$ whoami
Leng Phirun
Assistant Lead (Adversary) & Penetration Tester
An enthusiastic cybersecurity professional with hands-on experience in vulnerability assessment, penetration testing, and red teaming. Passionate about uncovering vulnerabilities and strengthening security measures.
# About Me
I am an Assistant Lead (Adversary) at Veilron Technologies with over 3 years of hands-on experience in the cybersecurity field. My work focuses on vulnerability assessment, penetration testing, and red teaming across networks, web applications, mobile apps, Active Directory, and APIs.
I'm passionate about uncovering vulnerabilities and strengthening security measures, with a keen interest in staying updated with the latest industry trends. Known for a proactive attitude, attention to detail, and the ability to collaborate effectively with teams.
Outside of work, I enjoy participating in CTF competitions, researching new tools and techniques, and continuously growing within the cybersecurity landscape.
# Skills
// VAPT & Red Teaming
// Security Operations
// Key Competencies
// Methodologies
# Certifications
OSCP
OffSec
CertifiedCRTA
CyberWarFare Labs
Nov 2025CREST CRT
CREST
Aug 2025CREST CPSA
CREST
Aug 2025PT1 Certificate
TryHackMe
Jun 2025API Pentesting
APIsec University
Oct 2024CC
ISC2
CertifiedB.Sc. Computer Science
Royal University of Phnom Penh
Graduated# Experience
Assistant Lead (Adversary)
Veilron Technologies // Hybrid, Phnom Penh
Leading adversary simulation engagements, overseeing VAPT operations, red teaming assessments, and mentoring team members. Coordinating internal and external team efforts on security projects.
Information Security Engineer
Veilron Technologies // Hybrid, Phnom Penh
Vulnerability Assessment and Penetration Testing across Network, Web, Mobile, Active Directory, and API. Red Teaming assessments, configuration reviews, reporting, and project management.
IT Security
Foreign Trade Bank of Cambodia // Full-time, Onsite
Security training awareness, SIEM administration, vulnerability assessments, privilege access control (PAM), and asset management.
IT Support Technician
Women's Media Centre of Cambodia // Full-time, Onsite
Provided general IT support, maintained reliable network connections, managed mail systems, and assisted with IT policy implementation.
# Projects & Writeups
Internal Network Pentest Toolkit
Custom scripts and automation tools developed for internal network penetration testing engagements, including AD enumeration, lateral movement helpers, and post-exploitation utilities.
View on GitHub →HackTheBox Machine Writeups
Detailed writeups covering exploitation methodology, privilege escalation techniques, and lessons learned from various HackTheBox machines across different difficulty levels.
View Profile →Web Application Security Research
Ongoing research into modern web application vulnerabilities including authentication bypasses, API security flaws, and emerging attack vectors against cloud-native applications.
View on GitHub →# CTF & Security Labs
HackTheBox
app.hackthebox.comActive member on HackTheBox, tackling machines and challenges across various difficulty levels. Practicing real-world offensive techniques in a controlled lab environment.
View Profile →TryHackMe
tryhackme.comCompleted learning paths and challenges on TryHackMe, earning the PT1 Certificate. Focused on penetration testing, privilege escalation, and web exploitation techniques.
View Profile →CTF Competitions
Capture The FlagRegular CTF participant with experience in web exploitation, reverse engineering, cryptography, and binary exploitation challenges. Continuously sharpening offensive skills through competition.
GitHub →# Contact
Interested in working together or have a security concern? Feel free to reach out. I'm always open to discussing new opportunities, collaborations, or security challenges.