Koh You Liang

Application/Game Security Engineer

Hailing from the lively city of Singapore, You Liang is a dedicated and resourceful individual with a keen interest in technology. Graduating with an Environment and Information Studies degree from Keio University, You Liang had the opportunity to develop a skillset under the guidance of Jun Murai and Keiji Takeda in the esteemed WIDE Project’s Internet Research Lab. With a modest yet noteworthy background, You Liang started as a Security Engineer at LINE, combating cyber threats. Later, a position was embraced as a Team Lead in a startup, where guidance was provided to a group of enthusiastic engineers. Expanding horizons, You Liang explored the consulting world as an end-to-end consultant in PwC Japan’s Red Team. Currently, as a Senior Deputy Manager, responsibilities include diligently conducting hands-on workshops, ensuring the safety and enhancement of security processes for all 96 subsidiaries, and remaining up-to-date with the latest threat intelligence. There’s more to You Liang than meets the eye. With a genuine curiosity for life, interests span across various activities – from discovering new places and dabbling in music composition to experiencing adrenaline-fueled extreme sports. Embark on a journey to uncover the multifaceted world of You Liang and find inspiration along the way!

Location
Setagaya-ku, Tokyo, Japan
Email
LinkedIn
kohyouliang

Experience

present

Founder & CEO at Isopach Pte. Ltd.

Proactively defending our clients’ networks, applications, and data.

Highlights

  • VAPT / Social Engineering / Source Code Audit
  • Consulting

present

Senior Deputy Manager at Sompo Holdings Inc.

SOMPO Holdings, Inc. is a Japanese insurance holdings company. It is listed on the Nikkei 225. The firm is considered one of three top insurers in Japan.

Highlights

  • Red Team Lead
  • Security Workshops / Tech Talks / Lead Penetration Tests / Vulnerability Research

Senior Associate at PwC Japan

The PwC Japan Group is the collective name for the member firms of the PwC global network and their affiliates in Japan.

Highlights

  • Application/Mobile/API Pentesting and Vulnerability Assessments for clients
  • Red Team

present

Security Researcher at Synack Red Team

The Synack Red Team is a private freelance security research team that provides web application, mobile application, and host infrastructure penetration testing engagements.

Highlights

  • Web Application and Host Infrastructure Pentesting

Security Team Lead at 3-shake Inc.

3-shake provides real-time big data processing and ad-tech platform services, armed with infrastructure layer technology.

Highlights

  • Application/Network/Infrastructure Pentesting and Vulnerability Assessments for clients
  • Mobile Vulnerability Scanner Development
  • Training engineers on security practices and skillsets

Application/Game Security Engineer at LINE Corporation

Line Corporation (stylized as LINE Corporation) is a Tokyo-based subsidiary of the South Korean internet search engine company Naver Corporation.

Highlights

  • Internal security pentesting and risk assessments, doing both Blackbox and Whitebox testing
  • Developed CI tool for automatic scanning of binaries on build
  • Bug bounty report reviewing, PR recruitment support
  • Reverse engineering of third-party cheat tools to prevent cheats and ban players

Volunteer

Student Leader at AcademyCamp

I volunteered as a student leader during the 3 days 2 nights Fukushima camp for middle and high school students. I met student leaders of various countries, who also wholeheartedly aspire to serve society. We learned a lot from guiding and exchanging our experiences with both the Japanese and Vietnamese students despite the generation gap and language barriers.

Highlights

    International Volunteer at Ashinaga

    I was an international student volunteer at the Tsudoi program, which lasted 2 weeks. I shared with them my experiences with different countries and my life experiences.

    Highlights

      Education

      present

      Master in Media and Governance from Keio University with GPA of 3.6

      Courses

      • Cyber Informatics
      • Cybersecurity Law
      • Scanner Testing False Positive Rate Correlation to Vulnerability Type

      Bachelor in Information Technology from Keio University with GPA of 3.4

      Courses

      • Cyber Security
      • Economics

      Awards

      3rd at Cyber SEA Games 2021 from SEA Games

      Representing Singapore in the Cyber Southeast Asian Games

      Arena International Master from Fédération Internationale des Échecs

      International Master issued by FIDE Arena. Certificate

      73rd at HTB Business CTF 2021 from Hack The Box

      As captain of the PwC CTF Team. Certificate

      21st at Hack-A-Sat 2 Qualifiers from US Air Force and Department of Defense

      As part of Tea MSG

      35th at FAUST CTF 2021 from FAU Erlangen-Nürnberg

      As part of CTF.SG in our first Attack-Defense CTF.

      36th at DEF CON CTF Qualifier 2021 from Order of the Overflow

      As part of Tea MSG

      5th at STACK the Flags from GovTech Singapore

      As part of the 4-man team IPhone XS. Certificate

      18th at Hack-A-Sat Qualifiers from US Department of Defense

      As part of CTF.SG.

      Finalist at ISITDTU CTF from Duy Tân University

      As part of a 4-man team in OpenToAll.

      Winner at Red Alert ICS CTF from NSHC and PwC Japan

      As part of CTF.SG.

      2nd at OpenCTF from Neg9

      As part of OpenToAll.

      Finalist at BCTF from DEFCON China

      As part of OpenBlue (OpenToAll + PerfectBlue).

      Writeups

      CVE-2022-46330 by Me

      LPE in Installers generated by Squirrel.Windows

      CVE-2021-33897 by Me

      Denial of Service due to Improper Path Handling in Synthesia

      CVE-2021-4144 by Me

      TP-Link TL-WR802N Command Injection Exploit

      CVE-2021-4144 by Me

      TP-Link TL-WR841N Command Injection Exploit

      Bachelor Thesis by Research Gate

      Analysis of Potentially Harmful Apps displaying Malware-like behavior on Android.

      References

      Koh-san is a skilled security engineer who is open and easy to talk to. I have worked with him for a long time, both when we both were students, as members on the same team and as his team leader. He has exceptional problem solving skills, is easy to ask for help, and learns quickly. His ability to think outside the box and offer new insights are extremely valuable. He is an exceptional engineer and it has always been a pleasure working with him. I would highly recommend it!

      Robin Lunde

      Languages

      English
      Fluency: Native speaker
      Japanese
      Fluency: Native speaker
      Mandarin Chinese
      Fluency: Business level

      Skills

      Web Application Security (OSWE, Burp Suite Certified Practitioner)
      Level: Master
      Keywords:
      • Risk Assessment
      • Pentesting
      • Bug Bounty
      Penetration Testing (OSCP, CRTE)
      Level: Master
      Keywords:
      • Red Team
      • Ransomware analysis
      Game Security
      Level: Intermediate
      Keywords:
      • ML Analysis on Cheat Detection
      • Anti-cheat Obfuscation
      Automation
      Level: Intermediate
      Keywords:
      • Mobile Vulnerability Scanner
      • CI/CD Integrations
      • Fuzzers

      Interests

      World Travel
      Keywords:
      • Airplanes
      • Photography
      Extreme Sports
      Keywords:
      • Boundering
      • Skydiving
      • Snowboarding

      © 2020-2023. All rights reserved.