Cybersecurity Master's Student @ Toronto Metropolitan University
Penetration Testing β’ Web Security β’ Vulnerability Research β’ Purple Team
I'm a cybersecurity student and security researcher from Vietnam, currently pursuing a Master of Cybersecurity at Toronto Metropolitan University.
My main focus is on web application security, API security, penetration testing, vulnerability research, CTFs, and defensive security. I previously worked at Viettel Cyber Security, where I gained hands-on experience in web, API, mobile, and internal security assessments, vulnerability reproduction, PoC development, and technical reporting.
Iβm especially interested in growing toward a Purple Team path, combining offensive security knowledge with practical detection, incident response, and security analysis.
- Web Application Security & API Security
- Penetration Testing & Vulnerability Assessment
- Authentication, Access Control, IDOR, SSRF, XSS, SQLi, Command Injection
- Burp Suite-based testing and exploit validation
- CTF-style exploitation, reverse engineering, and forensics
- SOC fundamentals, SIEM analysis, DFIR learning, and Purple Team workflows
- Security research, CVE analysis, and technical writeups
- Former Penetration Tester and Web Security Engineering Intern at Viettel Cyber Security
- Burp Suite Certified Practitioner
- Public vulnerability disclosures: CVE-2026-39363 and CVE-2026-43885
- CTF player with experience in Web, Crypto, Pwn, Reverse Engineering, Forensics, and Misc challenges
- Former CTF Team Leader at VNU-UET Security Laboratory
- Interested in both offensive and defensive security: AppSec, SOC, DFIR, Detection Engineering, and Purple Teaming
- DeepExploitFlow β AI-assisted penetration testing workflow project using Python, LLMs, and security automation
- CTF Writeups & Security Notes β practical writeups, exploit notes, and cybersecurity learning materials
- Vulnerability Research β analysis and reproduction of real-world security issues
- Incident Response, Windows/Linux Forensics, and Malware Analysis
- SIEM Detection with Splunk and log analysis
- Security standards: ISO 27001, NIST CSF, CIS Controls, SOC 2, PCI DSS
- Advanced Web Security, OAuth/OIDC, LLM Security, and Cloud Security fundamentals


