Skip to content
View vetementsvmnts's full-sized avatar

Block or report vetementsvmnts

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
vetementsvmnts/README.md
β–ˆβ–ˆβ•—  β–ˆβ–ˆβ•—β–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ–ˆβ•—   β–ˆβ–ˆβ•— β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—
β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•”β•β–ˆβ–ˆβ•‘β•šβ•β•β–ˆβ–ˆβ•”β•β•β•β–ˆβ–ˆβ•”β•β•β•β•β•β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ•—  β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—
β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β• β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β–ˆβ–ˆβ•— β–ˆβ–ˆβ•‘β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•‘
β–ˆβ–ˆβ•”β•β–ˆβ–ˆβ•— β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘   β•šβ•β•β•β•β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘β•šβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•‘
β–ˆβ–ˆβ•‘  β–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘  β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘ β•šβ–ˆβ–ˆβ–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘  β–ˆβ–ˆβ•‘
β•šβ•β•  β•šβ•β•β•šβ•β•   β•šβ•β•   β•šβ•β•β•β•β•β•β•β•šβ•β•  β•šβ•β•β•šβ•β•  β•šβ•β•β•β•β•šβ•β•  β•šβ•β•

Kitsana Thuekoh

Penetration Tester Β· Offensive Security Researcher Β· Vulnerability Disclosure

Typing SVG


LinkedIn GitHub Location


whoami

CPTS-certified penetration tester and NASA-acknowledged vulnerability researcher who approaches every network, application, and system through the eyes of an attacker. I execute full attack chains aligned with MITRE ATT&CK β€” from initial reconnaissance through domain compromise β€” and translate findings into structured, executive-ready reports with actionable remediation guidance.

Currently conducting red team engagements at AI FinchTech targeting web applications and REST/GraphQL APIs, while deepening Active Directory offensive capability and building automated threat hunting tooling that bridges offensive telemetry to SOC workflows.


β—ˆ Verified Credentials

$ certcheck --operator kitsana.thuekoh --verbose
Certification Authority Status
πŸ”΄ CPTS β€” Certified Penetration Testing Specialist HackTheBox ACTIVE
🟠 OSCP β€” Offensive Security Certified Professional Offsec ACTIVE
πŸ”΅ PenTest+ CompTIA ACTIVE
🟒 Security+ CompTIA ACTIVE
πŸ›°οΈ NASA VDP β€” Letter of Recognition NASA AWARDED
πŸ”’ ISC2 International Information System Security Certification Consortium ACTIVE

πŸ›°οΈ NASA Recognition: Responsibly disclosed critical vulnerabilities in production NASA public-facing systems through the Vulnerability Disclosure Program. Proof-of-concept exploits accepted, all findings patched by NASA security team.


β—ˆ Key Impact

20+
HTB Machines Rooted
Kerberoasting Β· AS-REP Roasting
Pass-the-Hash Β· Golden Ticket

6,000+
Telemetry Events Processed
7 Critical Β· 71 High findings
Zero third-party dependencies

30%
Attack Surface Reduction
Network segmentation Β· Firewall
hardening Β· CVE remediation

40%
Assessment Time Reduced
Python recon automation
standardized data collection


β—ˆ Active Engagements

[ROLE]     Penetration Tester & Vulnerability Researcher
[EMPLOYER] AI FinchTech (Stealth Startup) β€” Remote         May 2026 – Present
           β”œβ”€ Full-scope red team engagements: web apps & REST/GraphQL APIs
           β”œβ”€ Chained low/medium findings β†’ high-impact attack paths
           β”œβ”€ Custom payloads bypassing WAFs, rate limiting & auth controls
           └─ Blind assessments simulating real-world threat actor TTPs

[ROLE]     Network Engineer Consultant
[EMPLOYER] Synk, Johannesburg                              Jan 2024 – Sep 2025
           β”œβ”€ CVSS-triaged vulnerability findings correlated across SIEM & Windows event logs
           β”œβ”€ Python automation reduced manual assessment time by 40%
           └─ Technical + executive reporting: attack chains, risk posture, remediation

[ROLE]     Cybersecurity Intern
[EMPLOYER] Synk, Johannesburg                              Jan 2023 – Dec 2023
           β”œβ”€ Structured attack chain documentation & remediation strategy support
           β”œβ”€ Vulnerability scanning, finding triage, critical escalation
           └─ IOC correlation across security telemetry

β—ˆ Technical Projects

πŸ›°οΈ NASA Vulnerability Disclosure Program β€” Letter of Recognition
  • Identified critical vulnerabilities in production public-facing NASA systems through authorized testing
  • Developed and submitted proof-of-concept exploits with detailed remediation guidance
  • All findings accepted and patched by the NASA security team
  • Demonstrated disciplined operation within legal scope boundaries and responsible disclosure timelines
πŸ” Threat Hunting Automation Framework (PowerShell)

Architected an agentless, zero-dependency PowerShell framework ingesting native Windows telemetry β€” Event Logs, Sysmon, Defender, Registry, WMI, Scheduled Tasks β€” across 6 modular risk-classification engines.

FINDINGS  β†’  7 Critical  |  71 High-risk  (from 6,000+ telemetry events)

DETECTED  β†’  PowerShell execution policy bypass
             COM object abuse (MITRE T1546.015)
             Local group enumeration reconnaissance
             Registry-based persistence mechanisms

OUTPUT    β†’  Dark-themed HTML dashboard
             Sortable risk-prioritized tables
             Modular CSV exports for SIEM ingestion / SOC handoff
🌐 Web Application Security Portfolio (12+ CVSS-scored Reports)

Methodology-driven assessments against Juice Shop, DVWA, and PortSwigger Web Security Academy, aligned with OWASP Testing Guide v4.2.

Vector Technique
SQL Injection Union-based β†’ Blind Boolean β†’ Time-based inference; bypassed input validation without error feedback
XSS Chained Stored XSS with session hijacking β†’ full account takeover; DOM-based XSS in client-side sinks
Auth Bypass JWT algorithm confusion (none/HS256), weak secret brute-forcing
IDOR Unauthorized record access via object reference manipulation
SSRF / CSRF Internal network probing; authenticated action execution without user consent
⚑ Vulnerability Assessment β€” CVE-2010-4221 (CVSS 10.0)

Authorized penetration test against Ubuntu 16.04.3 LTS identifying ProFTPD 1.3.3c backdoor β€” a decade-old unpatched vulnerability exposing unauthenticated remote root access.

RECON      β†’  Nmap service/version enumeration identified ProFTPD 1.3.3c on non-standard port
RESEARCH   β†’  Correlated version fingerprint to CVE-2010-4221; validated backdoor presence
EXPLOIT    β†’  Weaponized Metasploit module β†’ unauthenticated root-level RCE
POST-EXPL  β†’  /etc/shadow extraction Β· process enumeration Β· lateral movement analysis

β—ˆ Technical Arsenal

Offensive Frameworks

Metasploit Cobalt Strike Burp Suite Pro SQLMap Hashcat John the Ripper

Active Directory

BloodHound Impacket Mimikatz CrackMapExec Rubeus PowerView

Network & Analysis

Nmap Wireshark Nessus tcpdump Snort

SIEM & Detection

Splunk ELK Stack Sysmon Sigma

Development

Python PowerShell Bash Kali Linux


β—ˆ MITRE ATT&CK Coverage

RECONNAISSANCE     T1595  Active Scanning Β· T1589 Credential gathering
INITIAL ACCESS     T1190  Exploit Public-Facing Application Β· T1566 Phishing simulation
EXECUTION          T1059  PowerShell Β· Bash Β· T1203 Exploitation for Client Execution
PERSISTENCE        T1546  COM Hijacking (T1546.015) Β· T1053 Scheduled Tasks Β· T1547 Registry Run Keys
PRIVILEGE ESCAL.   T1548  SUID/SGID Abuse Β· T1055 Process Injection Β· T1134 Token Manipulation
CREDENTIAL ACCESS  T1003  OS Credential Dumping Β· T1558 Kerberoasting Β· T1110 Brute Force
LATERAL MOVEMENT   T1550  Pass-the-Hash Β· T1021 Remote Services Β· T1563 Remote Session Hijacking
IMPACT             T1485  Data Destruction Β· T1490 Inhibit System Recovery

β—ˆ Lab & Continuous Development

$ cat /ops/current_focus.log

[ACTIVE]  Active Directory attack path deepening
          └─ Kerberoasting, AS-REP Roasting, Golden/Silver Ticket, DCSync

[ACTIVE]  PortSwigger Web Security Academy
          └─ 50+ labs completed: SQLi, XSS, CSRF, SSRF, JWT, API security

[ACTIVE]  VulnHub / HackTheBox
          └─ 20+ machines rooted across Windows & Linux environments

[ACTIVE]  TryHackMe
          └─ Junior Penetration Tester & Red Teaming paths completed

[BUILDING] Lab rebuild automation scripts (clean pentesting environments)
[BUILDING] Secure-by-default SaaS architecture research

β—ˆ GitHub Stats


Penetration Tester Β· Offensive Security Researcher Β· NASA VDP Recognized
kitsanathuekoh@gmail.com Β· Johannesburg, ZA Β· Open to Remote

Popular repositories Loading

  1. Understanding-Networking-Reconnaissance Understanding-Networking-Reconnaissance Public

    Network Reconnaissance is the systematic discovery of a target's digital footprint. By mapping active hosts, open ports, and service versions, I identify the attack surface and potential entry poin…

  2. vetementsvmnts vetementsvmnts Public

  3. Building-a-Modular-SOC-Environment- Building-a-Modular-SOC-Environment- Public

    Focusing on centralized log aggregation, real-time alerting pipelines, threat intelligence integration, and automated incident response playbooks. Designed for detection engineering, forensic analy…

  4. VAPT-Security-Audit VAPT-Security-Audit Public

    Professional Vulnerability Assessment & Penetration Testing documentation, findings, and remediation tracking for security audit engagements.

  5. VM-Penetration-Test-And-Exploitation VM-Penetration-Test-And-Exploitation Public

    A senior-level offensive security repository covering penetration testing methodologies, exploit development, post-exploitation techniques, red team TTPs, and vulnerability research. Includes hands…

  6. Powershell-Automation Powershell-Automation Public

    PowerShell automation toolkit for cybersecurity operations, built for technical and non-technical users. Automates security hardening, incident response, log analysis, and compliance checks. Includ…