About Me

I'm Tang Cheuk Hei, also known as siunam (小南), a 22-year-old guy from Hong Kong who has a lot of passion and hunger for cybersecurity. Below is my timeline of my ethical hacking journey:

From 2010 to 2021, I'm just a person who plays video games for around 16 hours every day. During that time period, I also self-taught video game level design in CS:GO, 3D modeling, reading programming codes (Not writing codes) and more. In mid-2021, I started to plan my future, like what career path I should take.

In around mid January 2022, I was randomly watching YouTube videos, and suddenly I saw NetworkChuck's video talking about password cracking. By watching his video, it catches my eye balls. I was fascinated in ethical hacking and tried to follow his tutorials to build a virtual environment, installing Kali Linux, cracking passwords with Hashcat. And this is how my ethical hacking journey starts!

Started on 12nd March 2022, I started to learn ethical hacking much deeper, and registered a TryHackMe account and learning all the fundamentals from scratch, and constantly writing CTF writeups, taking part in CTF competitions, and so on.

Timeline

• Mid January 2022: Started my ethical hacking journey
• 12nd March 2022: Registered TryHackMe account
• 29th March 2022: Played my first CTF competition (NahamCon CTF 2022: Writeup)
• 14th February 2023: Joined CTF team "JHDiscord"
• 11st July 2023: Joined CTF team "ARESx"
• 24th August 2023: Earned OSCP certificate
• 4th June 2024: Started my bug bounty journey
• 13th August 2024: Got my first CVE "CVE-2024-7559" (Writeup)
• 30th September 2024: Officially joined university CTF team "NuttyShell"
• 19th February 2025: Posted my first research: Attempted Research in PHP Class Pollution
• 6th March 2025: Officially joined CTF team "Black Bauhinia"

List of CVEs

• Total number of CVEs: 23

CVEs Table

CVE ID	Vendor	Vulnerability Title & Record Link
CVE-2024-13333	Advanced File Manager	Authenticated (Subscriber+) Arbitrary File Upload
CVE-2024-11010	FileOrganizer	Authenticated (Administrator+) Local JavaScript File Inclusion
CVE-2024-9669	Filester	Authenticated (Administrator+) Local JavaScript File Inclusion
CVE-2024-9546	WPIDE	Unauthenticated Full Path Dislcosure
CVE-2024-9507	Bit Form	Authenticated (Administrator+) Improper Input Validation via iconUpload Function to Arbitrary File Read
CVE-2024-8918	File Manager Pro	Unauthenticated Limited JavaScript File Upload
CVE-2024-8746	File Manager Pro	Unauthenticated Backup File Download and Upload
CVE-2024-8743	Bit File Manager	Authenticated (Subscriber+) Limited JavaScript File Upload
CVE-2024-8725	Advanced File Manager	Authenticated (Subscriber+) Limited File Upload
CVE-2024-8721	Tracking Code Manager	Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-8704	Advanced File Manager	Authenticated (Administrator+) Local JavaScript File Inclusion via fma_locale
CVE-2024-8507	File Manager Pro	Cross-Site Request Forgery to Arbitrary File Upload
CVE-2024-8126	Advanced File Manager	Authenticated (Subscriber+) Arbitrary File Upload
CVE-2024-8066	Filester	Authenticated (Subscriber+) Arbitrary File Upload
CVE-2024-7985	FileOrganizer	Authenticated (Subscriber+) Arbitrary File Upload
CVE-2024-7782	Bit Form	Authenticated (Administrator+) Arbitrary File Deletion
CVE-2024-7780	Bit Form	Authenticated (Administrator+) SQL Injection
CVE-2024-7777	Bit Form	Authenticated (Administrator+) Arbitrary File Read And Deletion
CVE-2024-7775	Bit Form	Authenticated (Administrator+) Arbitrary JavaScript File Uploads
CVE-2024-7770	Bit File Manager	Authenticated (Subscriber+) Arbitrary File Upload
CVE-2024-7702	Bit Form	Authenticated (Administrator+) SQL Injection via getLogHistory Function
CVE-2024-7627	Bit File Manager	Unauthenticated Remote Code Execution via Race Condition
CVE-2024-7559	File Manager Pro	Authenticated (Subscriber+) Arbitrary File Upload

Note: Only publicly disclosed CVEs are listed in here.

Certificates

Contact Me

• Email: siunam321atcybersec@gmail.com
• LinkedIn: https://www.linkedin.com/in/tangecheukhei/
• Discord: siunam321
• Twitter
• Instragram
• GitHub
• Steam
• Youtube