Experience
Security Consultant & Technical Advisor · TPCU Computer Center · 2026 – Present Python · Burp Suite · WAF / Nginx · Responsible Disclosure
- Discovered and disclosed multiple high-severity vulnerabilities (IDOR, XSS, credential exposure) via HITCON ZeroDay — converting responsible disclosure into a formal consulting engagement
- Architected WAF/reverse-proxy hardening adopted by institutional stakeholders; built Python automation to eliminate manual operational workflows
Lead Scripter · Independent Game Studio (Roblox) · 2022 – 2024 Luau · Async Remote Collaboration
Built combat, FPS, and skill systems; shipped multiple game modules with an international async team.
Projects
Agora-AI — Campus LLM Administrative Assistant (Deploying) · github.com/alaner652/Agora-AI FastAPI · Next.js 16 · SQLite · Docker Compose · Caddy · Loki / Grafana
Reverse-engineered undocumented institutional APIs into a 10-tool LLM agent — students query schedules, grades, and leave in natural language instead of navigating the portal. 69 tests, SSE streaming, BYOK LLM, deployed on institutional VM.
HITCON ZeroDay · Responsible Disclosure Web Security · IDOR · XSS · Burp Suite
Identified a critical IDOR in the university student information system. Authored a full PoC report with remediation; patch deployed immediately — directly resulting in the TPCU consulting role.
MINDSCAPE — LLM-Powered Fitness Tracker (In Development) Go · Flutter · Next.js · LLM Pipeline
Full-stack fitness tracker with LLM pipeline that parses natural-language workout entries into structured JSON — eliminating form-based input across mobile, web, and backend.
Easy TPCU — Academic Portal Automation · github.com/alaner652/tpcu-absence-notifier Python · BeautifulSoup · Burp Suite · Discord Webhook
Reverse-engineered portal session flow; automated attendance extraction with chart generation and Discord push — early proof-of-concept for Agora-AI.
Education
Taipei City University of Science and Technology · B.Eng. Information Engineering · Year 3 · 2022 – 2027 (Expected)
Skills
Languages: Go, Python, TypeScript / JavaScript, Luau, C/C++ Stack: Next.js, React, Flutter, FastAPI, SQLite, Docker, Caddy, Nginx Security: XSS, IDOR, CSRF · Burp Suite · Responsible Disclosure AI / LLM: Agent tool-chain design, BYOK LLM architecture, Gemini API
Side Projects & Hobbies
Ave Mujica Bot — OCR subtitle indexer with Discord query interface · Python · PaddleOCR
osu! Map Manager — Beatmap scanner with batch download and CSV export · Python · PyInstaller
Guitar · HomeLab (Proxmox + OpenWrt + Tailscale) · CTF · osu!