I am Waris Damkham (Waariss), an Offensive Security Engineer based in Bangkok, Thailand. I work across red teaming, AI security, identity and M365 security, application security, and offensive tooling with a focus on practical, repeatable security outcomes.
- Current: Offensive Security Engineer @ KASIKORN Business-Technology Group (KBTG) (Nov 2024 - Present)
- Positioning: Offensive Security Engineer | AI Security Researcher | Security Builder
- Focus in 2026: AI red teaming, Microsoft 365 Conditional Access edge-case testing, prompt-attack simulation, and scalable offensive workflows
- Delivery: 40+ penetration tests, 40+ executive/technical summaries, and 25+ stakeholder briefings
| 28 CVEs Published/Credited |
3 IEEE Publications |
20+ Selected Certifications |
| 8 Talks / Contributions |
19 Projects |
40+ Security Assessments |
- Oblivion Token: M365 Conditional Access Policy Bypass OST Offensive research utility for practical and repeatable Microsoft 365 Conditional Access edge-case testing, presented at Black Hat Asia 2026 Arsenal and DEF CON Singapore 2026 Demo Labs.
- UploadSmith Caido plugin for faster file-upload testing with multipart Content-Type mutation, filename extension bypass presets, and magic-byte helpers.
- Meeting Shrinker Browser-first workflow tool for preparing Thai-heavy meeting recordings for NotebookLM using local media compression, audio extraction, transcript cleanup, and output splitting.
- jailbreakit Go CLI helper for authorized iOS pentesting workflows, device detection, jailbreak compatibility checks, and guided palera1n/Dopamine setup.
- NCSA AI CTF 2026 (Thailand) Challenge author representing KBTG for Thailand's first Cyber AI CTF, with AI-security and prompt-attack scenarios.
- DEF CON Singapore 2026 Demo Labs - Oblivion Token: M365 Conditional Access Policy Bypass OST
- Black Hat Asia Arsenal 2026 - Oblivion Token: M365 Conditional Access Policy Bypass OST
- NCSA AI CTF 2026 - Challenge author for AI-security and prompt-injection scenarios
- ICT Mahidol Cybersecurity Club - Real-World Cybersecurity Without Filters
- KBTG Knowledge Sharing 2025 - AI Security Unmasked: The Hidden Danger Behind Your AI Tools
- TBCert Monthly Meeting 2025 - AI Security Research: The Rise of AI Threat
- Oblivion Token: M365 Conditional Access Policy Bypass OST - Offensive research tool presented at Black Hat Asia 2026 Arsenal and DEF CON Singapore 2026 Demo Labs
- Practical Mobile Based Services for Identification of Chicken Diseases From Fecal Images (IEEE TENCON 2024)
- Detecting Vulnerable OAuth 2.0 Implementations in Android Applications (IEEE QRS 2023)
- Automated COVID-19 Screening Framework Using Deep CNN With Chest X-Ray Medical Images (IEEE InCIT 2022)
- Portfolio: waris-damkham.netlify.app
- LinkedIn: linkedin.com/in/waris-damkham
- GitHub: github.com/Waariss
- Medium: medium.com/@waaris_m
- ResearchGate: researchgate.net/profile/Waris-Damkham
- Google Scholar: scholar.google.com/citations?user=dug8UQQAAAAJ
- Credly: credly.com/users/waris-damkham
- TryHackMe: tryhackme.com/p/waris.dam
- HackTheBox: profile.hackthebox.com/profile/019c5786-35c7-7398-ad5e-32d60b572cdb
- Email: waris.dam@outlook.com
Offense with discipline. Research with impact.










