Pyae Phyo Thu

About Me

IT Security Analyst, Penetration Tester

I am an IT Security Analyst/Penetration Tester @ Wave Money.

I am an experienced IT Security Analyst and Penetration Tester with over 5 years of total experience, including 4+ years in the Professional Penetration Tester career, have hands-on experience in web and mobile application penetration testing, infrastructure penetration testing such as active directory and cloud environments, vulnerability assessments, and different security testing tools.

I hold several hands-on certificates, including OSCP, CRT, CPSA, eWPTX, eMAPT, and CRTP. I discovered two RCE vulnerabilities (CVE-2020-8591, CVE-2020-8592) in eG Manager, an IT performance monitoring software, and also was acknowledged by several Enterprise companies and listed in their Hall of Fame, including DELL, SAP, Lenovo, ASUS, and others.

I am passionate about staying up-to-date with the latest security trends and technologies and am always seeking to expand my knowledge and skills. I am excited to leverage my experience and skills to help clients improve their security posture and protect against potential threats.

Services

Web Application Penetration Testing

Experienced in various web applications, frameworks, & CMS penetration testing

Mobile Application Penetration Testing

Experienced in black box, grey box penetration testing

API Penetration Testing

Experienced in REST, GraphQL APIs penetration testing

Network Penetration Testing

Experienced in external, internal, cloud infra penetration testing

Halls of Fame

Testimonials

Resume

4 Years of Experience

Education

2014 - 2019

Computer Technology and Network Engineering

University of Computer Studies, Pathein (Myanmar)

Bachelor of Computer Technology

Experience

Mar 2022 - Current

IT Security Analyst

Wave Money

Recently joined Wave Money as an IT Security Analyst in March 2022.

Oct 2019 - Mar 2022

Former Cyber Security Specialist

RITZ Cyber Intelligence Services Co., LTD

Worked as a Professional Penetration Tester at RITZ , the largest holistic pure-play cyber security solutions provider in Myanmar.

May 2019 - Jul 2019

Former Cyber Security Specialist Intern

RITZ Cyber Intelligence Services Co., LTD

Joined the internship program of RITZ and learned penetration testing.

Jan 2017 - Dec 2019

Freelance Bug Bounty Hunter

Open Bug Bounty

Submitted various vulnerabilities to different companies and received rewards, including bug bounties, acknowledgements, and halls of fame.

Licenses & Certifications

Issued Feb 2023 - No Expiration Date

Certified Red Team Professional (CRTP)

Altered Security
Issued Jan 2023 - No Expiration Date

eLearnSecurity Mobile Application Penetration Tester (eMAPT)

eLearnSecurity
Issued Dec 2021 - No Expiration Date

Offensive Security Certified Professional (OSCP)

Offensive Security
Issued Feb 2021 - Expires Feb 2024

CREST Registered Penetration Tester (CRT)

CREST
Issued Feb 2021 - Expires Feb 2024

CREST Practitioner Security Analyst (CPSA)

CREST
Issued Dec 2020 - No Expiration Date

eLearnSecurity Web Application Penetration Tester eXtreme (eWAPTXv2)

eLearnSecurity

Honors & Awards

Feb 2020

CVE-2020-8592

eG Innovations, Inc
Feb 2020

CVE-2020-8591

eG Innovations, Inc.
Jan 2019

Acknowledgement

University of Oxford
Dec 2018

Acknowledgement

Lenovo
Nov 2018

Acknowledgement

APKPure
Nov 2018

Acknowledgements

iflix
Jan 2018

Myanmar Cyber Security Challenge (MCSC-2018)

Myanmar Computer Emergency Response Team - Mmcert

Won the first prize of MCSC-2018 with Team Triplet_P.
View

Dec 2016

Base CTF (Cyber Security Competition, Myanmar)

Base CTF

Won the second prize of BaseCTF with Team h3x.
View

Penetration Testing Skills

Web Application Penetration Testing

Android Application Penetration Testing

API Penetration Testing

Infra Network Penetration Testing

Coding Skills

PHP

Python

Javascript

Portfolio

My Gallery
Altered Security

Altered Security

Certifications
CREST

CREST

Certifications
Offensive Security

Offensive Security

Certifications
Open Bug Bounty Certificate

Open Bug Bounty Certificate

Certifications
Acknowledgements

Acknowledgements

Acknowledgements, Bug Bounty
Base CTF – 2016

Base CTF – 2016

CTF
Myanmar Cyber Security Challenge 2018

Myanmar Cyber Security Challenge 2018

CTF
eLearnSecurity

eLearnSecurity

Certifications

Contact

Get in Touch

+95 997-300-1679

Yangon, Myanmar

pyaephyoethu1998@gmail.com

Freelance Available

Want to Contact Me?