Yi Hao Wong

Infrastructure Engineer, DSTA

Hello! Welcome to my website. 🙂

This website primarily serves as my Information Security blog, which aims to document my cybersecurity learning journey.

Here, you’ll find my write-ups for CTF problems that I have attempted, as well as cybersecurity notes that I’ve compiled for my own use and learning.

What have I been up to?

Because of school & extracurricular commitments, I have not been the most active as of late.

Nevertheless, here are some interesting activities that I have done recently:

Cloud Security Engineering Internship

I embarked on a short internship in Summer 2025 to focus on security engineering on AWS. This project required me to build a secure data perimeter, and demonstrate its efficacy through a simple proof of concept.

Secure Software Engineering Project

As part of my curriculum’s capstone project, I was part of a team that built a secure banking application. Given my prior experiences and knowledge, I served as the team’s cloud architect & engineer, as well as the DevSecOps engineer. This project was an interesting application of the knowledge that I have acquired thus far through my various internships, and has absolutely reaffirmed my keenness and interest in these aspects of cybersecurity.

Web Application Penetration Testing Project

I had the privilege of conducting a web application penetration test on an internal web application belonging to a University stakeholder. As I came into this project with minimal experience in web application penetration testing, I took it upon myself to extensively self-study as much as I could using the PortSwigger Academy & Labs.

Through this project, I managed to discover a few findings (such as a stored XSS and blind SSRF), which I am quite happy with, given my relative inexperience in red-teaming as a whole. Overall, I feel that this experience has made me more interested in bug bounties and penetration testing.

My plans

Aside from pursuing certifications and courses relevant to my current line of work, I would also like to try and achieve the following:

  1. AWS certifications/re-certifications (as my current certifications are due to expire in 2026).

  2. Getting my OSCP (finally…!).

  3. Exploring bug bounties and web application penetration testing further.

  4. Trying out some malware development/analysis projects (this will require more knowledge and exploration of the Windows API, as well as C++/C#).