Posts

Interview with Cyber Security Talent: Thu Ya

Image
1. ညီရဲ့ အကြောင်းလေး ပြောပါဦး။ ကျွန်တော်သူရပါ။ ကျွန်တော် Cybersecurity ပိုင်းကို ၂၀၁၀ လောက်တုန်းက စဝင်ခဲ့ပါတယ်။ 2010 လောက်တုန်းက Network Security နဲ့ Microsoft AD Security ပိုင်းကို အဓိကထားလုပ်ခဲ့ပါတယ်။ 2015 မှာ မြန်မာကနေ ပထမဆုံး နိုင်ငံတော်က စီစဉ်ပေးတဲ့ CTF ကို Indonesia မှာသွားပြိုင်ခဲ့ပါတယ်။ ကျွန်တော် Telecom လောကမှာ Security ပိုင်းနဲ့ ၅ နှစ်လောက်လုပ်ခဲ့ပါတယ်။ Company အမျိုးမျိုးမှာ Position အမျိုးမျိုးနဲ့လုပ်ခဲ့ပါတယ်။ Security Engineer ကနေ Cyber Security Department Head အထိ ကြားထဲက position အမျိုးမျိုးနဲ့ တစ်ဆင့်ချင်းလုပ်ခဲ့ပါတယ်။ 2. ဘာကြောင့် Cyber Security ကို စိတ်ဝင်စားဖြစ်သွားတာလဲ? 2010 လောက်မှာ MICT Park မှာလုပ်လေ့ရှိတဲ့ IT related seminar တွေ သွားနားထောင်ဖြစ်ပါတယ်။ အဲ့တုန်းက Virus/Malware တွေ Network Security related topic တွေ နားထာင်မိပြီး စိတ်ဝင်စားသွားတာပါ။ အဲ့အချိန်တုန်းကတော့ လေ့လာရတာခက်ခဲပါတယ်။ Resource တွေလဲ သိပ်မရှိသလောက်ပါဘဲ။ YEHG ဝက်ဆိုဒ်ကိုလဲ တောက်လျှောက်ကြည့်ဖြစ်ပါတယ်။  3. ဂုဏ်ယူရတဲ့  အောင်မြင်မှုတွေရှိရင် ပြောပါဦး။ အသက် ၂၄ နှစ်မှာ ရန်ကုန်မှာ လစာတော်...

OSEP course and exam review

Image
 Introduction Hello guys, I would like to write a review about OSEP course and exam that I purchased in July 2021. During that time, my mind was feeling unwell and so I decided to take a course from Offsensive Security after I passed OSWE exam.  Course and lab review I subscribed OSEP for 3 months lab access because I am not very familiar with the course contents. You can download course syllabus from here . Once I can access to the course VPN, I started digging around the course PDF materials and I found that contents are really cool.  Last two years ago, I bought eCPTX course and found out that course contents and labs are really sucks but this time I am happy that I made the right decision.  Of course every course will not teach you all the things but the course contents are well organised and you will learn different antivirus bypass techniques like hiding macro inside word documents, process injection, process hollowing,  powershell in-memory evasion ..etc....

Interview with Cyber Security Talent: Min Ko Ko

Image
    1. ညီရဲ့ အကြောင်းလေး ပြောပါဦး။ ကျွန်တော်နာမည်အရင်းက မင်းကိုကိုပါ။ ဒီ Computer နယ်ပယ်ထဲစဝင်တုန်းက cyberoot ဆိုတဲ့ nickname ကြောင့်အများကတော့ KoRoot လို့ခေါ်ကြပါတယ်။ Computer ကျောင်းပြီးပြီး ၂ နှစ်ကျော်မှ Computer နယ်ပယ်ထဲသေချာဝင်ဖြစ်ပါတယ်။ မှတ်မှတ်ရရတော့ အသက် ၂၅ (2012)ကစပြီး web developing စပြီးလေ့လာဖြစ်တယ် အဲလိုကနေပဲ security အပိုင်းဆက်ပြီးလေ့လာဖြစ်ပါတယ်။ 2019 လောက်ကစပြီး web developing ပိုင်းသိပ်မလုပ်တော့ပဲ security အပိုင်းသီးသန့်လေ့လာဖြစ်ပါတယ်။ လက်ရှိကတော့ Creatigon မှာ Cyber Security သင်တန်းတွေသင်နေပါတယ်။ အားတဲ့အချိန်တော့ စာဖတ်လိုက် စမ်းလိုက်ပါပဲ။ 2. ဘာကြောင့် Ethical Hacking ကို စိတ်ဝင်စားဖြစ်သွားတာလဲ?   Web security ပဲပေါ့. ဒါက ကျွန်တော်ရဲ့ ပထမဆုံး web development လုပ်ထားတဲ့အတွေ့အကြုံတွေကို ကောင်းကောင်းအသုံးချခွင့်ရတယ်။ web security သိထားတော့ bug bounty တွေပါလိုက်ရှာကြည့်တယ်။ exploit, CVE တွေလည်း ရှာကြည့်ပါသေးတယ်။ အမှန်တိုင်းပြောရင် web ကလေ့လာရတာနည်းနည်းတော့ပိုများသလိုပဲ ဒါပေမယ့် အမြဲလေ့လာနေရင်တော့အဆင်ပြေသွားပါတယ်။ အခုတော့ Pentesting ကိုပိုလုပ်ဖြစ်ပါတယ်။ စိတ်ဝင်စ...

Interview with Cyber Security Talent: Hein Thant Zin

Image
The year of 2020 has proven the booming of Cybersecurity/ Ethical Hacking/ Bounty Hunting young talents in Myanmar.  YEHG is wholeheartedly proud to feature an awesome young cybersecurity talent, Hein Thant Zin. ______________________________   > A little bit about yourself Just another guy who’d love to find some random loopholes in Web Application and REST API. > What made you become obsessed with bug bounty? I passionate learning about Web Application vulnerabilities last year and wanted to make some profit from my experience so I decided to do Bug Bounty since then. > Please share how you achieved something you're personally most proud of? I built up Team 0xpwn with my two mates to participate in Myanmar Cyber Security Challenge 2019 and we won First Prize in both University level and Open Level.  Later, I participated in ASEAN Cyber Sea Game 2019 (Bangkok) and ASEAN Student Contest on Information Security 2019 ( Hanoi ) represented by Myanmar Team then I ...

Interview with Cyber Security Talent: Chan Nyein Wai

Image
Cybersecurity/ Ethical Hacking/ Bounty Hunting have been capturing the hearts of young talents in Myanmar.  YEHG is wholeheartedly proud to feature a  cybersecurity talent, Chan Nyein Wai. ______________________________        1. A little bit about yourself I am the one who interested about cyber security and technology.I like helping people , company and want  to make the internet a safer place. My name is Chan Nyein Wai. I am 19 years old and I am currently working as an associate in BIM Cybersecurity.  I am also learning Chinese language for Bachelor Degree in YUFL as 3rd year student.   2. What made you become obsessed with Cyber Security? I always interested in technology since I was young.When I started learning about cyber security , I wasted a lot of time on only one vulnerability like SQL injection. At first, I was doing it for fun but a small piece of advice from my friends changed my career. 3. Please share how you achieved fant...

Interview with Cyber Security Talent: Nay Myat Min

Image
  Cybersecurity/ Ethical Hacking/ Bounty Hunting have been capturing the hearts of young talents in Myanmar.  Today, YEHG is wholeheartedly proud to feature a  cybersecurity talent, Nay Myat Min. ______________________________   1. A little bit about yourself I am Nay Myat Min, a master’s student of Cyber Security at Mahidol University. I am currently working as an assistant manager at BIM Cybersecurity and Consulting. 2. What made you become obsessed with Cyber Security? It is almost magical how previous inventors created, and the security researchers found ways to overcome their obstacles. I wish to be someone like them who masters his craft,. I desire to understand in-depth how things work. Also, I am curious about how they react when approached in unintended ways, and I wish to investigate them systematically. 3. Please share how you achieved fantastic achievements. During my final year as a Network Engineering student, I received a Cisco scholarship for Cyber...

Interview with Cyber Security Talent: Nay Min Htet

Image
Cybersecurity/ Ethical Hacking/ Bounty Hunting have been capturing the hearts of young talents in Myanmar.  Today, YEHG is wholeheartedly proud to feature a  cybersecurity talent, Nay Min Htet . ______________________________   1. A little bit about yourself My name is Nay Min Htet, and I am working as a Cyber Security Specialist. I love exploring systems to gain a better understanding of how they operate, and how security loopholes in the systems can be exploited. I currently hold OSCP, CREST CRT and CPSA certifications. 2. What made you become obsessed with Cybersecurity? Curiosity has always been a driving force since I took up Cybersecurity. I stumbled upon web application flaws such as SQLi and XSS a few years ago. I couldn't help but wonder why it happened, and wanted to find out about it. So yes, it all started with a single quote ('). 3. Please share how you achieved OSCP. There are lots of articles out there mentioning how one should prepare for the OSCP cert....