βββ βββββββββββββββββββββββ ββββββ ββββ βββ ββββββ
βββ βββββββββββββββββββββββββββββββββββββ βββββββββββ
βββββββ βββ βββ ββββββββββββββββββββββ βββββββββββ
βββββββ βββ βββ ββββββββββββββββββββββββββββββββββ
βββ ββββββ βββ βββββββββββ ββββββ βββββββββ βββ
βββ ββββββ βββ βββββββββββ ββββββ ββββββββ βββ
Penetration Tester Β· Offensive Security Researcher Β· Vulnerability Disclosure
CPTS-certified penetration tester and NASA-acknowledged vulnerability researcher who approaches every network, application, and system through the eyes of an attacker. I execute full attack chains aligned with MITRE ATT&CK β from initial reconnaissance through domain compromise β and translate findings into structured, executive-ready reports with actionable remediation guidance.
Currently conducting red team engagements at AI FinchTech targeting web applications and REST/GraphQL APIs, while deepening Active Directory offensive capability and building automated threat hunting tooling that bridges offensive telemetry to SOC workflows.
$ certcheck --operator kitsana.thuekoh --verbose| Certification | Authority | Status | |
|---|---|---|---|
| π΄ | CPTS β Certified Penetration Testing Specialist | HackTheBox | ACTIVE |
| π | OSCP β Offensive Security Certified Professional | Offsec | ACTIVE |
| π΅ | PenTest+ | CompTIA | ACTIVE |
| π’ | Security+ | CompTIA | ACTIVE |
| π°οΈ | NASA VDP β Letter of Recognition | NASA | AWARDED |
| π | ISC2 | International Information System Security Certification Consortium | ACTIVE |
π°οΈ NASA Recognition: Responsibly disclosed critical vulnerabilities in production NASA public-facing systems through the Vulnerability Disclosure Program. Proof-of-concept exploits accepted, all findings patched by NASA security team.
|
|
|
|
|
[ROLE] Penetration Tester & Vulnerability Researcher
[EMPLOYER] AI FinchTech (Stealth Startup) β Remote May 2026 β Present
ββ Full-scope red team engagements: web apps & REST/GraphQL APIs
ββ Chained low/medium findings β high-impact attack paths
ββ Custom payloads bypassing WAFs, rate limiting & auth controls
ββ Blind assessments simulating real-world threat actor TTPs
[ROLE] Network Engineer Consultant
[EMPLOYER] Synk, Johannesburg Jan 2024 β Sep 2025
ββ CVSS-triaged vulnerability findings correlated across SIEM & Windows event logs
ββ Python automation reduced manual assessment time by 40%
ββ Technical + executive reporting: attack chains, risk posture, remediation
[ROLE] Cybersecurity Intern
[EMPLOYER] Synk, Johannesburg Jan 2023 β Dec 2023
ββ Structured attack chain documentation & remediation strategy support
ββ Vulnerability scanning, finding triage, critical escalation
ββ IOC correlation across security telemetry
π°οΈ NASA Vulnerability Disclosure Program β Letter of Recognition
- Identified critical vulnerabilities in production public-facing NASA systems through authorized testing
- Developed and submitted proof-of-concept exploits with detailed remediation guidance
- All findings accepted and patched by the NASA security team
- Demonstrated disciplined operation within legal scope boundaries and responsible disclosure timelines
π Threat Hunting Automation Framework (PowerShell)
Architected an agentless, zero-dependency PowerShell framework ingesting native Windows telemetry β Event Logs, Sysmon, Defender, Registry, WMI, Scheduled Tasks β across 6 modular risk-classification engines.
FINDINGS β 7 Critical | 71 High-risk (from 6,000+ telemetry events)
DETECTED β PowerShell execution policy bypass
COM object abuse (MITRE T1546.015)
Local group enumeration reconnaissance
Registry-based persistence mechanisms
OUTPUT β Dark-themed HTML dashboard
Sortable risk-prioritized tables
Modular CSV exports for SIEM ingestion / SOC handoff
π Web Application Security Portfolio (12+ CVSS-scored Reports)
Methodology-driven assessments against Juice Shop, DVWA, and PortSwigger Web Security Academy, aligned with OWASP Testing Guide v4.2.
| Vector | Technique |
|---|---|
| SQL Injection | Union-based β Blind Boolean β Time-based inference; bypassed input validation without error feedback |
| XSS | Chained Stored XSS with session hijacking β full account takeover; DOM-based XSS in client-side sinks |
| Auth Bypass | JWT algorithm confusion (none/HS256), weak secret brute-forcing |
| IDOR | Unauthorized record access via object reference manipulation |
| SSRF / CSRF | Internal network probing; authenticated action execution without user consent |
β‘ Vulnerability Assessment β CVE-2010-4221 (CVSS 10.0)
Authorized penetration test against Ubuntu 16.04.3 LTS identifying ProFTPD 1.3.3c backdoor β a decade-old unpatched vulnerability exposing unauthenticated remote root access.
RECON β Nmap service/version enumeration identified ProFTPD 1.3.3c on non-standard port
RESEARCH β Correlated version fingerprint to CVE-2010-4221; validated backdoor presence
EXPLOIT β Weaponized Metasploit module β unauthenticated root-level RCE
POST-EXPL β /etc/shadow extraction Β· process enumeration Β· lateral movement analysis
Offensive Frameworks
Active Directory
Network & Analysis
SIEM & Detection
Development
RECONNAISSANCE T1595 Active Scanning Β· T1589 Credential gathering
INITIAL ACCESS T1190 Exploit Public-Facing Application Β· T1566 Phishing simulation
EXECUTION T1059 PowerShell Β· Bash Β· T1203 Exploitation for Client Execution
PERSISTENCE T1546 COM Hijacking (T1546.015) Β· T1053 Scheduled Tasks Β· T1547 Registry Run Keys
PRIVILEGE ESCAL. T1548 SUID/SGID Abuse Β· T1055 Process Injection Β· T1134 Token Manipulation
CREDENTIAL ACCESS T1003 OS Credential Dumping Β· T1558 Kerberoasting Β· T1110 Brute Force
LATERAL MOVEMENT T1550 Pass-the-Hash Β· T1021 Remote Services Β· T1563 Remote Session Hijacking
IMPACT T1485 Data Destruction Β· T1490 Inhibit System Recovery
$ cat /ops/current_focus.log
[ACTIVE] Active Directory attack path deepening
ββ Kerberoasting, AS-REP Roasting, Golden/Silver Ticket, DCSync
[ACTIVE] PortSwigger Web Security Academy
ββ 50+ labs completed: SQLi, XSS, CSRF, SSRF, JWT, API security
[ACTIVE] VulnHub / HackTheBox
ββ 20+ machines rooted across Windows & Linux environments
[ACTIVE] TryHackMe
ββ Junior Penetration Tester & Red Teaming paths completed
[BUILDING] Lab rebuild automation scripts (clean pentesting environments)
[BUILDING] Secure-by-default SaaS architecture researchPenetration Tester Β· Offensive Security Researcher Β· NASA VDP Recognized
kitsanathuekoh@gmail.com Β· Johannesburg, ZA Β· Open to Remote