// Cyber Security Engineer

Protecting the digital world, one lab at a time.

Pasindu Sandeepa. Junior Researcher specializing in Penetration Testing and Network Defense. Based in Sri Lanka.

Hire Me View GitHub 📝 Writeups Blog
About
Pasindu Sandeepa

A self taught with a lot of interest in Cyber Security

Hi, I am Pasindu, a 2nd year Computer Science undergraduate at Eastern University Sri Lanka, based in Kandy. My interest has always been in Cyber Security. I want to ensure that security is a top priority within our quickly developing world and would like to contribute to a more secure environment.

I like to keep myself relevant by solving Capture The Flags on HackTheBox and working through PortSwigger Web Security Academy labs — publishing 120+ detailed writeups along the way. I also build open-source security tools like PhishGuard and a Log Analyzer & Threat Detector to sharpen my practical skills.

I would like to improve myself within the Cyber Security field in order to become a professional Penetration Tester. I always keep a close eye on newly discovered vulnerabilities and like to challenge myself with unsolved weaknesses. I am someone who wants to make the world a more secure place, even if it goes unnoticed.



Background

Driven by Curiosity, Proven by Labs.

I focus on turning complex security theory into hands-on execution. My approach is simple: detect, exploit, report, and defend.


Stats

+ Top 20% TryHackMe

+ 121 Security Writeups

+ 15+ Custom Python Tools


→ Read all writeups
Portfolio

Case Studies

Offensive Security

Multi-Threaded NoSQL Automator

Custom Python development to streamline vulnerability identification.

  • Problem: Manual NoSQL injection was too slow for large datasets.
  • Action: Built a threading script to automate payload delivery via Python.
  • Outcome: Reduced audit time by 70%; successfully identified data leakage.
Network Defense

AD Domain Takeover & Audit

Identifying misconfigurations in Windows Domain environments.

  • Problem: Insecure GPO allowed for easy lateral movement.
  • Action: Used BloodHound and Kerberoasting to escalate privileges.
  • Outcome: Secured the environment by implementing least-privilege policies.
Specialties

Red Teaming

Web App Pentesting, SQL/NoSQL Injection, Nmap Scripting (NSE), Burp Suite.

Blue Teaming

Traffic Analysis (Wireshark), MITM Detection, Incident Reporting, SOC Analytics.