TaiYou


I'm TaiYou, also known as Sun. A experienced developer and security researcher with a strong background in software development and information security. Skilled in identifying, analyzing security risks, with a proven track record in both technical projects and security research. Welcome to my Linkedin to know more about me, or contact me directly!

I also write articles on my blog about my learning notes and related articles. Welcome to take a look!


Experience

IT Security Intern Engineer

Taiwan Semiconductor Manufacturing Company (TSMC)
  • Conducted vulnerability research in the Information Security Operations Center (ISOC).
August 2024 - September 2024, 2 months

Web Security Intern Researcher

DEVCORE
  • Selected for the 2024 fifth internship program, joined the Web team for vulnerability research.
  • Successfully discovered ten vulnerabilities in Moodle (one of the top two open-source Learning Management Systems worldwide, with over 400 million registered users) and created a low-privilege RCE attack chain.
  • Identified two RCE vulnerabilities in Typora: CVE-2024-41481 and CVE-2024-41482.
March 2024 - July 2024, 5 months

IT DevOps Intern Engineer

Taiwan Semiconductor Manufacturing Company (TSMC)
  • Worked as a Summer Intern on the TSID / Manufacturing System Integration Project (MFGSIP).
  • Developed a Black Box Testing Tool with SpringBoot, enabling developers to perform regression testing quickly and conveniently, automating previously manual testing processes.
July 2023 - August 2023, 2 months

Backend Engineer

Robo Web Tech Co., Ltd.
  • Responsible for backend development of new product systems (Laravel), co-designed and planned system features, and refactored legacy APIs to improve performance and maintainability. Enhanced response times of specific features by over 75% through SQL and Laravel optimization.
  • Implemented CI and containerization, adding automated testing and reporting to reduce code review time, cutting deployment and testing time from 3-4 hours per week to just five minutes.
  • Advanced automated testing, raising code coverage on primary projects (Laravel w/ phpunit) by over 30%.
  • Containerized several third-party APIs as microservices, improving ease of deployment and maintenance for the team.
September 2022 - February 2023, 6 months

Backend Intern

Robo Web Tech Co., Ltd.
  • Assisted in achieving PCI DSS certification.
  • Developed backend integrations for third-party payment systems using PHP and Laravel, co-designed and built backend systems for new products.
November 2021 - August 2022, 10 months

Backend Intern

Robo Web Tech Co., Ltd.
  • Helped design and develop an invoice upload system with Laravel, integrating with the Ministry of Finance’s Turnkey system and internal systems, automating electronic invoice issuance. The system generated nearly 10,000 invoices monthly, saving thousands of NTD dollars annually.
July 2021 - September 2021, 3 months

Software Testing Intern

Robo Web Tech Co., Ltd.
  • Conducted website functionality testing, identifying and reporting several website vulnerabilities.
  • Developed an automated tool in Python that streamlined the credit review process, reducing a daily 3-hour workload to just five seconds.
July 2019 - September 2019, 3 months

Works

"CCoE Cybersecurity Elite Talent Training Program" registration website

  • Served as the backend developer for the "CCoE Cybersecurity Elite Talent Training Program" registration website, responsible for development and deployment. Collaborated with a frontend partner to complete the project rapidly in under two months.
May 2022 - June 2022, 2 months

Dadaocheng Information Platform

  • Collaborated with a frontend partner on the Ministry of Science and Technology project for the Department of Architecture at National Taiwan University of Science and Technology: "Taiwan, Latvia, and Lithuania Trilateral Cooperation Project: 'An Up-to-Date Urban Regeneration Information System.'" Developed a system using maps and articles to help the public understand Dadaocheng.
  • Responsibilities included backend design and development (using Laravel), communicating requirements with stakeholders, task allocation, and server management.
  • News: Xinmediaid SHOW
December 2020 - March 2022, 1 year 4 months

National Central University Dormitory Checkout System

  • Collaborated with three other partners in the studio to develop the National Central University Dormitory Checkout System. To date, over 10,000 unique students have used the system, successfully digitizing the checkout process and accelerating administrative workflows.
  • Responsibilities included backend design and development (using Laravel), server management, and team leadership.
July 2020 - September 2020, 3 months

Industry-Academia Collaboration Project between NTUST and International Games System Co., Ltd.

  • Participated in a blockchain game research project, responsible for research and development of blockchain games using Cocos Creator and TypeScript.
January 2020 - December 2020, 1 year

Education

National Yang Ming Chiao Tung University

Master
Computer Science and Engineering
February 2023 - Present

National Taiwan University of Science and Technology

Bachelor
Computer Science and Information Engineering
September 2018 - June 2022

Awards

  • 3rd Place

    2024 Aegis CTF
    November 2024
  • Excellence Award

    Taiwan Academic Network Center for Cyber Security Teconology
    • Ranked fourth in the nationwide penetration testing exercise among universities in Taiwan, awarded "Excellence." Successfully identified a total of 31 vulnerabilities, including 8 critical, 15 high, 7 medium, and 1 low impact.
    January 2024
  • 7th Place

    2023 Aegis CTF
    November 2023
  • Taiwan Star

    HITCON CTF Final 2023
    • Competed as team abscisins, achieving first place among Taiwanese teams in the finals.
    November 2023
  • Best Project Award

    2023 Advanced Information Security Summer School(AIS3)
    • In the 2023 AIS3 course, led a team of three members in identifying bugs within Moodle, one of the world’s top two open-source learning management systems with over 400 million registered users. The project earned the Best Project Award in the "Web Security" category.
    • Responsibilities included:
      • Leading the team, assigning tasks, and providing basic guidance
      • Discovering five bugs
    July 2023
  • 2rd Place

    InnoServe Award 2021 - Application Category
    • Video
    • Participated with the project titled "Integrating Virtualized IoT into Secure Software Development Processes," achieving Second Place in the Information Application Category.
    November 2021
  • Honorable Mention

    InnoServe Award 2021 - Cyber Security Category
    • Video
    • Participated with the project titled "Integrating Virtualized IoT into Secure Software Development Processes," achieving Second Place in the Information Application Category.
    November 2021
  • Bronze Award

    2017 MyFirstCTF
    February 2018

Contributions


Certifications

OSWA

Courses

4th TeamT5 Security Camp

Team T5
  • Passed the preliminary written test selection with a vulnerability research topic, focusing on CVE-2023-37144 and CVE-2022-42168 vulnerability research and reproduction (details available in this article).
  • During the five-day course, collaborated with teammate pwn2ooown to complete the project "Deep in ASUS RT Series Routers' Multiple Vulnerabilities," researching and reproducing several vulnerabilities in ASUS RT series routers, including CVE-2023-28702, CVE-2023-28703, CVE-2023-35086, and CVE-2023-35087.
2024

9th TAIWAN Holy High

Information Security Incubation Program
2024 ~ 2025

8th TAIWAN Holy High

Information Security Incubation Program
2023 ~ 2024

Advanced Information Security Summer School(AIS3)

Information Security Incubation Program
  • Participated in the "Web Security" track, where, over the seven-day course, combined course knowledge with teammates to complete the project "I Pronounce it as Moodle but My Teammates Say Moodle."
  • Discovered bugs in the Moodle project (one of the top two open-source learning management systems worldwide, with over 400 million registered users), winning the Best Project Award out of ten teams.
2023

Advanced Information Security Summer School(AIS3)

Information Security Incubation Program
  • Participated in the "Web Security" track and, over the seven-day course, combined course knowledge with teammates to complete the project "The ZeroDay You Didn’t Notice."
  • Researched multiple open-source CMS, including Targets, AeroCMS, CouchCMS, phpwcms, and WonderCMS, successfully discovering several vulnerabilities.
2022