Waris Damkham
Offensive Security Engineer | eWPTX | PNPT | PMPA | CPTS | CBBH | BSCP | CRTP | GHF | C-APIPen | CCPenX-AWS | C-AI/MLPen | CMPen-Android & iOS | CAPenX | CNPen | CAPen | CAP | CRTA | CRT-ID | MCRTA
Take a moment to explore my skills, experiences, and projects below.
About Me
I am an Offensive Security Engineer, Penetration Tester, and AI Security Researcher with a strong passion for Linux 馃惂, Cybersecurity 馃敀, AI 馃, and DevOps 鈿欙笍. My expertise spans Offensive Security, AI-driven threat research, Web security, and Mobile security, with hands-on experience in penetration testing and security assessments. I have led significant research projects, including the development of an Automated COVID-19 Screening Framework Using Deep CNN With Chest X-Ray Medical Images, research on Detecting Vulnerable OAuth 2.0 Implementations in Android Applications, and the creation of Practical Mobile-Based Services for Identification of Chicken Diseases From Fecal Images. These projects have been presented at conferences and featured in publications. I am actively seeking full-time opportunities where I can continue to grow, gain valuable industry insights, and contribute innovatively to a collaborative security research environment.
Skills & Tools
Experience
- TBA
Skills: Penetration test 路 Kali linux 路 Burp Suite 路 AI Security 路 Reporting 路 Power Automate
As a Penetration Tester, I conduct in-depth security assessments of IT infrastructure, identifying vulnerabilities in operating systems, applications, configurations, and user behaviors. I specialize in security and vulnerability assessments for software, mobile, and web applications, adhering to OWASP guidelines. I provide actionable recommendations and detailed analysis to strengthen overall security posture. To date, I have successfully worked on 16 projects.
Skills: Penetration test 路 Kali linux 路 Burp Suite 路 OWSAP 路 Vulnerability Assessment
As a Penetration Tester intern at KPMG, I assisted in conducting security assessments for software, mobile, and web applications, utilizing Kali Linux, Burp Suite, and OWASP best practices to identify vulnerabilities and simulate cyber attacks. I contributed to developing a secure website for KPMG and performed vulnerability assessments using Nessus, focusing on KPMG鈥檚 internal network. During my time at KPMG, I successfully completed two penetration testing projects and one vulnerability assessment project, strengthening my technical expertise and ability to communicate complex security findings effectively. I remain committed to expanding my knowledge in this fast-evolving field.
Skills: Penetration test 路 Kali linux 路 Burp Suite 路 OWSAP 路 Cybersecurity 路 Vulnerability Assessment
I conducted research on the security vulnerabilities in Android apps that use OAuth 2.0 with Google accounts, with a focus on the risks of cross-site request forgery (CSRF). My findings were presented at the Workshop on Cyber Forensics, Security, and E-discovery, during the 23rd IEEE International Conference on Software Quality, Reliability, and Security in 2023. By developing an app and analyzing others, I evaluated critical components such as the state parameter and authorization code, which are essential for CSRF prevention. The study reveals the level of protection against CSRF in implementations of OAuth 2.0 on Android. Our goal is to enhance user safety by identifying vulnerable apps and emphasizing the necessity for robust security measures. This research establishes a benchmark for future security audits of apps.
Skills: Android Development 路 OAuth2.0 路 Application Security 路 Security 路 Cybersecurity 路 Java
I contributed to a project on automated COVID-19 diagnosis using chest X-rays, presented at the 2022 6th International Conference on Information Technology (InCIT). We proposed an AI-based screening method utilizing transfer learning and deep neural networks. Using Grad-CAM visualization, our convolutional neural network model showcased superior performance in accuracy, precision, recall, and F-measure on public datasets. This work advanced early COVID-19 detection and highlighted my skills in AI, deep learning, and medical imaging.
Skills: Public Speaking 路 Jupyter 路 Convolutional Neural Networks (CNN) 路 Deep Learning 路 Artificial Intelligence (AI) 路 Communication 路 Python
News Conference Paper Show Credential Conference Certifications
Education
Activities and societies:
Activities and societies:
Activities and societies:
Projects
Publications
Practical Mobile Based Services for Identification of Chicken Diseases From Fecal Images
Accepted at IEEE Region 10 Conference 2024 (TENCON 2024)
Poultry farming is crucial to the food chain, and chicken health directly impacts product quality and safety. Diagnosing poultry diseases using polymerase chain reaction is costly, particularly for small farms. To address this, we developed a mobile-based service for farmers, enabling the identification of common chicken diseases from fecal images via a Line account. Our system achieved 86.49% segmentation precision and 95.93% classification accuracy on a large dataset, offering a practical and accessible tool for local farmers.
Detecting Vulnerable OAuth 2.0 Implementations in Android Applications
Presented at the Workshop on Cyber Forensics, Security, and E-discovery, as part of the 23rd IEEE International Conference on Software Quality, Reliability, and Security, 2023.
OAuth 2.0, commonly used for authorization, can be susceptible to CSRF attacks in Android applications. To address this, we developed an Android app to assess other apps' use of the OAuth 2.0 state parameter鈥攁 key defense against CSRF. Our analysis, conducted on both Chrome and the default browser, evaluates whether Android apps using OAuth 2.0 are adequately protected against CSRF attacks. Our research aims to protect users by highlighting apps with potentially vulnerable OAuth 2.0 implementations.
Automated COVID-19 Screening Framework Using Deep CNN With Chest X-Ray Medical Images
Presented at The 6th International Conference on Information Technology (InCIT2022)
An automated COVID-19 screening framework using chest X-ray images is proposed in this study. It leverages artificial intelligence techniques and transfer learning for accurate diagnosis. The framework extracts features using transfer learning and applies modified deep neural networks. Grad-CAM visualization supports the predicted diagnosis. Experimental results demonstrate superior performance compared to other deep learning techniques. This framework has the potential to aid in early COVID-19 diagnosis and alleviate the burden on radiologists.
Certifications
.png)
.png)
.png)
Competitions
UMass CTF is back and better than ever this year! Get ready to dive into a thrilling array of challenges that will test your skills and push your limits. Participants can look forward to tackling intricate puzzles in Reverse Engineering, unlocking the mysteries of Cryptography, uncovering clues in Forensics, navigating the complex world of Binary Exploitation, and outsmarting defenses in Web Exploitation. Plus, we've got a host of miscellaneous challenges that are sure to surprise and engage. Don't miss out on the action-packed excitement at UMass CTF!
Skills: Cybersecurity, Web Exploitation, Forensics, Cryptography, Radio Steganography , Misc, Reverse Engineering, Pwn
Blog
Welcome to my Cybersecurity journey! I'm Waris Damkham, a passionate Information and Communication Technology student. Dive into my writeup to explore the intricacies of cybersecurity through the lens of my hands-on experiences at HackTheBox etc.
Hello everyone! My name is Waris Damkham, and I'm currently a fourth-year student in Information and Communication Technology at Mahidol University. I was fortunate to secure an internship at the Cybersecurity Laboratory in the Faculty of Information Science and Engineering at Ritsumeikan University.[...]
My Resume
warris-m~$cat Contact & FollowI'm always open to discussions, collaborations, or just a chat. Feel free to reach out through any of the platforms below or drop me an email.