Than Htet (Ivan) · Cybersecurity Professional

case studies

01CTF Writeups

Kernel Blackout

Windows kernel-mode rootkit that hides a process from user-mode enumeration. DKOM unlink of EPROCESS.ActiveProcessLinks, manual-mapped via kdmapper. Sixteen driver iterations documented.

C / Kernel WDK DKOM kdmapper

→ full writeup

THM · DFIR medium

Static analysis of a multi-stage PowerShell loader. EVTX ScriptBlock (4104) extraction, RC4 + AES-256-CBC C2 decryption with double-base64 encoding, full operator command transcript recovered from pcap.

tshark RC4 / AES EVTX pycryptodome

→ full writeup

THM · Win PrivEsc medium

HackPark

✓ NT AUTHORITY\SYSTEM

Exploited CVE-2019-6714 (BlogEngine.NET 3.3.6 RCE) via Metasploit. Escalated to SYSTEM using insecure scheduled task discovered via WinPEAS. Full VAPT report with CVSS 3.1.

Metasploit WinPEAS CVE-2019-6714 Hydra

→ full writeup

THM · Linux PrivEsc medium

Mr. Robot

✓ root@mrrobot — 3/3 keys

Black-box pentest of a WordPress server. Chained WPScan brute force → theme editor RCE → MD5 hash cracking → SUID nmap privesc to root. Full VAPT report.

nmap WPScan hashcat SUID

→ full writeup

projects

02Works

Public beta · v2.1 · ASEAN · APAC · Global

CyberGuard — cybersecurity training that feels like a game

✓ cyberguard.ivanthan.uk

Play through 100+ real scams from 13 countries. Five adaptive skill tiers — from password basics to APT defense. Built for everyone from kids to security professionals.

During community beta

Pick your skill tier — Kids, Teens, Adults, Seniors, or Expert — and play through missions built from actual scams circulating right now. Scenarios match your context (gamers get gaming scams, grandparents get pension cons, security pros get APT incidents), so the lessons stick. Earn XP, unlock badges, climb the global leaderboard.

No credit card. No tracking. 30-second start.

JavaScript Supabase Cloudflare Pages Game Design Live ✓

→ play free at cyberguard.ivanthan.uk Portfolio archive

CTF Writeups & VAPT Portfolio

✓ 4 rooms · 13 findings

Curated CTF archive organised by primary skill. Each engagement ships five docs: README, writeup, beginner walkthrough, formal VAPT with CVSS 3.1 + MITRE ATT&CK, Q&A cheatsheet.

VAPT CVSS 3.1 MITRE ATT&CK

→ github.com/r3b3Lli0uskID

Home lab

Proxmox / Kali / n8n Lab

✓ Self-hosted · always on

Dell OptiPlex running Proxmox with Kali VM for pentest and malware analysis. n8n automation via Docker + Cloudflare Tunnel for secure remote access.

Proxmox Kali Docker

→ ongoing

Training · Jan 2026

Corelan Heap Masterclass — Exploit Development

✓ Completed

Professional heap-exploitation training: heap overflow, use-after-free, heap spray, Windows binary exploitation with WinDbg. Delivered under the REDFACE Research Programme.

Heap Exploitation WinDbg Assembly

→ verify credential

11 years

Healthcare IT Infrastructure

✓ SingHealth · MINDEF · Parkway

Windows Server 2008/2012/2019 (hardware + Hyper-V) for DICOM imaging. X-Ray, DR, CR, Ultrasound system deployments across Myanmar. Nessus scanning, OS hardening, PHI/HIPAA compliance.

DICOM / HL7 Nessus Hyper-V

→ career timeline below

career

03Journey

Sep 2023 — Sep 2025

Imaging IT Specialist

Parkway Hospitals Singapore

Managed critical radiology imaging infrastructure (Vue RIS/PACS, Infinitt CPACS) at 99% uptime. Supported secure rollout of clinical AI: Sensecare, Annalise, Teamplay. Authn/authz for 200+ radiology staff. DICOM transmission anomaly monitoring; patch management & vulnerability remediation.

Aug 2019 — Apr 2022

IT Specialist (RIS/PACS) — ASEAN

Philips Enterprise Diagnostic Informatics — APAC

Mission-critical healthcare IT for tier-1 clients: SingHealth and Singapore MINDEF. Nessus vulnerability scans and Windows OS hardening for RIS/PACS servers. Root-cause analysis for complex imaging system failures.

Nov 2018 — Jul 2019

IT Executive (RIS/PACS) — ASEAN

Carestream Health Singapore

RIS/PACS installation, L1/L2 support, and UAT management for radiology imaging systems.

Feb 2015 — Sep 2018

Project Manager & Senior Service Engineer

Biz-Partner Group — Myanmar

Led healthcare IT deployments from kick-off through client acceptance. Medical imaging equipment (DR, CR, X-Ray, Ultrasound) with EMR/PACS integration.

credentials

04Certifications

In Progress

Certified Ethical Hacker v13 (CEH)

EC-Council · 2025–Present

Completed

Professional Certificate in Cybersecurity

MAGES Institute of Excellence · Sep 2025 – Apr 2026

Completed

Heap Masterclass — Exploit Development

Corelan × REDFACE Research · Jan 2026

→ verify credential

Completed

Microsoft Certified Professional (MCP)

SQL Database Administration · Microsoft

Completed

MTA Windows Server Administration

Microsoft

let's talk

05Contact

Looking for a junior security analyst or penetration tester who brings 11 years of healthcare-IT discipline into offensive work? Let's talk.

ivan@ivanthan.uk→ LinkedIn↗ GitHub↗ TryHackMe↗ Resume→

(Ivan)

01CTF Writeups

Kernel Blackout

Masquerade

HackPark

Mr. Robot

02Works

CyberGuard — cybersecurity training that feels like a game

CTF Writeups & VAPT Portfolio

Proxmox / Kali / n8n Lab

Corelan Heap Masterclass — Exploit Development

Healthcare IT Infrastructure

03Journey

Imaging IT Specialist

IT Specialist (RIS/PACS) — ASEAN

IT Executive (RIS/PACS) — ASEAN

Project Manager & Senior Service Engineer

04Certifications

Certified Ethical Hacker v13 (CEH)

Professional Certificate in Cybersecurity

Heap Masterclass — Exploit Development

Microsoft Certified Professional (MCP)

MTA Windows Server Administration

05Contact