Interview with Cyber Security Talent: Kaung Myat Min

By YEHG -

Cybersecurity/ Ethical Hacking/ Bounty Hunting have been capturing the hearts of young talents in Myanmar.  This time, YEHG is wholeheartedly proud to feature a youngest known-to-date 17-year old cybersecurity talent, Kaung Myat Min

______________________________

 


 

 
1. A little bit about yourself. 

I am just somebody who enjoys developing things and then breaking them. Sometimes I just break them though. People know me as Kaung Myat Min and I’m currently working as an Associate in BIM Cybersecurity. At the time of writing this, I am 17 years old.  

 

2. What made you become so obsessed with Cybersecurity? 

I didn’t get into cybersecurity until recently (1-2 years ago), however, I’ve always been
obsessed with thinking outside of the box, learning new things and technology.
I started my path towards cybersecurity through configuring routers and switches. After
countless hours of researching and writing hundreds of projects on network technology, I
moved on towards studying cybersecurity for my bachelor’s degrees.


During this time, my brother (Nay Myat Min) introduced me to Linux Operating System and
Network/Web Application Security as he had been in the cybersecurity field longer than I
have. Ever since then, I haven’t looked back. The high of bypassing authentication systems
and finding Remote Code Executions across servers and applications cannot be compared
to anything else that I know of.

 

3. Please share how you achieved certain achievements.

I graduated with cybersecurity and network major from Singapore, and I currently hold
eCPPT and OSCP and these achievements would not have been possible without platforms
such as HackTheBox, Tryhackme, etc., and CTF challenges. Somehow, I also had a diploma
in LCCI, but that path didn’t work out (haha).
The main source of guidance I got was probably from hacking books, YouTube videos and
blogs.


4. How do you foresee yourself in the next couple of years?

My current short-term goals are to crack the OSWE exam and research on new web
application security vulnerabilities. During the studies of OSWE, I have fallen in love white
box penetration testing, and source codes; I believe I will be learning further about web
application technologies in the nearer future.

I also have an eye on studying binary exploitation, reverse engineering and malware analysis
if I have time.

But in terms of my career path, I would love to work for Big 4 companies, and perhaps if I get
lucky enough as a security researcher for world-famous companies such as Fortinet, Splunk
and Crowdstrike.


5. What do you like to tell about anyone pursuing Cybersecurity?

I am pretty sure the time has never been better to learn new technologies. With all the free
time we have during COVID, and the blooming of hacking tutorials and platforms, it has
never been easier to get into.
One thing I definitely recommend anyone going into IT field though is to learn programming.
Just about any language.

 

6. Please share how we can follow you in social networks.

Feel free to connect me on LinkedIn - https://linkedin.com/in/kaung-myat-min/

Popular posts from this blog

CubeCart 3.0.20 (3.0.x) and lower | Multiple Cross Site Scripting Vulnerabilities

By YGN Ethical Hacker Group -
1. OVERVIEW CubeCart 3.0.20 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful online store which can be used to sell digital or tangible products to new and existing customers all over the world. 3. VULNERABILITY DESCRIPTION Multiple parameters are not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. 4. VERSIONS AFFECTED 3.0.20 and lower (aka 3.0.x family) 5. Affected URLs and Parameters /admin/adminusers/permissions.php (adminId parameter) /admin/categories/index.php (cat_name parameter) /admin/categories/languages.php (cat_master_id parameter) /admin/customers/ (
Read more

Open-Realty CMS 3.x | Persistent Cross Site Scripting (XSS) Vulnerability

By YGN Ethical Hacker Group -
1. OVERVIEW Open-Realty CMS 3.x versions are vulnerable to Persistent Cross Site Scripting (XSS). 2. BACKGROUND Open-Realty is the world's leading real estate listing marketing and management CMS application, and has enjoyed being the real estate web site software of choice for professional web site developers since 2002. 3. VULNERABILITY DESCRIPTION Multiple parameters are not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. 4. VERSIONS AFFECTED 3.x 5. PROOF-OF-CONCEPT/EXPLOIT /admin/ajax.php (parameter: title, full_desc, ta) /////////////////////////////////////////////////////// POST /admin/ajax.php?action=ajax_update_listing_data HTTP/1.1 Host: localhost Content-Length: 574 Origin: http://localhost X-Requested-With: XMLHttpRequest Content-Type: application/x-www-form-urlencoded
Read more

OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities (CVE-2012-0872)

By YGN Ethical Hacker Group -
1. OVERVIEW OxWall 1.1.1 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Oxwall is a free open source software package for building social networks, family sites and collaboration systems. It is a flexible community website engine developed with the aim to provide people with a well-coded, user-friendly software platform for social needs. It is easy to set up, configure and manage Oxwall while you focus on your site idea. We are testing the concept of free open source community software for complete (site,sub-site setups) and partial (widgets,features) community and collaboration solutions for companies and individuals. 3. VULNERABILITY DESCRIPTION Multiple parameters were not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. 4. VERSIONS AFFECTED 1.1.1 and lower 5. PROOF-OF-CONCE
Read more