Hatomoyo's Home

About

Thanh Sơn — a final year student majoring in Cybersecurity at HUFLIT. With a passion for exploring and solving security challenges, focus on malware analysis, network defense, incident response and cloud security.

Regularly update knowledge by monitoring vulnerabilities (CVEs), participating in CTF competitions and practicing skills on platforms like rootme, TryHackMe to enhance hands-on experience.

English proficiency: Upper-Intermediate (B2) — able to read technical documents and write specialized reports in English.

GitHub Notion LinkedIn GPA: 3.4/4.0 IELTS 6.5

Technical Skills

Security & Defense

Network Security: IDS/IPS (Suricata), Firewall (pfSense), VLAN, Packet Analysis (Wireshark)
SIEM: Deploying and fine-tuning Wazuh, building detection rules, monitoring logs
Endpoint Security: System hardening, Squid Proxy, Windows GPO

Malware Analysis & RE

Malware Analysis: Static & Dynamic Analysis, IOC Extraction, Behavioral Analysis
Reverse Engineering: Using Binary Ninja, Ghidra for disassembly and code analysis
Forensics: Memory and disk investigation, system monitoring with Sysinternals

Cloud & Container Security

Kubernetes: Hardening, NetworkPolicy, RBAC, Ingress, Velero backup, MinIO
Containerization: Docker image security, container management best practices
Cloud Platforms: Basic knowledge of AWS, Azure security principles

Programming & Automation

Languages: Python (Scripting, Automation), Java (Networking), Bash
Cryptography: Understanding and applying AES, RSA, SHA for encryption and digital signatures
Tooling: Building small tools for analysis and testing (Scapy, Netty)

Featured Projects

Endpoint Security & LAN Defense System

Building a secure enterprise LAN model, combining multi-layer security solutions to monitor, detect and prevent threats

Network Design & Segmentation (VLANs) for departments, isolating traffic flows
Deploying pfSense Firewall with strict rule sets
Integrating Suricata (IDS/IPS) for monitoring and writing custom rules to detect attack behaviors
Installing Wazuh (SIEM) for security monitoring and collecting detailed logs from endpoint devices

Platform & Technologies:

pfSense
Suricata
Wazuh
Squid Proxy
GPO
VLANs
GNS3
VMWare
Kali Linux

Demo

Web Application Deployment on Kubernetes

Deploying a complete WordPress website system on a Kubernetes cluster, applying security solutions, sustainable storage, and backup/recovery

Built a complete Kubernetes cluster consisting of 1 Master Node and 2 Worker Nodes
Deployed WordPress & MariaDB with sustainable storage through PersistentVolumes (PV/PVC)
Secured the system using Kubernetes Secrets, Ingress Controller, and HTTPS configuration
Implemented a comprehensive Backup & Recovery solution using Velero and MinIO, successfully executing data recovery scenarios

Platform & Technologies:

Kubernetes
Docker
Minikube
Velero
MinIO
Calico
Nginx Ingress
Helm
YAML

Demo

Bluetooth Security Research Lab

Analyzing and practicing attacks on Bluetooth security vulnerabilities in real-world environments, simulating control takeover techniques and sending malicious messages

Set up the attack environment on Kali Linux with specialized tools
Successfully executed Bluejacking attack, sending virtual business cards (.vcf) to the target device using `obexftp` and `obexfs`
Executed BlueDucky attack, creating custom payloads to simulate keyboard input, take control, and open the victim's web browser

Platform & Technologies:

Kali Linux
Python
bluetoothctl
hcitool
obexftp
obexfs
BlueDucky

Demo

Encrypted Communication Channel with Java Netty

Building a secure Client-Server system, applying hybrid encryption techniques (AES & RSA) and digital signatures to authenticate users and protect data

Implemented hybrid encryption protocol: AES-CBC for data encryption and RSA for secure key exchange
Integrated digital signature SHA256withRSA to ensure integrity and authenticity of client
Built high-performance non-blocking server using Netty framework
Developed Client UI (JavaFX) and real-time system monitoring Dashboard via REST API (SparkJava)

Platform & Technologies:

Java
Netty
JavaFX
SparkJava
SQLite
AES/RSA
SHA256withRSA

Source

Practical Experience

Malware Analysis & Reverse Engineering: Experienced in using disassemblers (Binary Ninja, Ghidra) to analyze Assembly code, convert it to pseudocode, identify malicious functions, extract strings, and create YARA rules for pattern detection
Dynamic Analysis & Sandbox: Practiced malware analysis in isolated environments, recording and analyzing process activities, file access, network connections, and registry changes to build detailed behavior profiles
Network Defense System Development: Deployed and configured pfSense firewall, segmented networks using VLANs to isolate network zones. Fine-tuned IDS/IPS rules on Suricata to detect attack patterns and reduce false positives
Security Monitoring (SIEM): Integrated Wazuh agent on endpoints, developed and customized detection rules based on system logs, application logs Focused on aggregating and normalizing logs to provide accurate alerts.
Cloud & Kubernetes Security: Applied least-privilege principles through RBAC, enforced NetworkPolicy to control traffic flow. Configured Ingress with TLS and implemented data backup/recovery strategies