Interview with CyberSecurity Talent: Ethan

By YGN Ethical Hacker Group -


1) A bit about yourself
Everyone call me Ethan. I am just one of the Cyber Security Enthusiastics like others.


2) What made you become obsessed with CyberSecurity?

I have been interesting in Cyber Security (Defensive) since I was young. I only interested how to secure my systems and network even when everyone was talking about the programming. My interest was getting stronger when I found out what I could do with the registry in Windows XP. I still remember that I was having fun to use bootable CD and reset the admin password and other students' passwords when I was in Systems Engineer class.

Unfortunately, I  couldn't have a chance to pursue my interest a lot as resources were not be found as easily as they are right now back in 2005-2008.

3) Please share how you achieved OSCP certification / any recent certification if any.

If you are looking for an inspiration story, you won’t find it here because I just don’t have it. But if you are looking why did I take an exam and decided to become an OffSec Certified Professional, keep reading.

It was a funny story how did I become an Offensive Security Certified Professional. I didn't have a plan to go for an offensive side as I was more into defensive at first. The reason I switched side is that I just tired of those people who identified themselves as hackers and how great they are at hacking.

I myself is a doer, not a talker (I never like big-mouths). Therefore, I was searching the best certificate in the industry and goes for it. After several hrs, this sentence, "Created by the founders of Kali Linux", did catch my eyes. I thought maybe this certificate can shut the hell off talkers' mouths. (at least in front of me)

Then, I was reading feedbacks about this certificate and I saw that people described this certificate as a real deal compare to other certs such as CISSP, SANS, CEH, etc. There is only way to find out whether it's a truth or not ...  you go for it.

You can pass the exam if you pay enough attention and a little research/google. I am not saying that OSCP exam can be passed easily either since I also did put a lot of energy into it.

This is where my full-time penetration testing career has started and I was really enjoyed it. After couple years later, I was bored what I was doing. I was bored because I wanted more, I wanted to get the full chain of the systems whenever I am testing. In order to do that, I need to understand more and up-to-date with the defensive controls. This is why I am working as a Threat Hunter in one of the best Blue Team in Singapore.

4) How do you foresee yourself in next couple of years?

I will become a better Penetration Tester/Red Teamer who can avoid/evade most of the defensive controls.

5) What do you like to tell about anyone pursuing cybersecurity?

I worked as a Systems Engineer and Network Engineer like most of people in Myanmar. I am really bad at coding. I am lazy. I have no passion like Ko Aung Khant, Ko Ye Yint, Kyaw Thiha and Kaung Htet. It is highly likely that you don't even heard my name before.

Even I can do it, there is no way you cannot do it. Give yourself a shot. Put your energy in it. Do not waste your life by doing what others have already done. Do something different, something better. This is an era of Cyber Security. So, Buckle up! Pass your exam, get your axx out of there and face the real enterprise in here. We always need a talented people like you.

Following are the certifications I've achieved so far.

OSCP, OSWP, CERT CPSA, CERT CRT-Pen, VCP6-DCV, LPIC Sys Admin, MCITP (2010), CCNA (2010), MTCNA, MTCUME,  CIW v5 Associate.

6) Please share how someone can follow you.

Stop using social network. Be a professional and add me on LinkedIn, via the url mentioned below, if you wish.
http://linkedin.com/in/ethan26k

Focus on your study.  Never limit yourself over the words of random people.

Popular posts from this blog

CubeCart 3.0.20 (3.0.x) and lower | Multiple Cross Site Scripting Vulnerabilities

By YGN Ethical Hacker Group -
1. OVERVIEW CubeCart 3.0.20 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful online store which can be used to sell digital or tangible products to new and existing customers all over the world. 3. VULNERABILITY DESCRIPTION Multiple parameters are not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. 4. VERSIONS AFFECTED 3.0.20 and lower (aka 3.0.x family) 5. Affected URLs and Parameters /admin/adminusers/permissions.php (adminId parameter) /admin/categories/index.php (cat_name parameter) /admin/categories/languages.php (cat_master_id parameter) /admin/customers/ (
Read more

Open-Realty CMS 3.x | Persistent Cross Site Scripting (XSS) Vulnerability

By YGN Ethical Hacker Group -
1. OVERVIEW Open-Realty CMS 3.x versions are vulnerable to Persistent Cross Site Scripting (XSS). 2. BACKGROUND Open-Realty is the world's leading real estate listing marketing and management CMS application, and has enjoyed being the real estate web site software of choice for professional web site developers since 2002. 3. VULNERABILITY DESCRIPTION Multiple parameters are not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. 4. VERSIONS AFFECTED 3.x 5. PROOF-OF-CONCEPT/EXPLOIT /admin/ajax.php (parameter: title, full_desc, ta) /////////////////////////////////////////////////////// POST /admin/ajax.php?action=ajax_update_listing_data HTTP/1.1 Host: localhost Content-Length: 574 Origin: http://localhost X-Requested-With: XMLHttpRequest Content-Type: application/x-www-form-urlencoded
Read more

OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities (CVE-2012-0872)

By YGN Ethical Hacker Group -
1. OVERVIEW OxWall 1.1.1 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Oxwall is a free open source software package for building social networks, family sites and collaboration systems. It is a flexible community website engine developed with the aim to provide people with a well-coded, user-friendly software platform for social needs. It is easy to set up, configure and manage Oxwall while you focus on your site idea. We are testing the concept of free open source community software for complete (site,sub-site setups) and partial (widgets,features) community and collaboration solutions for companies and individuals. 3. VULNERABILITY DESCRIPTION Multiple parameters were not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. 4. VERSIONS AFFECTED 1.1.1 and lower 5. PROOF-OF-CONCE
Read more