Home About
About
Cancel

About

NIRAJ KHAREL | CRTO | CRTP

[email protected]
Kathmandu, Nepal

PROFESSIONAL SUMMARY

Experienced penetration tester with over 4 years of work exposure in Offensive side of Cyber Security. Has performed Security Assessment on more than 50 different national and international organizations including Financial Institutions, Government Bodies, Private Limiteds,Payment Gateways and INGOs.

SKILLS

  • Web, Network and Mobile Application VA and Exploitation.
  • Simulation Environment Development for Hacking
  • Active Directory Pentesting
  • Social Engineering attacks
  • Dark Web Monitoring
  • Reverse Engineering (Android and iOS application)
  • Mobile application (SAST and DAST)
  • Intermediate Python, Java programming
  • Run Time application manipulations with Frida, Objections
  • Leadership, Team Building and Management.
  • Presentations
  • Project Management
  • Point of Contact

WORK HISTORY

Offensive Security Consultant | StickmanCyber Pty. Ltd. - Sydney (Remote) 06/2023 - Current

  • Carry out mobile application penetration testing (iOS/Android).
  • Carry out web application penetration testing.
  • Carry out external and internal network penetration testing.
  • Network segmentation testing.
  • Perform Red Team Engagements.
  • Vulnerability discussion and mitigation strategies with clients.
  • Assist and guide team members.
  • Technical review of the report.

Offensive Security Team Lead, Cryptogen Nepal Pvt. Ltd – Kathmandu, Bagmati 03/2022 – Current

  • Author project plans for different Security Assessments like VAPT, Red Team, Dark Web and Brand Monitoring.
  • Lead, Co-ordinate and perform VAPT on Web, Mobile and Networks.
  • Team Recruit, interviews, task assignments and review before enrollment.
  • Task Assignments, briefings to team members.
  • Keep track of all current projects, with a formal document control.
  • Point of Contact for any ongoing Offensive Security projects.
  • Adherence to the overall Policies of the company and standard testing guidelines like OWASP, PTES.

Penetration Tester, Cryptogen Nepal Pvt. Ltd. – Kathmandu, Bagmati 12/2020 - Current

  • Performed assessments focused on Offensive side of security (VAPT).
  • Collaborated with external vendors to perform penetration tests on network devices, web and mobile applications.
  • Developed penetration testing reports to identify threats and vulnerabilities.
  • Provided webinars about Vulnerability Assessment, Android and iOS penetration testing.
  • Researched about different programming languages like Python, Java, Dart, JavaScript for source code analysis.
  • Researched and performed Active Directory Penetration Testing.

Cyber Security Analyst Intern, Cryptogen Nepal Pvt. Ltd. – Kathmandu, Bagmati 06/2020 – 11/ 2020

  • Research about Cyber Security Terminologies.
  • Research about different Security Assessment like Vulnerability Assessment and Penetration Testing (VAPT), Red Teaming, Server Hardening, Dark Web Monitoring, Brand Monitoring.
  • Perform VAPT on simulated environment and prepare a report.
  • Research on Web, Mobile and Network based attack vectors.
  • Practice Labs (HackTheBox, TryHackMe).
  • Research on Android and iOS application penetration testing.

EDUCATION

Islington College | London Metropolitan University – Kathmandu 03 /2022
BSc (Hons) Computer Networking and & IT Security: Cyber Security

Kankai Adarsha Awasiya Campus – Birtamode 05, Jhapa 04/ 2018
Higher Secondary: Science

Saraswati Angels’ English School – Birtamode 07, Jhapa 04/2016
School Leaving Certificate (SLC)

CERTIFICATIONS

Certified Red Team Operator (CRTO)
Certified Red Team Professional (CRTP)
Certified Ethical Hacker (Practical)
Tenable.io Certificate of Proficiency
Autopsy Forensic Basics
ICSI | CNSS Certified Network Security Specialist
Cyber Security Foundation Professional Certificate – CSFPC

AWARDS

Employee of the Year 2078/79 BS (2021/22 AD) – Cryptogen Nepal Pvt. Ltd.

ACCOMPLISHMENTS

Thanked and acknowledged by Red Hat for finding Security Vulnerability

EVENTS

Speaker at Pentester Nepal 8th Anniversary

  • Talked about the VAPT of Android Applications

Speaker at Pentester Nepal 9th Anniversary

  • Talked about the VAPT of iOS Applications

Speaker at Digiversity Program organized by Digital Network Solutions Pvt. Ltd.

  • Talked about Vulnerability Assessment and its Hands on.

RESEARCHES

Active Directory Pentesting research and notes

  • https://github.com/nirajkharel/AD-Pentesting-Notes

Mobile Application Pentesting research and notes

  • https://github.com/nirajkharel/NotJustAChecklist
  • https://nirajkharel.com.np
  • https://medium.com/@nirajkharel
  • https://www.linkedin.com/in/nirajkharel/
  • https://github.com/nirajkharel