About

About Wathsala Dewmina (PwnedCake) - Offensive Security Researcher

Introduction

Hey there! I’m Wathsala Dewmina, a cyber security enthusiast with a deep passion for breaking things to make them stronger. My focus lies in enterprise-level internal security, particularly Active Directory ecosystems where the real battles are fought. I spend my days hunting for privilege escalation paths, identifying misconfigurations, and mapping lateral-movement opportunities within complex network infrastructures.

I believe that true security isn’t about building higher walls it’s about understanding how attackers think, move, and exploit. Through red teaming, internal and external penetration testing, and detection-evasion techniques, I help organizations secure what matters most: their core infrastructure.

When I’m not researching the latest attack vectors or developing proof-of-concept exploits, you’ll find me competing in CTF challenges, contributing to the security community, and constantly pushing the boundaries of what I know.

Areas of Expertise

  • Active Directory & Windows Domain Security - Deep understanding of AD attack paths and defensive strategies
  • Internal Network Penetration Testing - Simulating real-world attacks to identify critical vulnerabilities
  • Privilege Escalation & Lateral Movement - Exploiting misconfigurations to demonstrate risk impact
  • Malware Development - Crafting custom payloads for red team operations
  • Detection Evasion - Bypassing EDR, AV, and monitoring solutions
  • Security Hardening - Implementing robust defensive measures
  • AI Red Teaming (LLM Security) - Exploring vulnerabilities in AI systems

Certifications

  • CPTS - Certified Penetration Testing Specialist
  • eJPT - eLearnSecurity Junior Penetration Tester
  • PT1 - Junior Penetration Tester
  • CRTA - Certified Red Team Analyst
  • AD-RTS (CyberwarfareLabs) Certified AD Ream Team Specialist
  • Professional Certificate in Cyber Security- IIT
  • Network Administrator- Professional Certificate in Network and System Administration- IIT
  • Android Bug Bounty Hunting, EC-Council
  • Certified Red Team Professional (CRTP) - READING

Projects

Coming soon - This section will showcase my technical projects, research, and contributions to the security community.

Experience

Cyber Security Consultant (Freelance)

Legion Offensive Security | Oct 2024 – Present

  • Conducted penetration testing and vulnerability assessments across web applications, networks, and Active Directory environments, identifying critical security flaws and misconfigurations.
  • Designed and executed Capture The Flag (CTF) challenges covering web exploitation, privilege escalation, reverse engineering, and cryptography to simulate real-world attack scenarios.
  • Researched and developed new offensive security techniques and tools to enhance testing methodologies and improve client assessment workflows.

CTF Player

HackTheBox / TryHackMe / Other | Oct 2021 – Present

  • Ranked among Top 3 Players in Sri Lanka - Maintained a leading position on the HackTheBox leaderboard
  • Diverse Expertise Across Categories - Proficient in Active Directory exploitation, web vulnerabilities, reverse engineering, binary exploitation, cloud security, and more
  • Hard-core Problem Solver - Known for methodically tackling hard and insane-level machines and challenges with precision and persistence

Let’s Connect

I’m always open to discussing new opportunities, collaborating on security research, or just geeking out about the latest vulnerabilities. Strong believer in continuous learning, certifications, and community knowledge sharing.

“The best defense is understanding the offense.”