CHW Cybersecurity Blog and Portfolio

Welcome to CHW World

A party engineer named CHW (ID: chw41) specializing in Web Security, Penetration Testing, and Red Teaming.

Currently an active member of the CTF teams 竹狐 (TakeKitsune) and i'm downQQ , and a second-cohort Master’s graduate of is1ab (Information Security Laboratory).

Holds OSWA, OSCP+ certifications.

GitHub Contribution Snake

Work Experience

ABP Securite
Solution Engineer
Dec. 2025 – Current
Cymetrics
Security Research Engineer Intern
Sep. 2024 – Jan. 2025
TSMC
IT Security Engineer Intern
Jul. 2024 – Aug. 2024
Yougood tech.
Full-stack Developer (Project)
Sep. 2023 – Mar. 2024
Dynasafe
Cyber Security Engineer
Aug. 2024 – Aug. 2023
Artjoin Gallery
Full-stack Developer (Project)
Feb. 2022 – Jul. 2022

[OSWE, WEB-300] Instructional notes - Part 1

OSWA WEB-300 筆記 Part 1,涵蓋 Managed .NET Code, Decompiling Java Classes 教學、ManageEngine AMUserResourceSyncServlet servlet SQLi 攻擊。

2026-03-09 · 26 min · 5437 words · CHW

[AI] Penetration Testing Notes: Recon, Web, Privilege Escalation, AD, and Pivoting

Penetration testing notes by CHW covering reconnaissance, enumeration, web exploitation, privilege escalation, Active Directory, tunneling, and practical labs.

2026-02-28 · 3 min · 496 words · CHW

[AI] Red Team Notes: OPSEC, Lateral Movement, AD Persistence, and Operator Workflow

Red team notes by CHW covering OPSEC, lateral movement, Active Directory persistence, credential attacks, pivoting, and operator-focused offensive workflows.

2026-02-28 · 3 min · 445 words · CHW

[AI] Web Security Notes: Web Recon, XSS, SSTI, SSRF, IDOR, and Exploitation Cases

Web security notes by CHW covering web reconnaissance, XSS, SSTI, SSRF, IDOR, exploitation workflows, and practical offensive security labs.

2026-02-28 · 3 min · 555 words · CHW

[OSWA, WEB-200] Instructional notes - Part 2

OSWA WEB-200 筆記 Part 2,聚焦 SSTI、command injection、SSRF、IDOR 與常見 Web 漏洞重點。

2026-02-05 · 24 min · 5072 words · CHW
Read more →