- 🔭 I’m currently working on: Information Security Engineer / Consultant / Penetration Tester
- 🌱 I’m currently learning: Cyber Security
- 🎓 Education:
- King Mongkut's University of Technology North Bangkok
- Bachelor of Science in Technical Education (B.S.Tech.Ed.)
- Sukhothai Thammathirat Open University
- Sumrit Certificate 87 (Science and Technology)
- Ayutthaya Technical College
- Vocational Certificate in Electrical and Electronics (Voc. Cert.)
- King Mongkut's University of Technology North Bangkok
- 📫 How to reach me:
- SNS
- LINE: sornram9254
- Twitter: @sornram9254
- Facebook: INSTALL.md, backup.tar.bz2
- Instagram: sornram9254
- Tiktok: @sornram9254
- Linkedin: linkedin.com/in/sornram9254
- 🥇 Honors & Awards:
- Mobile Penetration Testing CTF Workshop Competition by Secure-D, 2nd Runner-Ups.
- Thailand CTF Competition 2018 by ETDA, Top 10 Runner-Ups.
- Thailand’s Network Security Contest 2016 by G-Able, Top 10 Runner-Ups.
- OTPC App Hackathon 2013 by Google, Honorable Mention.
- 🧑💻 Wargames/CTF/Playground:
- Hack the Box : app.hackthebox.com/profile/63873
- Root-me : root-me.org/sornram9254
- Try Hack Me : tryhackme.com/p/sornram9254
- PentesterLab : pentesterlab.com/profile/sornram9254
- Hack The Box : app.hackthebox.com/profile/63873
- CTF-Time : ctftime.org/user/6117
- HackerOne : hackerone.com/sornram9254
- Open Bug Bounty : openbugbounty.org/researchers/sornram9254/
- 🪲 CVEs:
- CVE-2022-38577 : ProcessMaker - User Profile Privilege Escalation)
- CVE-2023-XXXXX : (RESERVED) _____________________________________
- CVE-2025-25539 : Local File Inclusion in Vasco Self-Service Portal
- CVE-2025-27997 : Privilege Escalation via Insecure File Permissions in Blizzard Battle.net
- CVE-2025-27998 : Privilege Escalation via Insecure File Permissions in Steam Client
- CVE-2025-12457 : Wordpress Plugins, Enable SVG, WebP, and ICO Upload <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Uploads
- Reported vulnerability, xxxxxxxx TODO xxxxxxxx
- Collaborative Research in Computational Neuroscience (CRCNS) kudos
- Global Association for Quality Management (GAQM)
- Chulalongkorn University, Thailand
- Kasetsart University, Thailand
- Thailand Professional Qualification Institute (TPQI)
- Ministry Of Energy, Thailand
- Major Cineplex, Thailand
- JBL by HARMAN
- Social Security Office, Thailand
- playeternalreturn.com
- usersearch.org
- etc...
- ⚔️ Certificatons & Badges:
- The SecOps Group
- Certified AppSec Practitioner (CAP)
- Certified Cloud Security Practitioner : AWS (CCSP-AWS)
- Certified Network Pentester (CNPen)
- Certified Active Directory Pentesting eXpert (C-ADPenX)
- CyberWarFare Labs
- Multi-Cloud Red Team Analyst (MCRTA)
- Certified Red Team Analyst (CRTA)
- Certified Cyber Security Analyst (C3SA)
- OffSec (FKA Offensive Security)
- Offensive Security Certified Professional (OSCP)
- INE Security (FKA eLearnSecurity)
- Junior Penetration Tester v1 (eJPT) / Junior Penetration Tester v2 (eJPT)
- Web Application Penetration Tester (eWPT)
- Web application Penetration Tester eXtreme (eWPTX)
- Mobile Application Penetration Tester (eMAPT)
- CertiProf
- Cyber Security Foundation (CSFPC) [Expired]
- Broadcom (FKA Symantec)
- Technical Specialist Exam : Symantec™ Endpoint Protection 14 (BTSE)
- Check Point Software Technologies
- Check Point SandBlast Sales Certification [Expired]
- Thailand Professional Qualification Institute (TPQI)
- Professional Qualifications (System Analysis and Design)
- IT Professionals Examination Council (ITPEC)
- Information Technology Professional Examination Certificate (ITPE)
- TryHackMe
- Junior Penetration Tester (PT1)
- The SecOps Group
