DUONG NGO

duong@utdallas.edu HIGHLIGHT OF QUALIFICATIONS Broad understanding of computer networking and security Proficient in wide variety of security, networking and system tools 3 year experience in Linux administration, networking troubleshooting 4 year experience in real-world penetration testing and vulnerability exploitation ( SQL injection, XSS...) 4 year experience in secure web application development A good problem-solver, fast learner and a team-player Willing to work a variety of shifts and travel if needed TECHNICAL EXPERTISE Programing Languages: Python, PHP, Bash, JavaScript, Transact-SQL, Java Applications/Tools: FireBug, Nmap, Wireshark, iptables, Apache Web Server, Scapy, Hping3, Metasploit, IDA, BackTrack, Self-written security tools Operating Systems: Debian, Centos, Ubuntu, Windows Server Networking Protocols: TCP/IP, HTTP, FTP, SMTP, DNS, ARP, SSL Databases: MySQL, SQL Server, Oracle WORK EXPERIENCE System Administrator, Richland College

Dec 2009 - Jan 2011

Analyzed and troubleshot the college's wired & wireless networks using variety of network tools like wireshark, tcpdump, tcpflow and nmap Administered four Apache web servers serving static and dynamic content for students Deployed Web Application Firewalls to prevent the websites from attacks such as SQL injection, Code injection and Cross Site Scripting Monitored and analyzed network traffics to detect possible intrusions June 2007 - Dec 2009

Web Developer, Dallas Youth Sport Magazine

Developed secure online magazine website in PHP & MySQL

Provided technical support for customers to manage their ads on the website Developed and managed ad clients service web application

ACADEMIC RESEARCH Undergraduate Researcher, McAfee, Inc. Reverse Engineering Microsoft Windows Security Patches Jan 2011 - Present

Reverse engineered & analyzed Microsoft Windows security patches Developed intelligent automated tools to analyze Microsoft security patches and create a comprehensive report of the expected behaviors and effects they have on the target system. Awarded Best Annual Senior Design Project by Computer Science Department of UT Dallas in 2011 Sept 2010 - Present

Research Assistant, Data and Application Security Lab, UT Dallas Attacking Oracle Database

Developed a new method attacking Oracle by dumping the master key from memory and automated the process of decrypting sensitive data and placing a backdoor inside Oracle databases Sept 2009 - June 2010

Lab Designer, Network Security Lab, UT Dallas Network Security Training Hands-on Lab

Developed VMWare images of hands-on labs (Capture The Flag style) for training graduate students in Network Security Course, funded by the NSA Jan 2009 - June 2009

Research Assistant, Data and Application Security Lab, UT Dallas Next-generation botnets Analysis

Explored how web-based Botnets work and how to defend against them. This research was funded by the Department of Defense

VULNERABILITIES DISCOVERED

Yahoo! 360 Social Network: Making XSS web-based worms Blackboard Academic Suite: Accounts compromised by XSS Invision Power Board: SQL Injection Vulnerability

EDUCATION University of Texas at Dallas, Richardson, Texas

June 2007 - June 2011

Bachelor of Science, Major : Computer Science

AWARDS

Champion of Hack In The Box Capture the Flags 2009

16th place in Defcon Capture the Flags 2011 4th place in National CSAW Application Security Contest in NYC. Vice President, Computer Security Group, UT Dallas
REFERENCES AVAILABLE UPON REQUEST