BIBEK DHUNGANA
Experienced Penetration Tester with a strong background in assessing Web Applications, Mobile Applications, APIs and Network Infrastructure. Passionate about Open-Source Intelligence (OSINT), Red Teaming, and Corporate Security Consulting.
SKILLS
Penetration TestingWeb Application SecurityMobile Application SecurityAPI SecurityNetwork SecurityOSINTActive Directory Penetration TestingSocial EngineeringCloud Security AssessmentsDark Web MonitoringRed TeamingVulnerability AssessmentBash ScriptingPython ScriptingTechnical Report WritingTechnical DebriefingLeadershipTeam BuildingProject Management
PROFESSIONAL EXPERIENCE
Offensive Security Consultant @ StickmanCyber
Nov 2025 - Present • 3 months • Remote (Contract)
- External Network Penetration Testing
- PCI Segmentation Testing
- Internal Network Penetration Testing
- Web Application Penetration Testing
- Active Directory Penetration Testing
- Technical Report Writing
Senior Offensive Security Engineer - Offensive Security @ Cryptogen Nepal Pvt Ltd
Oct 2024 - Apr 2025 • Nagpokhari, Kathmandu Nepal
- Carried out planning and execution of penetration testing engagements of web, mobile (Android) and network infrastructure
- Performed penetration testing including black-box and gray-box engagements targeting web, mobile (Android), and network infrastructure
- Documented and recorded findings and produced comprehensive reports including technical and executive reports
- Delivered presentations to technical teams and executives, presenting findings, impact, and recommendations
- Provided technical guidance and assistance to junior team members on test planning and tool usage
- Acted as primary point of contact with clients for ongoing engagements, coordinating retests and clarifying technical findings
Security Analyst - Offensive Security @ Cryptogen Nepal Pvt Ltd
Dec 2021 - Oct 2024 • Nagpokhari, Kathmandu Nepal
- Performed penetration testing including black-box and gray-box engagements targeting web, mobile (Android), and network infrastructure
- Conducted vulnerability discovery and exploitation using tools including Burpsuite, Nuclei, Nessus, Metasploit, Nmap, CrackMapExec and Frida
- Developed and delivered technical penetration testing reports detailing exploit chains, CVSS-based risk scoring, and proof-of-concept (PoC) exploits
- Researched and performed active directory penetration testing
- Researched and documented the latest exploitation techniques to uplift the organization VAPT methodologies
- Applied industry-standard penetration testing methodologies including OWASP and PTES (Penetration Testing Execution Standard) to ensure comprehensive and repeatable security assessments
CERTIFICATIONS
Certified Red Team Professional (CRTP)
Altered Security
Certified Ethical Hacker (Practical)
EC-Council
NSE 1 & 2 Network Security Associate
Fortinet
CNSS Certified Network Specialist
CNSS
CCNA R&S Bootcamp
Cisco
ACCOMPLISHMENTS
Acknowledged by Nokia, Dutch government, Iflix & ServiceNow for identifying & ethically reporting security vulnerabilities in their products.
EDUCATION
Bachelor's in Information Management
Asian School of Management & Technology
+2 Management Faculty
Ex Service Man Higher Secondary School
School Leaving Certificate
Sayapatri Secondary Boarding School