Pyae Phyo Thu

About Me

IT Security Analyst, Penetration Tester

I am an IT Security Analyst/Penetration Tester @ Wave Money.

IT Security Analyst with 4+ years of total experience, 3 years experience in Professional Penetration Tester career. Have hands-on experience in web & mobile application security, active directory security, network security and vulnerability assessments along with different security testing tools. An Offensive Security Certified Professional hacker. I've found CVE-2020-8591, CVE-2020-8592 in eG Manager, which is one of the IT performance monitoring software. I was acknowledged by some Enterprise companies and listed in the Hall of Fame, including DELL, SAP, Lenovo, ASUS and other companies.

Services

Web Application Penetration Testing

Experienced in various web applications, frameworks, & CMS penetration testing

Mobile Application Penetration Testing

Experienced in black box, grey box penetration testing

API Penetration Testing

Experienced in REST, GraphQL APIs penetration testing

Network Penetration Testing

Experienced in external, internal, cloud infra penetration testing

Halls of Fame

Testimonials

Resume

4 Years of Experience

Education

2014 - 2019

Computer Technology and Network Engineering

University of Computer Studies, Pathein (Myanmar)

Bachelor of Computer Technology

Experience

Mar 2022 - Current

IT Security Analyst

Wave Money

Recently joined Wave Money as an IT Security Analyst in March 2022.

Oct 2019 - Mar 2022

Former Cyber Security Specialist

RITZ Cyber Intelligence Services Co., LTD

Worked as a Professional Penetration Tester at RITZ , the largest holistic pure-play cyber security solutions provider in Myanmar.

May 2019 - Jul 2019

Former Cyber Security Specialist Intern

RITZ Cyber Intelligence Services Co., LTD

Joined the internship program of RITZ and learned penetration testing.

Jan 2017 - Dec 2019

Freelance Bug Bounty Hunter

Open Bug Bounty

Submitted various vulnerabilities to different companies and received rewards, including bug bounties, acknowledgements, and halls of fame.

Licenses & Certifications

Issued Dec 2021 - No Expiration Date

Offensive Security Certified Professional (OSCP)

Offensive Security
Issued Feb 2021 - Expires Feb 2024

CREST Registered Penetration Tester (CRT)

CREST
Issued Feb 2021 - Expires Feb 2024

CREST Practitioner Security Analyst (CPSA)

CREST
Issued Dec 2020 - No Expiration Date

eLearnSecurity Web Application Penetration Tester eXtreme (eWAPTXv2)

eLearnSecurity

Honors & Awards

Feb 2020

CVE-2020-8592

eG Innovations, Inc
Feb 2020

CVE-2020-8591

eG Innovations, Inc.
Jan 2019

Acknowledgement

University of Oxford
Dec 2018

Acknowledgement

Lenovo
Nov 2018

Acknowledgement

APKPure
Nov 2018

Acknowledgements

iflix
Jan 2018

Myanmar Cyber Security Challenge (MCSC-2018)

Myanmar Computer Emergency Response Team - Mmcert

Won the first prize of MCSC-2018 with Team Triplet_P.
View

Dec 2016

Base CTF (Cyber Security Competition, Myanmar)

Base CTF

Won the second prize of BaseCTF with Team h3x.
View

Penetration Testing Skills

Web Application Penetration Testing

Android Application Penetration Testing

API Penetration Testing

Network Penetration Testing

Coding Skills

HTML5

PHP

Python

Javascript

Portfolio

My Gallery
CREST Registered Penetration Tester (CRT)

CREST Registered Penetration Tester (CRT)

Certifications
CREST Practitioner Security Analyst (CPSA)

CREST Practitioner Security Analyst (CPSA)

Certifications
Offensive Security Certified Professional (OSCP)

Offensive Security Certified Professional (OSCP)

Certifications
Open Bug Bounty Certificate

Open Bug Bounty Certificate

Certifications
Acknowledgements

Acknowledgements

Acknowledgements, Bug Bounty
Base CTF – 2016

Base CTF – 2016

CTF
Myanmar Cyber Security Challenge 2018

Myanmar Cyber Security Challenge 2018

CTF
eWPTXv2

eWPTXv2

Certifications

Contact

Get in Touch

+95 997-300-1679

Yangon, Myanmar

pyaephyoethu1998@gmail.com

Freelance Available

Want to Contact Me?