- 🔭 I’m currently working on: Information Security Engineer / Consultant / Penetration Tester
- 🌱 I’m currently learning: Cyber Security
- 🎓 Education:
- King Mongkut's University of Technology North Bangkok
- Bachelor of Science in Technical Education (B.S.Tech.Ed.)
- Sukhothai Thammathirat Open University
- Sumrit Certificate 87 (Science and Technology)
- Ayutthaya Technical College
- Vocational Certificate in Electrical and Electronics (Voc. Cert.)
- King Mongkut's University of Technology North Bangkok
- 📫 How to reach me:
- SNS
- LINE: sornram9254
- Twitter: @sornram9254
- Facebook: INSTALL.md, backup.tar.bz2
- Instagram: sornram9254
- Tiktok: @sornram9254
- Linkedin: linkedin.com/in/sornram9254
- 🥇 Honors & Awards:
- Mobile Penetration Testing CTF Workshop Competition by Secure-D, 2nd Runner-Ups.
- Thailand CTF Competition 2018 by ETDA, Top 10 Runner-Ups.
- Thailand’s Network Security Contest 2016 by G-Able, Top 10 Runner-Ups.
- OTPC App Hackathon 2013 by Google, Honorable Mention.
- 🧑💻 Wargames/CTF/Playground:
- Hack the Box : app.hackthebox.com/profile/63873
- Root-me : root-me.org/sornram9254
- Try Hack Me : tryhackme.com/p/sornram9254
- PentesterLab : pentesterlab.com/profile/sornram9254
- Hack The Box : app.hackthebox.com/profile/63873
- CTF-Time : ctftime.org/user/6117
- HackerOne : hackerone.com/sornram9254
- Open Bug Bounty : openbugbounty.org/researchers/sornram9254/
- 🪲 CVEs:
- CVE-2022-38577 : ProcessMaker - User Profile Privilege Escalation)
- CVE-2023-37137 : (RESERVED) _____________________________________
- CVE-2025-25539 : Local File Inclusion in Vasco Self-Service Portal
- CVE-2025-27997 : Privilege Escalation via Insecure File Permissions in Blizzard Battle.net
- CVE-2025-27998 : Privilege Escalation via Insecure File Permissions in Steam Client
- CVE-2025-12451 : Wordpress Plugins, Easy SVG Support <= 4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
- CVE-2025-12457 : Wordpress Plugins, Enable SVG, WebP, and ICO Upload <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Uploads
- Reported vulnerability, xxxxxxxx TODO xxxxxxxx
- Collaborative Research in Computational Neuroscience (CRCNS) kudos
- Global Association for Quality Management (GAQM)
- Chulalongkorn University, Thailand
- Kasetsart University, Thailand
- Thailand Professional Qualification Institute (TPQI)
- Ministry Of Energy, Thailand
- Major Cineplex, Thailand
- JBL by HARMAN
- Social Security Office, Thailand
- playeternalreturn.com
- usersearch.org
- etc...
- ⚔️ Certificatons & Badges:
- Knight Squad Academy
- Certified Web App Penetration Testing Apprentice (kWAPTA) verify
- Red Team Leaders
- Certified Cybersecurity Educator Professional (CCEP) verify
- TryHackMe
- Junior Penetration Tester (PT1) verify
- The SecOps Group
- CyberWarFare Labs
- OffSec (FKA Offensive Security)
- Offensive Security Certified Professional (OSCP) verify
- INE Security (FKA eLearnSecurity)
- Junior Penetration Tester v1 (eJPT) / Junior Penetration Tester v2 (eJPT) verify v.1, verify v.2
- Web Application Penetration Tester (eWPT) verify
- Web application Penetration Tester eXtreme (eWPTX) verify
- Mobile Application Penetration Tester (eMAPT) verify
- CertiProf
- Cyber Security Foundation (CSFPC) [Expired] verify
- Broadcom (FKA Symantec)
- Technical Specialist Exam : Symantec™ Endpoint Protection 14 (BTSE) verify
- Check Point Software Technologies
- Check Point SandBlast Sales Certification [Expired] verify
- Thailand Professional Qualification Institute (TPQI)
- Professional Qualifications (System Analysis and Design) verify
- IT Professionals Examination Council (ITPEC)
- Information Technology Professional Examination Certificate (ITPE) verify
- Knight Squad Academy
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |