✦ The Wizard's Chronicle ✦

About the Sorcerer

Ratthapong Sommanus · @sabastiaz

🦅
The Wizard's Identity
Who I Am

I am Ratthapong Sommanus, known as Sabastiaz Founder of Wowza Group, a cybersecurity community focused on both Red Team and Blue Team development, and a Cybersecurity Assessment Specialist at Bigfish Enterprise Limited.

My work centers on Penetration Testing, Red Teaming, and Vulnerability Management across web applications, enterprise networks, and Active Directory environments. I specialize in identifying realistic attack paths, demonstrating tangible impact, and translating complex technical findings into clear, business-aligned recommendations.

I collaborate closely with technical teams and executive stakeholders to strengthen security posture, enhance governance frameworks, and reduce operational risk through structured assessments and threat-informed methodologies.

🏛️
Community Founder
Wowza Group Red & Blue Team Community
🏢
Current Role
Cybersecurity Assessment Specialist · Bigfish Enterprise
🎯
Primary Discipline
Penetration Testing / Red Teaming / Vuln Management
🌐
Scope
Web Apps · Enterprise Networks · Active Directory
📜
Published On
Medium — @sabastiaz
Offensive Disciplines
Offensive Focus

Specializing in chaining misconfigurations inside enterprise networks to simulate realistic attack paths.

Active Directory Compromise & Abuse
Privilege Escalation & Lateral Movement
Kerberos Attacks — Kerberoasting / DCSync
BloodHound Attack Path Analysis
Enterprise Vulnerability Exploitation
The Ritual Lifecycle
Attack Methodology
I
Initial Access
II
Enumeration & Attack Surface Mapping
III
Credential Extraction
IV
Privilege Escalation
V
Lateral Movement
VI
Domain Compromise
VII
Impact Analysis & Executive Reporting
The Grimoire Archives
Featured Research
📌
Active Directory Recycle Bin Abuse
📌
Full Domain Compromise Case Study
📌
Enterprise AD Misconfiguration Patterns
📌
CPTS Offensive Journey
Ancient Orders & Seals
Certifications
Offsec Experienced Penetration Tester (OSEP)
Offsec Certified Professional (OSCP)
Certified Penetration Testing Specialist (CPTS)
Certified Red Team Operator (CRTO)
Certified Active Directory Pentesting eXpert (C-ADPenX)
Junior Penetration Tester Certified (PT1)
Certified Red Team Infra Dev (CRT-ID)
Certified Red Team Analyst (CRTA)
Certified Ethical Hacker (CEH)
Tenable Vulnerability Management Specialist Certified
The Dark Archives
Case Study Highlight
Enterprise Assessment
Active Directory Internal Assessment
Foothold DACL Privilege Escalation Domain Admin

Structured attack-chain documentation with executive-ready reporting, demonstrating full domain compromise from initial foothold.

🦉
Engagement

For enterprise red team simulations, Active Directory security assessments, or technical collaboration — dispatch your owl to the Owlery.

Send Owl Post →