image
Pyae Phyo Thu

Pyae Phyo Thu

IT Security Analyst
Penetration Tester

About Me

IT Security Analyst, Penetration Tester

I am an IT Security Analyst/Penetration Tester @ Wave Money.

IT Security Analyst with 4+ years of total experience, 3 years experience in Professional Penetration Tester career. Have hands-on experience in web & mobile application security, active directory security, network security and vulnerability assessments along with different security testing tools. An Offensive Security Certified Professional hacker. I've found CVE-2020-8591, CVE-2020-8592 in eG Manager, which is one of the IT performance monitoring software. I was acknowledged by some Enterprise companies and listed in the Hall of Fame, including DELL, SAP, Lenovo, ASUS and other companies.

Services

Web Application Penetration Testing

Experienced in various web applications, frameworks, & CMS penetration testing

Mobile Application Penetration Testing

Experienced in black box, grey box penetration testing

API Penetration Testing

Experienced in REST, GraphQL APIs penetration testing

Network Penetration Testing

Experienced in external, internal, cloud infra penetration testing

Halls of Fame

Testimonials

Welcome and appreciate your efforts. It was very professional. (22 April, 2022)

Raja Kannan (Head - Technology Services)

Raja Kannan (Head - Technology Services)

eG Innovations

Thanks to your continuous support, sharing the security vulnerability, and keeping our cyber space secure. (16 November, 2018)

Wint Mie Thet (Senior Product Manager)

Wint Mie Thet (Senior Product Manager)

Oway Ride

Awesome work - you seem very skilled. Best of luck with university and career. (13 November, 2018)

Njal Gjermundshaug (Co-founder)

Njal Gjermundshaug (Co-founder)

Filemail

Great work! Thank you. (25 May, 2018)

Sven Eulberg (Co-Founder)

Sven Eulberg (Co-Founder)

netclusive GmbH

Resume

4 Years of Experience

Education

2014 - 2019

Computer Technology and Network Engineering

University of Computer Studies, Pathein (Myanmar)

Bachelor of Computer Technology

Experience

Mar 2022 - Current

IT Security Analyst

Wave Money

Recently joined Wave Money as an IT Security Analyst in March 2022.

Oct 2019 - Mar 2022

Former Cyber Security Specialist

RITZ Cyber Intelligence Services Co., LTD

Worked as a Professional Penetration Tester at RITZ , the largest holistic pure-play cyber security solutions provider in Myanmar.

May 2019 - Jul 2019

Former Cyber Security Specialist Intern

RITZ Cyber Intelligence Services Co., LTD

Joined the internship program of RITZ and learned penetration testing.

Jan 2017 - Dec 2019

Freelance Bug Bounty Hunter

Open Bug Bounty

Submitted various vulnerabilities to different companies and received rewards, including bug bounties, acknowledgements, and halls of fame.

Licenses & Certifications

Issued Dec 2021 - No Expiration Date

Offensive Security Certified Professional (OSCP)

Offensive Security

Verify

Issued Feb 2021 - Expires Feb 2024

CREST Registered Penetration Tester (CRT)

CREST

Waiting for Verification Process

Issued Feb 2021 - Expires Feb 2024

CREST Practitioner Security Analyst (CPSA)

CREST

Verify

Issued Dec 2020 - No Expiration Date

eLearnSecurity Web Application Penetration Tester eXtreme (eWAPTXv2)

eLearnSecurity

Verify

Honors & Awards

Feb 2020

CVE-2020-8592

eG Innovations, Inc

View

Feb 2020

CVE-2020-8591

eG Innovations, Inc.

View

Jan 2019

Acknowledgement

University of Oxford

View

Dec 2018

Acknowledgement

Lenovo

View

Nov 2018

Acknowledgement

APKPure

View

Nov 2018

Acknowledgements

iflix

View

Jan 2018

Myanmar Cyber Security Challenge (MCSC-2018)

Myanmar Computer Emergency Response Team - Mmcert

Won the first prize of MCSC-2018 with Team Triplet_P.
View

Dec 2016

Base CTF (Cyber Security Competition, Myanmar)

Base CTF

Won the second prize of BaseCTF with Team h3x.
View

Penetration Testing Skills

Web Application Penetration Testing

Android Application Penetration Testing

API Penetration Testing

Network Penetration Testing

Coding Skills

HTML5

PHP

Python

Javascript

Portfolio

My Gallery
CREST Practitioner Security Analyst (CPSA)

CREST Practitioner Security Analyst (CPSA)

Certifications
Offensive Security Certified Professional (OSCP)

Offensive Security Certified Professional (OSCP)

Certifications
Open Bug Bounty Certificate

Open Bug Bounty Certificate

Certifications
Acknowledgements

Acknowledgements

Acknowledgements, Bug Bounty
Base CTF – 2016

Base CTF – 2016

CTF
Myanmar Cyber Security Challenge 2018

Myanmar Cyber Security Challenge 2018

CTF
eWPTXv2

eWPTXv2

Certifications

Posts

My Diary

Contact

Get in Touch

+95 997-300-1679

Yangon, Myanmar

pyaephyoethu1998@gmail.com

Freelance Available

Want to Contact Me?