Pyae Phyo Thu

Pyae Phyo Thu

Cyber Security Specialist

Penetration Tester

About Me

Cyber Security Specialist, Penetration Tester

I am a Junior Cyber Security Specialist/Penetration Tester @ RITZ.com.mm

Over 3 years of total experience, with 2 years in professional penetration tester career, I've identified major security vulnerabilities in well-known enterprise companies of Myanmar. Also, I am an experienced penetration tester trained in web application penetration testing, android application penetration testing, and Network penetration testing. I've found CVE-2020-8591, CVE-2020-8592 in eG Manager, which is one of the IT performance monitoring software. I was acknowledged by some enterprise companies and listed in Halls of Fame, including DELL, SAP, Lenovo, ASUS and other companies.

What Can I Do

Web Application Penetration Testing

Experienced in various web applications, frameworks, & CMS penetration testing

Android Application Penetration Testing

Experienced in black box, grey box penetration testing

API Penetration Testing

Experienced in REST, GraphQL API penetration testing

Network Penetration Testing

Experienced in external, internal, cloud infra penetration testing

Halls of Fame

CVE-2020-8591, 8592 on eG Manager

Resume

4 Years of Experience

Education

2014 - 2019

Computer Technology and Network Engineering

University of Computer Studies, Pathein (Myanmar)

Bachelor of Computer Technology

Experience

Oct 2019 - Current

Junior Cyber Security Specialist

RITZ Cyber Intelligence Services Co., LTD

Started working as a Professional Penetration Tester at RITZ , the largest holistic pure-play cyber security solutions provider in Myanmar.

May 2019 - Jul 2019

Cyber Security Specialist Intern

RITZ Cyber Intelligence Services Co., LTD

Joined the internship program of RITZ and learned penetration testing.

Jan 2017 - Dec 2019

Freelance Bug Bounty Hunter

Open Bug Bounty

Submitted various vulnerabilities to different companies and received rewards, including bug bounties, acknowledgements, and halls of fame.

Licenses & Certifications

Issued Dec 2021 - No Expiration Date

Offensive Security Certified Professional (OSCP)

Offensive Security

Issued Feb 2021 - Expires Feb 2024

CREST Registered Penetration Tester (CRT)

CREST

Waiting for Verification Process

Issued Feb 2021 - Expires Feb 2024

CREST Practitioner Security Analyst (CPSA)

CREST

Issued Dec 2020 - No Expiration Date

eLearnSecurity Web Application Penetration Tester eXtreme (eWAPTXv2)

eLearnSecurity

Honors & Awards

Feb 2020

CVE-2020-8592

eG Innovations, Inc

Feb 2020

CVE-2020-8591

eG Innovations, Inc.

Jan 2019

Acknowledgement

University of Oxford

Dec 2018

Acknowledgement

Lenovo

Nov 2018

Acknowledgement

APKPure

Nov 2018

Acknowledgements

iflix

Jan 2018

Myanmar Cyber Security Challenge (MCSC-2018)

Myanmar Computer Emergency Response Team - Mmcert

Won the first prize of MCSC-2018 with Team Triplet_P.
View

Dec 2016

Base CTF (Cyber Security Competition, Myanmar)

Base CTF

Won the second prize of BaseCTF with Team h3x.
View

Penetration Testing Skills

Web Application Penetration Testing

Android Application Penetration Testing

API Penetration Testing

Network Penetration Testing

Coding Skills

HTML5

PHP

Python

Javascript

Portfolio

My Gallery

All
Acknowledgements
Bug Bounty
Certifications
CTF

CREST Practitioner Security Analyst (CPSA)

Offensive Security Certified Professional (OSCP)

Open Bug Bounty Certificate

Acknowledgements

Base CTF – 2016

Myanmar Cyber Security Challenge 2018

eWPTXv2

Posts

My Diary

CVE SQL Injection

19 Aug 2021

eG Manager v7.1.2: SQL Injection lead to Remote Code Execution (CVE-2020-8592)

CVE Improper Access Control

17 Aug 2021

eG Manager v7.1.2: Improper Access Control lead to Remote Code Execution (CVE-2020-8591)

See All Posts

Contact

Get in Touch

+95 997-300-1679

Yangon, Myanmar

pyaephyoethu1998@gmail.com

Freelance Available

Want to Contact Me?