Skip to content
View vetementsvmnts's full-sized avatar

Block or report vetementsvmnts

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
vetementsvmnts/README.md
██╗  ██╗██╗████████╗███████╗ █████╗ ███╗   ██╗ █████╗
██║ ██╔╝██║╚══██╔══╝██╔════╝██╔══██╗████╗  ██║██╔══██╗
█████╔╝ ██║   ██║   ███████╗███████║██╔██╗ ██║███████║
██╔═██╗ ██║   ██║   ╚════██║██╔══██║██║╚██╗██║██╔══██║
██║  ██╗██║   ██║   ███████║██║  ██║██║ ╚████║██║  ██║
╚═╝  ╚═╝╚═╝   ╚═╝   ╚══════╝╚═╝  ╚═╝╚═╝  ╚═══╝╚═╝  ╚═╝

Kitsana Thuekoh

Penetration Tester · Offensive Security Researcher · Vulnerability Disclosure

Typing SVG


LinkedIn GitHub Location Profile Views


My Stack


whoamiCredentialsImpactEngagementsProjectsArsenalATT&CKActivityConnect


whoami

CPTS-certified penetration tester and NASA-acknowledged vulnerability researcher who approaches every network, application, and system through the eyes of an attacker. I execute full attack chains aligned with MITRE ATT&CK — from initial reconnaissance through domain compromise — and translate findings into structured, executive-ready reports with actionable remediation guidance.

Currently conducting red team engagements at AI FinchTech targeting web applications and REST/GraphQL APIs, while deepening Active Directory offensive capability and building automated threat hunting tooling that bridges offensive telemetry to SOC workflows.

🎯 Ask me about... (click to expand)
  • Active Directory attack paths — Kerberoasting, AS-REP Roasting, Golden/Silver Tickets, DCSync
  • Chaining low/medium findings into critical attack paths on live red team engagements
  • Building agentless PowerShell threat-hunting tooling from native Windows telemetry
  • Mobile application reverse engineering — static/dynamic analysis, Frida instrumentation, APK teardown
  • Responsible disclosure workflows and coordinating with vendor security teams (incl. NASA VDP)
  • Bridging offensive security findings into SOC-ready SIEM detections

◈ Verified Credentials

$ certcheck --operator kitsana.thuekoh --verbose
Certification Authority Status
🔴 CPTS — Certified Penetration Testing Specialist HackTheBox ACTIVE
🟠 OSCP — Offensive Security Certified Professional Offsec ACTIVE
🔵 PenTest+ CompTIA ACTIVE
🟢 Security+ CompTIA ACTIVE
🛰️ NASA VDP — Letter of Recognition NASA AWARDED
🔒 ISC2 CC ISC2 ACTIVE
🛰️ NASA Recognition — full detail
  • Identified critical vulnerabilities in production public-facing NASA systems through authorized testing
  • Developed and submitted proof-of-concept exploits with detailed remediation guidance
  • All findings accepted and patched by the NASA security team
  • Demonstrated disciplined operation within legal scope boundaries and responsible disclosure timelines

◈ Key Impact

20+
HTB Machines Rooted
Kerberoasting · AS-REP Roasting
Pass-the-Hash · Golden Ticket

6,000+
Telemetry Events Processed
7 Critical · 71 High findings
Zero third-party dependencies

30%
Attack Surface Reduction
Network segmentation · Firewall
hardening · CVE remediation

40%
Assessment Time Reduced
Python recon automation
standardized data collection


◈ Active Engagements

[ROLE]     Penetration Tester & Vulnerability Researcher
[EMPLOYER] AI FinchTech (Stealth Startup) — Remote         May 2026 – Present
           ├─ Full-scope red team engagements: web apps & REST/GraphQL APIs
           ├─ Chained low/medium findings → high-impact attack paths
           ├─ Custom payloads bypassing WAFs, rate limiting & auth controls
           └─ Blind assessments simulating real-world threat actor TTPs

[ROLE]     Network Engineer Consultant
[EMPLOYER] Synk, Johannesburg                              Jan 2024 – Sep 2025
           ├─ CVSS-triaged vulnerability findings correlated across SIEM & Windows event logs
           ├─ Python automation reduced manual assessment time by 40%
           └─ Technical + executive reporting: attack chains, risk posture, remediation

[ROLE]     Cybersecurity Intern
[EMPLOYER] Synk, Johannesburg                              Jan 2023 – Dec 2023
           ├─ Structured attack chain documentation & remediation strategy support
           ├─ Vulnerability scanning, finding triage, critical escalation
           └─ IOC correlation across security telemetry

◈ Technical Projects

🛰️ NASA Vulnerability Disclosure Program — Letter of Recognition
  • Identified critical vulnerabilities in production public-facing NASA systems through authorized testing
  • Developed and submitted proof-of-concept exploits with detailed remediation guidance
  • All findings accepted and patched by the NASA security team
  • Demonstrated disciplined operation within legal scope boundaries and responsible disclosure timelines
🔍 Threat Hunting Automation Framework (PowerShell)

Architected an agentless, zero-dependency PowerShell framework ingesting native Windows telemetry — Event Logs, Sysmon, Defender, Registry, WMI, Scheduled Tasks — across 6 modular risk-classification engines.

FINDINGS  →  7 Critical  |  71 High-risk  (from 6,000+ telemetry events)

DETECTED  →  PowerShell execution policy bypass
             COM object abuse (MITRE T1546.015)
             Local group enumeration reconnaissance
             Registry-based persistence mechanisms

OUTPUT    →  Dark-themed HTML dashboard
             Sortable risk-prioritized tables
             Modular CSV exports for SIEM ingestion / SOC handoff
📱 Mobile Application Reverse Engineering — InsecureBankv2

Full-cycle security assessment of a deliberately vulnerable Android application, mapped to OWASP MASVS, MITRE ATT&CK Mobile, and scored with CVSS 3.1.

STATIC     →  JADX-GUI / apktool decompilation, manifest & permission audit
DYNAMIC    →  Frida & Objection instrumentation, runtime hooking, SSL pinning bypass
NETWORK    →  Burp Suite MITM proxy, Wireshark capture, cleartext HTTP transmission analysis
EXPLOIT    →  Hardcoded crypto keys, insecure local storage, exported component abuse
🌐 Web Application Security Portfolio (12+ CVSS-scored Reports)

Methodology-driven assessments against Juice Shop, DVWA, and PortSwigger Web Security Academy, aligned with OWASP Testing Guide v4.2.

Vector Technique
SQL Injection Union-based → Blind Boolean → Time-based inference; bypassed input validation without error feedback
XSS Chained Stored XSS with session hijacking → full account takeover; DOM-based XSS in client-side sinks
Auth Bypass JWT algorithm confusion (none/HS256), weak secret brute-forcing
IDOR Unauthorized record access via object reference manipulation
SSRF / CSRF Internal network probing; authenticated action execution without user consent
⚡ Vulnerability Assessment — CVE-2010-4221 (CVSS 10.0)

Authorized penetration test against Ubuntu 16.04.3 LTS identifying ProFTPD 1.3.3c backdoor — a decade-old unpatched vulnerability exposing unauthenticated remote root access.

RECON      →  Nmap service/version enumeration identified ProFTPD 1.3.3c on non-standard port
RESEARCH   →  Correlated version fingerprint to CVE-2010-4221; validated backdoor presence
EXPLOIT    →  Weaponized Metasploit module → unauthenticated root-level RCE
POST-EXPL  →  /etc/shadow extraction · process enumeration · lateral movement analysis

◈ Technical Arsenal

Offensive Frameworks

Metasploit Cobalt Strike Burp Suite Pro SQLMap Hashcat John the Ripper

Active Directory

BloodHound Impacket Mimikatz CrackMapExec Rubeus PowerView

Mobile & Reverse Engineering

JADX Frida Objection MobSF apktool

Network & Analysis

Nmap Wireshark Nessus tcpdump Snort

SIEM & Detection

Splunk ELK Stack Sysmon Sigma

Development

Python PowerShell Bash Kali Linux


◈ MITRE ATT&CK Coverage

RECONNAISSANCE     T1595  Active Scanning · T1589 Credential gathering
INITIAL ACCESS     T1190  Exploit Public-Facing Application · T1566 Phishing simulation
EXECUTION          T1059  PowerShell · Bash · T1203 Exploitation for Client Execution
PERSISTENCE        T1546  COM Hijacking (T1546.015) · T1053 Scheduled Tasks · T1547 Registry Run Keys
PRIVILEGE ESCAL.   T1548  SUID/SGID Abuse · T1055 Process Injection · T1134 Token Manipulation
CREDENTIAL ACCESS  T1003  OS Credential Dumping · T1558 Kerberoasting · T1110 Brute Force
LATERAL MOVEMENT   T1550  Pass-the-Hash · T1021 Remote Services · T1563 Remote Session Hijacking
IMPACT             T1485  Data Destruction · T1490 Inhibit System Recovery

◈ Lab & Continuous Development

$ cat /ops/current_focus.log

[ACTIVE]  Active Directory attack path deepening
          └─ Kerberoasting, AS-REP Roasting, Golden/Silver Ticket, DCSync

[ACTIVE]  PortSwigger Web Security Academy
          └─ 50+ labs completed: SQLi, XSS, CSRF, SSRF, JWT, API security

[ACTIVE]  VulnHub / HackTheBox
          └─ 20+ machines rooted across Windows & Linux environments

[ACTIVE]  TryHackMe
          └─ Junior Penetration Tester & Red Teaming paths completed

[BUILDING] Reverse-Engineering-In-Mobile-Application (InsecureBankv2 assessment)
[BUILDING] Lab rebuild automation scripts (clean pentesting environments)
[BUILDING] Secure-by-default SaaS architecture research

◈ Contribution Activity

$ tail -f /var/log/contribution_grid.log --follow

a matrix-green snake eating Kitsana's github contribution graph

⚙️ Set up the animated snake + activity graphs on your own profile

Snake game (contribution grid animation):

  1. In the vetementsvmnts/vetementsvmnts profile repo, add .github/workflows/snake.yml using Platane/snk.
  2. The action pushes rendered SVGs to an output branch on a schedule (e.g. every 24h).
  3. Reference the output branch SVGs via raw.githubusercontent.com as shown above.

Activity graph / stats / streak / trophies: These are hosted, self-updating services that read live from the GitHub API — no action required, just reference the image URL with your username. If a service is rate-limited or down, self-host it by forking the corresponding repo and deploying to Vercel.


◈ Let's Connect

📧 kitsanathuekoh@gmail.com
💼 linkedin.com/in/kitsana-thuekoh
🐙 github.com/vetementsvmnts
📍 Johannesburg, South Africa — Open to Remote

Penetration Tester · Offensive Security Researcher · NASA VDP Recognized

Popular repositories Loading

  1. Understanding-Networking-Reconnaissance Understanding-Networking-Reconnaissance Public

    Network Reconnaissance is the systematic discovery of a target's digital footprint. By mapping active hosts, open ports, and service versions, I identify the attack surface and potential entry poin…

  2. vetementsvmnts vetementsvmnts Public

  3. Building-a-Modular-SOC-Environment- Building-a-Modular-SOC-Environment- Public

    Focusing on centralized log aggregation, real-time alerting pipelines, threat intelligence integration, and automated incident response playbooks. Designed for detection engineering, forensic analy…

  4. VAPT-Security-Audit VAPT-Security-Audit Public

    Professional Vulnerability Assessment & Penetration Testing documentation, findings, and remediation tracking for security audit engagements.

  5. VM-Penetration-Test-And-Exploitation VM-Penetration-Test-And-Exploitation Public

    A senior-level offensive security repository covering penetration testing methodologies, exploit development, post-exploitation techniques, red team TTPs, and vulnerability research. Includes hands…

  6. Powershell-Automation Powershell-Automation Public

    PowerShell automation toolkit for cybersecurity operations, built for technical and non-technical users. Automates security hardening, incident response, log analysis, and compliance checks. Includ…