Skip to content
View Waariss's full-sized avatar
🌏
Open to global opportunities
🌏
Open to global opportunities

Highlights

  • Pro

Block or report Waariss

Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Waariss/README.md

header

typing

Visit Website

GitHub LinkedIn Medium Email

Executive Summary

I am Waris Damkham (Waariss), an Offensive Security Engineer based in Bangkok, Thailand. I work across red teaming, AI security, identity and M365 security, application security, and offensive tooling with a focus on practical, repeatable security outcomes.

  • Current: Offensive Security Engineer @ KASIKORN Business-Technology Group (KBTG) (Nov 2024 - Present)
  • Positioning: Offensive Security Engineer | AI Security Researcher | Security Builder
  • Focus in 2026: AI red teaming, Microsoft 365 Conditional Access edge-case testing, prompt-attack simulation, and scalable offensive workflows
  • Delivery: 40+ penetration tests, 40+ executive/technical summaries, and 25+ stakeholder briefings

Performance Snapshot (Website Data: 2026)

28
CVEs Published/Credited
3
IEEE Publications
20+
Selected Certifications
8
Talks / Contributions
19
Projects
40+
Security Assessments

Featured Work

  • Oblivion Token: M365 Conditional Access Policy Bypass OST Offensive research utility for practical and repeatable Microsoft 365 Conditional Access edge-case testing, presented at Black Hat Asia 2026 Arsenal and DEF CON Singapore 2026 Demo Labs.
  • UploadSmith Caido plugin for faster file-upload testing with multipart Content-Type mutation, filename extension bypass presets, and magic-byte helpers.
  • Meeting Shrinker Browser-first workflow tool for preparing Thai-heavy meeting recordings for NotebookLM using local media compression, audio extraction, transcript cleanup, and output splitting.
  • jailbreakit Go CLI helper for authorized iOS pentesting workflows, device detection, jailbreak compatibility checks, and guided palera1n/Dopamine setup.
  • NCSA AI CTF 2026 (Thailand) Challenge author representing KBTG for Thailand's first Cyber AI CTF, with AI-security and prompt-attack scenarios.

Domain Focus

Red Team Web AppSec API Mobile Identity and M365 AI Security Cloud

Tooling Stack

Burp Suite Caido Kali Metasploit Nmap sqlmap Wireshark Nessus Python Go JavaScript TypeScript Power Automate

Highlighted Certifications

Show all certifications

OSCP+ OSCP CPTS CWES CARTP CRTP BSCP eWPTX

PNPT PAPA PMPA ASCP PT1 PSAA CJCA GHF

Talks & Contributions

  • DEF CON Singapore 2026 Demo Labs - Oblivion Token: M365 Conditional Access Policy Bypass OST
  • Black Hat Asia Arsenal 2026 - Oblivion Token: M365 Conditional Access Policy Bypass OST
  • NCSA AI CTF 2026 - Challenge author for AI-security and prompt-injection scenarios
  • ICT Mahidol Cybersecurity Club - Real-World Cybersecurity Without Filters
  • KBTG Knowledge Sharing 2025 - AI Security Unmasked: The Hidden Danger Behind Your AI Tools
  • TBCert Monthly Meeting 2025 - AI Security Research: The Rise of AI Threat

Selected Research Outputs

GitHub Activity

stats langs

streak

activity graph

Connect

footer line

Offense with discipline. Research with impact.

Pinned Loading

  1. OblivionToken OblivionToken Public

    M365 Conditional Access Policy Bypass OST (Offensive Tooling)

    Python 45 6

  2. jailbreakit jailbreakit Public

    CLI for authorized iOS pentest lab setup, Frida/Objection readiness checks, and IPA installation.

    Go 17 1

  3. Chicken_Me-LineOA Chicken_Me-LineOA Public

    Python 1

  4. Oauth2.0 Oauth2.0 Public

    Java

  5. Automated-COVID-19-screening-framework-via-Deep-Convolutional-Neural-Network-with-Chest-X-ray Automated-COVID-19-screening-framework-via-Deep-Convolutional-Neural-Network-with-Chest-X-ray Public

    Jupyter Notebook

  6. One_Years One_Years Public

    TypeScript 1