$cat /profile/about.txt

About

Profile — background, expertise, and approach

/profile/about.txt — read-only
operator@ax-security:~$cat /profile/about.txt

Au Yi Xian is a senior-level penetration tester with strong experience across offensive security, vulnerability research, and application security assessments.

He specializes in identifying real-world security weaknesses across web applications, mobile applications, cloud environments, thick client applications, kiosk & lockdown environments, source code, APIs, wireless networks, and enterprise systems.

He approaches every engagement with the mindset of a real-world attacker, identifying exploit chains that automated tools consistently miss — from authentication bypass to privilege escalation to AI/ML model manipulation.

His approach combines practical exploitation knowledge, OWASP methodology, CREST-aligned testing practices, CVSS v3.1 / CVSS 4.0 risk scoring, and strong reporting discipline that communicates impact to both technical and executive audiences.

Location: SingaporeGitHub: github.com/yixian96LinkedIn: au-yi-xian
EOF
2+
Years Experience
9
Certifications
8+
Security Domains
100+
Targets Pwned
Offensive Security

CREST-aligned penetration testing across web, mobile, cloud, and thick client applications using industry-standard methodologies.

AI/ML Security

Prompt injection, LLM abuse testing, RAG poisoning, model threat modeling, and AI agent authorization bypass.

Reporting Discipline

Clear, actionable security reports with CVSS v3.1 / CVSS 4.0 scoring, business impact analysis, and developer-friendly remediation guidance.

$ls /vault/credentials --decrypt

Credentials Vault

Verified certifications — hover to authenticate

$vault --status● UNLOCKED|9 credentials loaded
Offensive Security(3 certificates)
OSWE
Offensive Security Web Expert
Offensive Security
$ verify --cert OSWE
status: validated
issuer: Offensive Security
trust: ● VERIFIED
OSCP+
OS Certified Professional Plus
Offensive Security
$ verify --cert OSCP+
status: validated
issuer: Offensive Security
trust: ● VERIFIED
OSCP
OS Certified Professional
Offensive Security
$ verify --cert OSCP
status: validated
issuer: Offensive Security
trust: ● VERIFIED
CREST Certifications(2 certificates)
CRT
CREST Registered Penetration Tester
CREST
$ verify --cert CRT
status: validated
issuer: CREST
trust: ● VERIFIED
CPSA
CREST Practitioner Security Analyst
CREST
$ verify --cert CPSA
status: validated
issuer: CREST
trust: ● VERIFIED
Specialized Security(2 certificates)
CKBPro
Certified Kiosk Breakout Professional
The SecOps Group
$ verify --cert CKBPro
status: validated
issuer: The SecOps Group
trust: ● VERIFIED
C-AI/MLPen
Certified AI/ML Pentester
The SecOps Group
$ verify --cert C-AI/MLPen
status: validated
issuer: The SecOps Group
trust: ● VERIFIED
Enterprise / Platform(2 certificates)
CEH
Certified Ethical Hacker
EC-Council
$ verify --cert CEH
status: validated
issuer: EC-Council
trust: ● VERIFIED
Workday Extend
Workday Extend Certified
Workday
$ verify --cert WD-Extend
status: validated
issuer: Workday
trust: ● VERIFIED
$nmap --attack-surface --enumerate all

Security Testing Capabilities

Comprehensive offensive security testing across all attack surfaces

Web Application VAPT

  • OWASP Top 10 testing
  • Authentication & authorization bypass
  • Business logic exploitation
  • API security testing
  • Injection flaws (SQLi, NoSQLi, XXE)
  • Session management review
  • XSS / CSRF / SSRF / IDOR / RCE
  • JWT & OAuth vulnerabilities
  • CORS misconfiguration
ACTIVE

Mobile Application VAPT

  • Android security testing
  • iOS security testing
  • Runtime analysis with Frida
  • Reverse engineering (JADX/MobSF)
  • Root / jailbreak detection bypass
  • Sensitive data storage review
  • API traffic interception (Burp)
  • Deep link & intent exploitation
  • Certificate pinning bypass
ACTIVE

Source Code Review

  • Manual secure code review (SAST)
  • Authentication & authorization review
  • Input validation analysis
  • Cryptographic implementation review
  • Insecure deserialization review
  • Dangerous function identification
  • Business logic flaw detection
  • Secret / credential exposure
  • Semgrep ruleset analysis
ACTIVE

Cloud VAPT

  • AWS security assessment
  • IAM privilege escalation review
  • S3 bucket permission analysis
  • Network exposure mapping
  • Security group misconfiguration
  • Logging & monitoring gaps
  • Cloud misconfiguration testing
  • Secrets management review
  • Container security (Docker/K8s)
ACTIVE

Thick Client Testing

  • Local storage & registry review
  • Binary reverse engineering
  • Traffic interception (Burp/Wireshark)
  • Authentication flow analysis
  • Hardcoded credential detection
  • Memory analysis
  • DLL hijacking review
  • Anti-tampering bypass
ACTIVE

Reverse Engineering

  • Static analysis (Ghidra / IDA)
  • Dynamic analysis & debugging
  • Binary & PE inspection
  • APK analysis (JADX / MobSF)
  • Runtime instrumentation (Frida)
  • Logic bypass analysis
  • Obfuscation deobfuscation
  • Malware behavior analysis
ACTIVE

WiFi Penetration Testing

  • Wireless encryption assessment
  • Rogue AP / Evil Twin simulation
  • WPA/WPA2 cracking
  • PMKID attack
  • Deauthentication testing
  • Network segmentation review
  • Client isolation bypass
ACTIVE

Kiosk / Lockdown Breakout

  • Kiosk escape & lockdown bypass
  • Application restriction evasion
  • Keyboard shortcut exploitation
  • Task manager & process escalation
  • Accessibility feature abuse (Sticky Keys)
  • Virtual keyboard exploitation
  • Registry & group policy bypass
  • Multi-monitor display manager escape
  • DLL hijacking in restricted environments
ACTIVE

AI/ML Security Testing

  • Prompt injection (direct & indirect)
  • LLM jailbreaking techniques
  • Model behavior manipulation
  • AI application threat modeling
  • RAG poisoning & context injection
  • Data leakage via model output
  • AI agent authorization bypass
  • AI supply chain security
ACTIVE
$cat /methodology/engagement_flow.sh

Testing Methodology

Structured engagement lifecycle — from reconnaissance to validated remediation

01

Reconnaissance

COMPLETE

Passive and active information gathering — OSINT, asset discovery, technology fingerprinting, and attack surface enumeration.

02

Threat Modeling

COMPLETE

STRIDE analysis, trust boundary mapping, data flow diagramming, and risk prioritization based on asset criticality.

03

Attack Surface Mapping

COMPLETE

Comprehensive enumeration of entry points — APIs, authentication flows, file upload handlers, and parameter analysis.

04

Vulnerability Discovery

EXECUTING

Manual testing combined with automated scanning — prioritizing business logic, authorization, and injection vulnerabilities.

05

Exploitation Validation

EXECUTING

Proof-of-concept development to confirm exploitability, assess real-world impact, and identify exploit chain opportunities.

06

Risk Assessment

PENDING

CVSS v3.1 / CVSS 4.0 scoring, business impact analysis, exploitability assessment, and prioritization for remediation.

07

Reporting

PENDING

Executive summary and technical detail — clear findings with reproduction steps, screenshots, and business context.

08

Remediation Advisory

PENDING

Developer-friendly guidance with code examples, secure configuration references, and library-specific recommendations.

09

Validation Testing

PENDING

Re-testing verified fixes, regression testing of adjacent functions, and confirmation of remediation effectiveness.

$frameworks --list
OWASP WSTGOWASP ASVSOWASP MASOWASP API Top 10PTESCREST MethodologyMITRE ATT&CKCVSS v3.1 / 4.0
$ philosophy --read

Validate every finding before reporting — no false positives.

Think like an attacker, report like a consultant.

Exploit chains amplify low-severity findings.

Business impact matters more than technical severity alone.

Remediations must be developer-friendly and actionable.

$ standards --active
CVSS:v3.1 / 4.0 scoring
Risk:Critical/High/Med/Low
Reports:Technical + Executive
Retest:Included by default
$ls /archive/cases --decrypt --all

Decrypted Case Files

Classified engagement archive — click to expand file contents

ARCHIVE STATUS: DECRYPTED|5 case files loaded|AES-256-GCM
CASE-0x001
CONFIDENTIAL

Web Application VAPT

Offensive Security
OWASP Top 10API SecurityAuth Bypass
read file
CASE-0x002
CONFIDENTIAL

Mobile Application VAPT

Offensive Security
AndroidiOSFridaReverse Engineering
read file
CASE-0x003
RESTRICTED

Source Code Review

Security Review
SASTManual ReviewSemgrep
read file
CASE-0x004
CONFIDENTIAL

Cloud Security Assessment

Infrastructure Security
AWSIAMS3Misconfiguration
read file
CASE-0x006
RESTRICTED

Thick Client Assessment

Offensive Security
Reverse EngineeringBinary AnalysisDLL Hijack
read file
$contact --init --secure

Establish Secure Channel

Encrypted communication channels — select your preferred method

secure_channel.sh — initializing
$ contact --init
[ OK ] Secure channel interface loaded
LinkedIn: ............. connected
GitHub: ............... available
Email: ................ ready
[ OK ] All channels operational
$
LinkedIn
@au-yi-xian-5a871b121
CONNECTED

Connect for professional enquiries, consulting, and project collaborations.

GitHub
@yixian96
AVAILABLE

View public repositories, tools, and open source security projects.

Email
@Secure contact channel
READY

For confidential enquiries, vulnerability disclosures, and consulting requests.

$ status --availability

Currently available for security consulting, penetration testing engagements, and technical leadership opportunities.

Web VAPTMobile VAPTCloud AssessmentSource Code ReviewAI/ML Security

© 2025 Au Yi Xian — Senior Penetration Tester

Built with Next.js · TypeScript · TailwindCSS · Framer Motion

GitHub·LinkedIn