(Ivan)
01CTF Writeups
02Works
CyberQuest — learn real cyber skills, one case at a time
✓ cyber-quest.pages.devA calm, cross-generational cyber-skills game. Every case is playable two ways on one objective — an accessible visual puzzle or a real terminal — so a curious 12-year-old and a 60-year-old learn side by side.
Solve cases across a story-gated world map that unlocks as you progress, earn achievement badges for real mastery (solve both ways, finish with no hints, clear a region), and get nudged by an AI hint co-pilot that never gives the answer away. Built test-first, with a Skills Passport of genuine, NICE-aligned competencies.
Offline-first, keyboard- and screen-reader-friendly, light or dark. Intrinsic motivation by design — no streaks, no dark patterns.
Under the hood: a framework-free, strict-TypeScript core (no any) drives both play modes from a single case contract; React 19 shell, Cloudflare Workers AI hints with an authored fallback, Supabase auth with offline-first sync, and a CI gate — typecheck, lint, and 350+ tests including automated accessibility — on every commit.
CyberGuard — cybersecurity training that feels like a game
✓ cyberguard.ivanthan.ukPlay through 100+ real scams from 13 countries. Five adaptive skill tiers — from password basics to APT defense. Built for everyone from kids to security professionals.
Pick your skill tier — Kids, Teens, Adults, Seniors, or Expert — and play through missions built from actual scams circulating right now. Scenarios match your context (gamers get gaming scams, grandparents get pension cons, security pros get APT incidents), so the lessons stick. Earn XP, unlock badges, climb the global leaderboard.
No credit card. No tracking. 30-second start.
MerLinn — your AI, your hardware, your data
✓ Ongoing · invite-onlyA locally-hosted, chat-first personal AI assistant built from scratch. Runs local open-weights models (Ollama) on the home server by default — no per-token billing, no conversations training someone else's model, no cloud lock-in. Optional Claude API fallback only when explicitly opted in per call.
Mirrors professional AI agent architecture — skills, sub-agents, tools, memory, hooks, MCP, permissions — so productivity tooling drops in unmodified. Includes an autonomous coding agent that runs the full UNDERSTAND → PLAN → SCAFFOLD → IMPLEMENT → TEST → DELIVER loop with approval gates.
Web UI works on every device, installs as a standalone PWA on iOS & Android with the lion-head logo on the home screen. Sessions auto-title themselves, transcripts persist locally, memory engine scores and decays "instincts" over time. Real persona system — knows your name, identifies as MerLinn, never as the underlying model.
Why "MerLinn"? A play on the Merlion and the Burmese word Linn (လင်း), meaning light or bright. It sounds like Merlin the wizard — the spelling is a nod to my dual identity as a Burmese in Singapore.
CTF Writeups & VAPT Portfolio
✓ 4 rooms · 13 findingsCurated CTF archive organised by primary skill. Each engagement ships five docs: README, writeup, beginner walkthrough, formal VAPT with CVSS 3.1 + MITRE ATT&CK, Q&A cheatsheet.
→ github.com/r3b3Lli0uskIDProxmox / Kali / n8n Lab
✓ Self-hosted · always onDell OptiPlex running Proxmox with Kali VM for pentest and malware analysis. n8n automation via Docker + Cloudflare Tunnel for secure remote access.
→ ongoingCorelan Heap Masterclass — Exploit Development
✓ CompletedProfessional heap-exploitation training: heap overflow, use-after-free, heap spray, Windows binary exploitation with WinDbg. Delivered under the REDFACE Research Programme.
→ verify credentialHealthcare IT Infrastructure
✓ SingHealth · MINDEF · ParkwayWindows Server 2008/2012/2019 (hardware + Hyper-V) for DICOM imaging. X-Ray, DR, CR, Ultrasound system deployments across Myanmar. Nessus scanning, OS hardening, PHI/HIPAA compliance.
→ career timeline below03Journey
Imaging IT Specialist
Parkway Hospitals Singapore
Managed critical radiology imaging infrastructure (Vue RIS/PACS, Infinitt CPACS) at 99% uptime. Supported secure rollout of clinical AI: Sensecare, Annalise, Teamplay. Authn/authz for 200+ radiology staff. DICOM transmission anomaly monitoring; patch management & vulnerability remediation.
IT Specialist (RIS/PACS) — ASEAN
Philips Enterprise Diagnostic Informatics — APAC
Mission-critical healthcare IT for tier-1 clients: SingHealth and Singapore MINDEF. Nessus vulnerability scans and Windows OS hardening for RIS/PACS servers. Root-cause analysis for complex imaging system failures.
IT Executive (RIS/PACS) — ASEAN
Carestream Health Singapore
RIS/PACS installation, L1/L2 support, and UAT management for radiology imaging systems.
Project Manager & Senior Service Engineer
Biz-Partner Group — Myanmar
Led healthcare IT deployments from kick-off through client acceptance. Medical imaging equipment (DR, CR, X-Ray, Ultrasound) with EMR/PACS integration.
04Certifications
Certified Ethical Hacker v13 (CEH)
Professional Certificate in Cybersecurity