<aside>
π¨πΌβπ» A Cyber Security professional with experience in Web Application Security, Bug Bounties, Reverse Engineering, Linux Security and XDR research. Currently located in Singapore πΈπ¬.
</aside>
Contact
π§ [email protected]
π www.linkedin.com/in/chan-jin-hao/
πΎ github.com/jinhaochan
π hackerone.com/enyei
Experience
Lead Cybersecurity Researcher
Acronis*, Singapore β (Aug 2021 - Present)*
Web Hosting Security
- Evaluated security products on the market through offensive testing and reverse engineering, and generated feature requirements for product development
- Developed novel technique of Context-Aware File Integrity Monitoring, which when fed the right context, was able to reduce the amount of alerts to O(1)
- Developed a PoC PHP Malware Engine workflow that uses ASTs for static code analysis for obfuscated webshells
- Designed , Prototyped and Built a Threat Hunting query language https://www.acronis.com/en-sg/blog/posts/threat-hunting-for-msps/
- Tinkering with ASTs here and there
Configuration Assessment
- Curated and ranked CIS Windows security configurations to help companies get a sense of their security posture
Threat Modelling
- Performed Threat Modelling for a large internal software by creating dataflow diagrams and applying STRIDE on the interactions
- Worked with stakeholders to validate the representations of the dataflow, threat scenarios and remediation actions
XDR Research
- Performed competitive analysis on various EDR/XDR products to eventually draft product requirements
- Conceptualized the dataflow diagram of the XDR from data ingestion, ETL, to outputs to the users
- Researched on correlation use cases between detection logs to form an overview of the attack scenarios