Author Image

Hi, I am Nitel Phyoe

Phyo Zin Khant

Offensive Security Engineer (Ex-Full Stack)

I am an Offensive Security Engineer with a background in full-stack software development, combining strong programming foundations with practical penetration testing expertise. I began my career building web applications at IrraHub Co., Ltd., where I developed production systems and gained deep insight into how modern applications are designed and secured.

Driven by a passion for cybersecurity, I transitioned into offensive security and pursued hands-on training through platforms such as TryHackMe and Hack The Box. I earned the Practical Junior Penetration Tester (PJPT) and the HTB Certified Penetration Testing Specialist (CPTS), demonstrating practical skills in network penetration testing, Active Directory exploitation, privilege escalation, and full attack-chain compromise.

My technical focus includes Active Directory security, internal network penetration testing, privilege escalation, and red team methodologies. I actively sharpen my skills through lab environments, Capture-the-Flag challenges, and independent research while preparing for the Offensive Security Certified Professional (OSCP).

I am passionate about offensive security, continuous learning, and sharing knowledge through technical write-ups and community engagement.

HackTheBox Certified Penetration Testing Specialist (HTB CPTS)
Pritical Junior Penetration Tester (PJPT)
Analytical Thinking
Problem Solving
Continuous Learning
Professional Ethics

Skills

Active Directory
Active Directory

Experience with AD enumeration, privilege escalation, lateral movement, and common attack paths in lab environments.
Web Application Security
Web Application Security

Familiar with OWASP Top 10 vulnerabilities, manual testing techniques, and exploitation fundamentals.
Penetration Testing
Penetration Testing

Hands-on experience through TryHackMe and Hack The Box using structured testing methodologies.
Burp Suite
Burp Suite

Web traffic interception, vulnerability testing, and manual exploitation.
Nmap
Nmap

Network scanning, service enumeration, and attack surface discovery.
Metasploit
Metasploit

Basic exploitation and post-exploitation techniques in controlled lab environments.
Hashcat
Hashcat

Password cracking and hash analysis for credential auditing in controlled lab environments.
NetExec (CrackMapExec)
NetExec (CrackMapExec)

Post-exploitation framework for Active Directory enumeration and lateral movement testing.
BloodHound
BloodHound

Active Directory attack path analysis and privilege escalation mapping.
PowerView
PowerView

PowerShell-based Active Directory enumeration and reconnaissance.
Certipy
Certipy

Active Directory Certificate Services (AD CS) enumeration and exploitation techniques.
BloodyAD
BloodyAD

Active Directory object manipulation and privilege escalation in lab environments.
Python
Python

Used for scripting, automation, and security tooling.
JavaScript
JavaScript

Experience in front-end and back-end web development.
Java
Java

Object-oriented programming and backend development fundamentals.
C / C++
C / C++

Strong understanding of low-level programming concepts and memory management fundamentals.
Flutter
Flutter

Cross-platform mobile application development.
Linux
Linux

Primary environment for development and security testing. Comfortable with CLI and shell scripting.
Windows
Windows

Understanding of Windows architecture and Active Directory environments.
Git
Git

Version control using GitHub and GitLab workflows.

Experiences

1
IrraHub Co., Ltd.

Feb 2019 - Dec 2019

Yangon, Myanmar

IrraHub is a technology solutions company dedicated to bridging the gap between people and businesses through innovative digital platforms. Positioned as a comprehensive IT partner, IrraHub delivers scalable, modern software solutions tailored to meet the evolving needs of SMEs and enterprises across Southeast Asia.

Software Engineer

Feb 2019 - Dec 2019

Responsibilities:
  • Coordinated cross-disciplinary teams of 10+ members to deliver complex projects and utilizing at web applications and mobile applications resulting in a 20% reduction in project delivery time and app performance by 40%.
  • Collaborated with security teams to implement secure coding practices in React.js and Node.js, reducing the attack surface of web applications.
Self-Employed / Project Based.

Jan 2020 - Jan 2023

Remote

Freelance Full-Stack Developer

Jan 2020 - Jan 2023

Responsibilities:
  • Developed and delivered web and mobile applications for clients using React.js, Node.js, and React Native.
  • Built and maintained large-scale project features under tight deadlines for clients including Telco Myanmar Group, working within cross-functional remote teams.
2

Education
European Internation University(EIU-Paris)
2023-2024
Bachelor of Science in Information Technology
GPA: 3.3 out of 4
University of Computer Studies, Yangon
2016-2019
3rd Year Bachelor of Computer Science
Seojeong University
2023-2025
Associate Degree of Business Administration
CGPA: 3.5 out of 4

Recent Posts

Hero Image
Job — VulnLab Writeup

Job is a medium-difficulty Windows machine on VulnLab. The attack chain involves crafting a malicious LibreOffice macro sent via SMTP to gain an initial foothold, then escalating to SYSTEM by abusing SeImpersonatePrivilege with GodPotato.
Monday, March 23, 2026 | 4 minutes Read
Hero Image
Cicada — HackTheBox Writeup

An easy-rated HTB Active Directory machine. The attack chain involves SMB guest enumeration, RID brute-forcing, password spraying, LDAP dumping, and finally abusing SeBackupPrivilege to extract the Administrator hash.
Monday, January 12, 2026 | 3 minutes Read
Hero Image
Media - VulnLab Writeup

Exploiting a .wax file upload to steal NTLMv2 credentials, then escalating privileges via SeImpersonate using GodPotato on a Windows target.
Sunday, January 11, 2026 | 3 minutes Read