Linux code.
  • Cybersecurity achievements:
    1. Independently conducted penetration testing on company's products, discovering several dozens of high-risk vulnerabilities. Some vulnerabilities were memory-related and expected to be applied together for several CVEs.
    2. Succeeded in bypassing the RD's patches many times.
    3. Independently developed the legal programs to save on cybersecurity software licenses, which can save tens of thousands to hundreds of thousands of New Taiwan Dollars per year, depending on the scale of usage.
    4. Reported the vulnerability in the company's product serial number rules to prevent the company from suffering losses.
  • Others:
    1. Independently developed Nessus plugins.
    2. Independently discovered several vulnerabilities on TestLink
      [
      CVE-2022-35196(8.8), etc.
      ]
    3. Independently discovered several vulnerabilities on Moxa MXsecurity
      [
      CVE-2023-41438(0.0), CVE-2023-41440(0.0), etc.
      ]

Associate Technical Manager  •  Bureau Veritas

Aug. 2021 - Feb. 2022  |  Taipei, Taiwan

  • Job responsibilities
    1. Studied cybersecurity regulations, , such as 303645, 62443-4-2, and wrote the test cases.
    2. Independently conducted vulnerability scanning.
    3. Independently conducted fuzz testing and developed specific protocol fuzzer.
    4. Independently conducted penetration testing.
  • Cybersecurity achievements
    1. Independently discovered many high, medium and low cybersecurity vulnerabilities, such as RCE, DoS, injection, in products of various industrial control device manufacturers.
  • Others
    1. Reported a vulnerability in ZyXEL products and received a letter of appreciation.

Staff Engineer / IoT Vulnerability Researcher  •  Panasonic

Apr. 2020 - Aug. 2021  |  Taipei, Taiwan

  • Job responsibilities
    1. Developed a CLI automation security testing system using Python.
      1. Used Docker SDK, GitLab API, etc.
      2. Corrected cross-platform program issues.
      3. Integrated security programs such as Nessus 8.
      4. Automated the setup of an IIS PHP web server using WinAPI.
      5. Decoupled the program.
      6. Unit Test, Code Coverage, Mock.
    2. Independently developed a web automated security testing system using Laravel.
      1. Used bootstrap + Vue + jQuery
      2. Restful API.
      3. Unit test, code coverage, mock, faker.
      4. Integrated the Python CLI program and provided real-time output. 
    3. Penetration testing for IoT devices and web.
  • Cybersecurity achievements
    1. Independently discovered the RCE vulnerability in commercial software developed by my current employer using Python and PHP.
    2. Independently discovered the RCE vulnerability in commercial software developed by another company within the group, using Node.js and C#.
  • Others
    1. Independently discovered high-risk vulnerabilities in the information systems of many listed semiconductor companies in Taiwan.
    2. Independently discovered high-risk vulnerabilities on Discuz! X3.4.
    3. Independently achieved the User privilege in the 130th place on HTB Proper(Win, Hard) on Mar. 23, 2021.
    4. Independently developed jQuery plugins.
    5. Independently developed a hexagonal menu and a moving light bar using JavaScript and other technologies.
    6. Independently discovered information leakage vulnerability in MS IE.
    7. Independently discovered several vulnerabilities on NETGEAR RAX80 and Alcatel I-040GW
      [
      CVE-2020-*****(0.0) x 2
      ]

Vulnerability Analysis Engineer  •  Next Bank

Dec. 2019 - Apr. 2020  |  Taipei, Taiwan

  • Job responsibilities
    1. Participated in Nexpose/Nessus vulnerability scanning automation PoC.
    2. Participated in Fortify source code scanning automation PoC.
    3. Participated in penetration testing.
  • Cybersecurity achievements
    1. Independently discovered several vulnerabilities on iTop
      [
      CVE-2020-12777(7.5),CVE-2020-12778(6.1)
      CVE-2020-12779(5.4),CVE-2020-12780(7.5)
      CVE-2020-12781(8.8)
      ]
  • Others
    1. Independently developed a multi-threaded websocket server using PHP & VB.Net.

Engineer  •  NCCST

Jun. 2018 - Nov. 2019  |  Taipei, Taiwan

  • Job responsibilities
    1. Performing penetration testing on the government information systems.
    2. Black-box and white-box testing.
    3. Reverse engineering of the .NET programs.
    4. Assisted government agencies in setting up the scenario for the 2019 Cyber Offensive and Defensive Exercise (CODE).
    5. Independently developed a report management system and a program for automatically fetching email attachments using Laravel.
  • Cybersecurity achievements
    1. Joined a government attack and defense exercise halfway through and ranked second among approximately 90 attackers as a newcomer. Discovered over 140 vulnerabilities and received corresponding rewards.
    2. Capable of manually bypassing a web application firewall (WAF) to achieve attacks that are difficult for tools to accomplish.
    3. Independently developed scanning and attack tools (such as CVE PoCs, scanners for specific vulnerabilities, PHP & ASPX webshells), using technologies including but not limited to curl, socket, multi-thread.
  • Others
    1. Ranked 344th individually, and 153rd as a team in HTB within four months.
    2. Participated in patching the security vulnerability in the open-source project phpMyAdmin.
    3. A total of at least 34 CVEs have been applied for. Only some are listed as follows:
      1. Independently discovered several vulnerabilities on GSS Tracko, Radar.
        [The request to revoke the CVE ID has been made.(0.0), etc.]
      2. Independently discovered several vulnerabilities on InfoDoc ODMS.
        [The request to revoke the CVE ID has been made.(9.8), etc.]
      3. Independently discovered several vulnerabilities on DrayTek Vigor2925.
        [CVE-2019-16533(6.1), etc.]
      4. Independently discovered several vulnerabilities on ESRI ArcGIS Enterprise.
        [CVE-2019-16193(5.4)]
      5. Independently discovered several vulnerabilities on Avaya Scopia Desktop.
        [CVE-2019-6998(6.4), etc.]
      6. Independently discovered several vulnerabilities on phpMyAdmin.
        [CVE-2019-6798(9.8), etc.]
      7. Independently discovered several vulnerabilities on MyWebSQL.
        [CVE-2019-7731(9.8), etc.]
      8. Independently discovered several vulnerabilities on DbNinja.
        [CVE-2019-7747(9.6), etc.]
      9. Independently discovered several vulnerabilities on webERP.
        [CVE-2018-19434(7.2), etc.]
      10. Independently discovered several vulnerabilities on KindEditor.
        [CVE-2018-18950(7.5), etc.]
      11. Independently discovered several vulnerabilities on PHP-Proxy.
        [CVE-2018-19784(7.5), etc.]

經理   •  合群樹脂實業有限公司

九月 2016 - 五月 2018  |  Taipei, Taiwan

  • 1.客戶開發
      既有客戶聯繫
      找尋新客戶

    2.產品開發製造
      既有規格產品製造
      客製規格產品開發

    3.進銷存管理
      庫存盤點
      進貨
      銷貨
      EXCEL VBA 成本計算等

    4.帳務處理
      應收帳款
      應付帳款
      開立支票等

    5.資訊系統處理
      PC故障維修
      系統實轉虛等

    6.部屬任務安排

    7.廠房修繕

資訊副工程師  •  森霸電力股份有限公司

二月 2012 - 八月 2016  |  Taipei, Taiwan

  • 工作內容:

    1. 程式設計
      PHPBB架設及修改,作為公司公告系統。
      PHP撰寫個人電腦資訊查詢系統,作為採購、報廢等依據。
      PHP撰寫公司表單查詢系統
      PHP撰寫破解AD帳密程序,驗證資安問題。
      PHP撰寫SNMP抓流量並圖形化程序,提供同仁參考網路狀況。
      VB.NET撰寫多執行緒掃網段串改封包程序,驗證資安問題。
      Excel VBA, 公式, 圖表,協助倉管盤點及計算備品價值。
      查看廠商撰寫之電廠系統程式碼(JSP),並成功發現無效存取控管弱點。
      其它

    2. 系統管理
      Windows Server 2003管理
      DNS
      DHCP
      AD(GPO、權限等設定、Login Script)
      Server問題排除
      機房硬體設備(NAS、CDP、RAID)
      其它

    3. 網路管理
      封包攔截分析
      VLAN
      MAC Filter
      Switch
      Router
      Routing Table
      其它

    4. 個人電腦故障排除
      Windows XP、Windows 7
      Office(Excel、Word、Outlook)
      Printer
      IE
      其它

    5. 案件發包
    6. 物品請購
    7. 倉管
    8. 總機系統管理
    9. 文書處理
    10. 門禁&監視器處理
    11. 其他主管交辦事項

專案經理  •  竹貓星球數位股份有限公司

九月 2011 - 一月 2012  |  Taipei, Taiwan

  • 1. 台積電專案系統開發,採用PHP + MySQL + MSSQL。

PHP程式設計師  •  知識科技股份有限公司

十二月 2009 - 五月 2011  |  Taipei, Taiwan

  • 新人獎 - 2011

    工作內容:
    1. jQuery
    2. PHP
    3. MySQL
    4. CI MVC Framework

    5. Windows Server 2003
    6. DNS
    7. IIS
    8. File Server
    9. SVN Server
    10. CA Server

    11. 客制化 PHP 程式設計
    12. Yahoo EWS API
    13. PayPal API
    14. facebook API
    15. Google API

    16. 安全漏洞檢測,成功發現多項漏洞,並提報給公司負責人
    17. 效能等其他問題檢測