PwnedProof by Ilyssa

WELCOME

TIME UNTIL DATA DELETION

47:59:58

Portfolio Navigation

Encrypted Vault → Academic Background

Stolen Credentials → Professional Credentials

Leaked Files → Published Articles

Exploit Kit → GitHub Repositories

Breach Records → Work History

Malware Variants → Academic Contributions

Covert Operations → Volunteer Work

Pay Ransom → Get In Touch

THREAT ORIGIN: MALAYSIA

About The Operator

Hi, I'm Ilyssa Yap, a cybersecurity enthusiast and aspiring professional from Malaysia, currently pursuing my undergraduate studies in Cybersecurity at Purdue University in West Lafayette. I'm deeply involved in the cybersecurity community as the founder of PwnedProof and a community manager at Nearshore Cyber, and I contribute to research as an undergraduate assistant focusing on Industrial Control Systems (ICS) penetration testing and deepfakes.

I hold ISC² Certified in Cybersecurity and Microsoft SC-900 certifications, and my work focuses on penetration testing, incident response, and threat intelligence. I'm passionate about developing innovative solutions that have a real-world impact and building a strong portfolio of practical, hands-on cybersecurity projects.

I am fluent in English, Chinese, Cantonese, and Malay at a native level, and have elementary proficiency in French and Russian. I am open to opportunities that require relocation and any collaborative research projects.

Feel free to explore my work, and don't hesitate to connect or collaborate—I'm always excited to share insights and take on new challenges in the cybersecurity field.

ENCRYPTED VAULT

Bachelor of Science in Cybersecurity

Purdue University | 2024-2028

Comprehensive curriculum covering network security, cryptography, ethical hacking, digital forensics, and security policy. Gaining hands-on experience through labs, capture-the-flag competitions, and real-world security projects.

Expected Graduation: May 2028

American Transfer Degree Program

Sunway University | Aug 2023 - May 2025

Computer Science transfer program providing foundational coursework in programming, algorithms, data structures, and computer systems.

CGPA: 3.46

Honors & Leadership:
• Magna Cum Laude Fall 2023
• Jeffery Cheah Entrance Scholarship Recipient
• School of American Education Student Council - Head of Creative Department
• President of Sunway Esports Club

Achievements:
• GIC UNHCR Student Challenge 2024 Semi-Finalist
• Cultural Event 2023 (Second Runner Up), 2024 (Winner)
• Emcee for School of American Education Graduation
• Global Partner Event Student Volunteer
• ASEAN Workshop on Sustainable Development Registration & Delegate Management 2025 Volunteer

High School Diploma (IGCSE)

HELP International School | Feb 2016 - Jun 2023

Leadership & Activities:
• Student Council Member
• Prefect Board Member
• School Ambassador
• Photography Club Member & Social Media Manager
• Dragon House Graphic Designer

Competitions & Achievements:
• F1 in Schools Finalist
• UN Eco Startup Finalist
• Public Speaking Semi-Finalist
• STEAM Week Participant
• Sports Day Medalist

Additional Involvement:
• Baseball Team Member
• Music Performer
• School-Wide Event Planning, Coordinating, and Management
• Career's Week Presenter and Emcee

STOLEN CREDENTIALS

Certified in Cybersecurity

ISC² CC | Active

Entry-level certification demonstrating foundational cybersecurity knowledge across core security principles, business continuity, access controls, and network security.

Security Principles

CIA Triad, Authentication, Authorization, Non-repudiation

Business Continuity

Disaster Recovery Planning, Incident Response Procedures

Access Controls

Physical & Logical Controls, IAM, Multi-Factor Authentication

Network Security

Firewalls, IDS/IPS, Network Architecture, Protocols

Security, Compliance, and Identity Fundamentals

Microsoft SC-900 | Verified

Foundational certification covering Microsoft security, compliance, and identity solutions across cloud and hybrid environments.

Security Concepts

Shared Responsibility Model, Defense in Depth, Zero Trust

Identity & Access Management

Azure AD, Single Sign-On, MFA, Conditional Access Policies

Threat Protection

Microsoft Defender Suite, Azure Sentinel, Security Center

Compliance Management

Compliance Manager, Data Governance, Privacy Management

LEAKED FILES

Introduction to OSINT Capstone Challenge

Security Blue Team Certification | Published

Comprehensive OSINT investigation demonstrating advanced intelligence gathering techniques, social media analysis, and digital footprint tracking for cybersecurity purposes. Completed as capstone task for Security Blue Team's Introduction to OSINT certification, showcasing practical application of open-source intelligence methodologies.

Read on Medium

Introduction to the Dark Web Capstone Challenge

Security Blue Team Certification | Published

Exploration of dark web infrastructure, anonymous communication protocols, and threat intelligence gathering from underground forums. Completed as capstone task for Security Blue Team's Introduction to the Dark Web certification, requiring navigation of Tor networks and information extraction from hidden services.

Read on Medium

RangeForce: Website Defacement Incident Response

Virtual Lab Walkthrough | Published

Comprehensive walkthrough of a virtual incident response lab exercise focusing on website defacement analysis and remediation. Utilizing Splunk Enterprise for log analysis and forensic investigation, this exercise demonstrates detection and mitigation of Drupalgeddon 2 vulnerability exploitation (CVE-2018-7600). Step-by-step guide covers identification, containment, and recovery procedures for web application compromise scenarios.

Read on Medium

Phishing Email Analysis

Security Awareness | Published

Real-world analysis of a phishing email received in my inbox, walking through key characteristics that identify malicious intent. Provides practical tips on what to do if you encounter a phishing email, steps to take if you've already fallen victim, and best practices for prevention. Essential reading for both cybersecurity professionals and everyday users.

Read on LinkedIn

Ransomware on Critical Infrastructure: KLIA Attack

Incident Analysis | Published

Deep-dive analysis of the ransomware attack that targeted Malaysia's primary international airport (KLIA). Examining the attack vectors, impact on critical infrastructure operations, and response strategies. Provides key takeaways for aviation sector cybersecurity and comprehensive security recommendations for protecting critical infrastructure against ransomware threats.

Read on LinkedIn

CyberTech Tuesday Ep 1: VirusTotal Deep Dive

Tutorial Series | Published

Comprehensive tutorial demonstrating practical usage of VirusTotal for malware analysis. Walkthrough includes uploading and analyzing a malicious Word document commonly found in phishing campaigns, exploring VirusTotal's features, and explaining how cybersecurity professionals and everyday consumers can leverage the platform for threat detection and file verification.

Read on LinkedIn

CyberTech Tuesday Ep 2: Have I Been Pwned

Tutorial Series | Published

In-depth exploration of the Have I Been Pwned platform, including tool overview, step-by-step walkthrough, and practical applications. Demonstrates how cybersecurity professionals can leverage breach data for threat intelligence and how everyday users can check if their credentials have been compromised in data breaches. Essential resource for proactive security monitoring.

Read on LinkedIn

Understanding Web Cookies

Educational Article | Published

Comprehensive breakdown of web cookies technology, exploring different cookie types, their legitimate uses, and security implications. Detailed analysis of common cookie-based attacks including session hijacking, cross-site scripting (XSS), and cross-site request forgery (CSRF). Includes practical mitigation strategies and best practices for both developers and users to protect against cookie-based vulnerabilities.

Read on LinkedIn

EXPLOIT KIT

Learning For All (LEFA)

CIEE UNHCR Student Challenge | Dec 2023 - Apr 2024

Associated with Sunway University

Representing both Malaysia and Sunway University, our team – Ilyssa Yap Yumin, Tisyha Saravanan, Ng Ho Lam, and Varsheene Murugan – proudly achieved Top 36 out of 120 teams globally in the 2024 CIEE UNHCR Student Challenge focused on social innovation and sustainable development.

Project Goal: Empowering refugee youth through education by tackling key barriers to access and opportunity. Consulted refugee experts from Malaysia, Taiwan, Germany, and Canada. Aligned with UN SDGs 4, 8, 10, and 17.

Key Achievements:
• Designed tech-driven solution and secured five sponsorships
• Built website mockup featuring aptitude testing, academic/vocational pathways, AI chatbot, and scholarship updates
• Pitched to judges achieving Top 36 global ranking
• Conducted discussion with Fugee School students, presenting their stories to Sunway University community

Supported by Dr Tze Ying Sim & Dr TamilSelvan Ramis

View Project Presentation

Password Strength Checker

Security Tool | Python

Advanced password strength analyzer that checks passwords against common vulnerabilities, leaked databases, and provides comprehensive security recommendations with entropy calculations.

View on GitHub

AIG Forage Job Simulation

Virtual Experience Program | Python

Cyber Defense Unit Simulation

• Conducted comprehensive threat and vulnerability analysis for the Cyber Defense Unit, actively tracking CISA advisories (e.g., Log4j vulnerability) to evaluate organizational risks and propose prioritized remediation steps
• Produced clear, actionable documentation and communications (e.g., guidance emails) to direct teams on remediation strategies, patch prioritization, and incident response procedures
• Developed authorized Python tools to simulate ethical hacking scenarios, including controlled brute force testing against encrypted sample files, to assess password resilience and recommend mitigation controls

View on GitHub

Mastercard Forage Job Simulation

Virtual Experience Program | Security Awareness

Security Risk Management Simulation

• Supported security risk management activities by identifying and reporting threats such as phishing attacks and assessing areas of the business that required stronger security controls
• Crafted and analyzed simulated phishing emails to test team responses, identify vulnerabilities, and measure security awareness effectiveness
• Contributed to policy and training development by creating a comprehensive slide deck recommending security awareness courses and procedures for teams with identified security gaps

View Project Documentation

BREACH RECORDS

Summer Security Intern

UG Overseas Education | Aug 2024 - Sep 2024

• Created comprehensive cybersecurity architecture and framework for institution's Website as a Service (WaaS)
• Developed and implemented incident response plan for institution's WaaS platform
• Conducted security assessments and provided strategic recommendations for web infrastructure

OPERATION LOCATION: MALAYSIA

MALWARE VARIANTS

Industrial Control Systems Penetration Testing

Purdue University | Sep 2024 - Present | Ongoing

Conducting advanced cybersecurity research on penetration testing methodologies for Industrial Control Systems (ICS). Utilizing Kali Linux and specialized security tools to identify vulnerabilities in critical infrastructure systems.

CYNICS Research Group

Part of Purdue University's CYNICS (CYbersecurity for Nuclear and Industrial Control Systems) research laboratory

Supervisors

Dr. Arvind Sundaram, Dr. Hany Abdel Khalik

Research Activities

• Performed comprehensive literature review and analysis of penetration testing frameworks, with emphasis on Kali Linux utilities and ICS-specific attack vectors
• Configured and deployed virtualized ICS laboratory environment (LabShock) for controlled security testing
• Developed custom Python automation script to emulate realistic I/O operations and sensor output generation, enabling comprehensive testing scenarios without physical hardware dependencies
• Documented security vulnerabilities and proposed mitigation strategies for industrial control environments

Real-Time Voice Deepfake Detection

Independent Research | Ongoing

Developing detection methodologies for real-time voice deepfakes using OSINT techniques and acoustic wavelength analysis.

Research Objective

Creating open-source detection framework to combat voice-based social engineering attacks and misinformation campaigns

Technical Implementation

• Building custom Python web scraping tool to systematically collect and catalog deepfake voice services advertised on Telegram, GitHub, and other platforms
• Multi-language data collection across English, Chinese, and Russian sources to understand global deepfake service landscape
• Conducting extensive literature review on emerging threats posed by voice synthesis technology
• Analyzing acoustic patterns and wavelength signatures to identify synthetic voice characteristics
• Developing threat intelligence database of commercially available deepfake services

COVERT OPERATIONS

Community Manager

NearShore Cyber | Ongoing

Calling All Vibe Builders (CAVB):
Co-hosting dynamic weekly events for a 2,000-member cybersecurity community. Curating and spotlighting innovative projects while fostering collaboration and knowledge-sharing among cybersecurity enthusiasts.

Backdoors and Breaches (APAC Region):
Co-hosting interactive tabletop incident response game for the APAC region, utilizing real-life cybersecurity scenarios based on the Lockheed Martin Cyber Kill Chain framework. Consistently facilitating engaging sessions for at least 20 attendees per session, enhancing practical incident response skills through hands-on gameplay and strategic threat analysis.

Visit NearShore Cyber Community

PAY RANSOM

Request Official Resume

Please email ilyssayap@gmail.com for a copy of my official resume.

Get In Touch

Connect on Social Platforms

Email Contacts:
• ilyssayap@gmail.com - Professional Opportunities
• pwnedproof@gmail.com - PwnedProof Related Content

Linktree LinkedIn GitHub Medium Instagram