Security consulting, validation, and risk communication.
Senior Security Consultant / Offensive Security Researcher
Supakiad S. (m3ez)
Offensive security consultant building practical security research, reusable tooling, and high-impact vulnerability analysis across modern attack surfaces.
I help organizations identify, validate, and remediate risks across web applications, APIs, mobile apps, Active Directory, internal networks, wireless environments, and thick-client systems.
Current Focus
Practical offensive security. Clear remediation.
My work combines exploitation depth, executive-ready reporting, and pragmatic guidance that engineering teams can act on.
OffSec, CREST, INE, TCM Security, CompTIA, and more.
Research recognition, live hacking events, and ranked competition results.
About
Clarity, coverage, impact.
I am a Senior Security Consultant focused on offensive security, penetration testing, secure code review, and vulnerability research.
I help organizations identify, validate, and remediate security risks across web applications, APIs, mobile applications, Active Directory, network infrastructure, wireless environments, and thick-client systems.
My work combines practical exploitation, clear technical reporting, remediation guidance, and stakeholder communication.
Operating Style
- Depth where it matters, not noise for its own sake.
- Findings mapped to business risk and remediation priorities.
- Security outputs written for both engineers and leadership.
- Research and tooling built to improve repeatability.
Expertise
Attack surface coverage.
Web & API Security
Authentication, authorization, business logic, OWASP Top 10, API abuse paths, and secure code review.
Mobile Security
Android and iOS testing, storage review, interception workflows, and platform-specific validation.
Active Directory
Privilege escalation, misconfiguration analysis, lateral movement, and enterprise attack simulation.
Network & Wireless
Internal network exposure mapping, wireless assessment, and practical validation of infrastructure weaknesses.
Thick Client Assessment
Desktop application review, local attack surface mapping, and client-server trust boundary testing.
Reporting & Remediation
Technical findings, executive summaries, CWE and CVSS mapping, and realistic fix guidance.
Credentials
Certifications & training.
Selected Certifications
Focused on red teaming, web security, mobile testing, and secure review.
Compact badge view for quick scanning. Full certificate names remain on the CV and profile references.
Professional Development
Training and labs that sharpen offensive tradecraft.
- PEN-200, PEN-300, and WEB-300 - OffSec
- Red Team Professional - Altered Security
- Red Team Analyst - Cyberwarfare Labs
- eWPT and eWPTX - INE Security
- PMPA - TCM Security
Recognition
Security activity.
NCSA AI CTF 2026
Placed 9th personally in the final round.
Microsoft Zero Day Quest Live Hacking Event
Invite-only participant in Redmond, Washington, USA.
Thailand Cyber Top Talent 2025
Placed 6th personally and 13th as a team in the qualifying round.
Microsoft Most Valuable Researchers 2025
Ranked 42nd in the Top 100 Most Valuable Researchers program.
MSRC Leaderboard 2025 Q1
Placed 86th in Microsoft Researcher Recognition Program standings.
Microsoft Zero Day Quest Onsite Event
Invite-only participant in Redmond, Washington, USA.
Thailand Cyber Top Talent 2024
Finished 10th in the final round.
MSRC Leaderboard 2024 Q3
Placed 25th in Microsoft Researcher Recognition Program standings.
Dynamics Researchers Leaderboard 2024 Q3
Placed 6th in Microsoft Dynamics researcher standings.
MSRC Leaderboard 2024 Q1
Placed 32nd in Microsoft Researcher Recognition Program standings.
Most Valuable Researchers 2023
Ranked 68th in the Top 100 Most Valuable Researchers program.
HITB SECCONF CTF 2023
Placed 16th in the Attack-Defense competition.
National WhiteHat Challenge
Winner in National Coding Day 2023.
Office Researchers Leaderboard 2022 Q4
Placed 4th in Microsoft Office researcher standings.
MSRC Leaderboard 2022 Q4
Placed 25th in Microsoft Researcher Recognition Program standings.
MSRC Leaderboard 2022 Q3
Placed 44th in Microsoft Researcher Recognition Program standings.
Thailand Cyber Top Talent 2022
Participant in the NCSA competition program.
Thailand Cyber Top Talent 2021
Participant in the NCSA competition program.
UTCC Cyber Security #2
Participant in the University of the Thai Chamber of Commerce event.
White Hat Hacking for Security
Winner in the DEPA Thailand program.
Financial Cybersecurity Boot Camp
Participant in the Bank of Thailand program.
SOSECURE Hacking Contest
Participant in the SOSECURE competition.
Projects / Research
Research & public work.
Research
WordPress Security Research
Research and tooling for finding high-impact vulnerabilities in WordPress plugins and PHP applications.
Writeups
Vulnerability Analysis
Technical writeups covering exploitation chains, root cause analysis, business impact, and remediation strategy.
Automation
Security Tooling
Reusable scripts and helpers for triage, testing workflows, and secure code review support.
Notes
Secure Code Review Patterns
Source-to-sink notes and vulnerability pattern references built around practical detection logic.
Public Footprint
Profiles, writeups, references.
Verified public links covering research profiles, writeups, advisories, and community recognition.
Core Profiles
Primary public profiles that best represent current work, writing, and community presence.
Researcher Platforms
Public researcher and contributor pages with direct attribution to Supakiad S. (m3ez).
Public Writeups
Long-form public writeups and proof-of-concept reporting tied to Microsoft research.
Recognition & Mentions
Public recognition and community features connected to security research activity.
Selected Advisories
Advisory pages with direct contributor credit.
Writing
Writing & public links.
Writing Platforms
Technical thoughts, public notes, and long-form writeups.
Contact
Public profile links for networking and research updates.