About

About

BIBEK DHUNGANA

dhunganabibek28@gmail.com | Kathmandu, Nepal

Experienced Penetration Tester with 4+ years of hands-on experience performing security assessments across national and international organizations. Specialized in Web Application, Mobile (Android), Network, and Active Directory penetration testing. Passionate about Red Teaming, OSINT, Cloud Security, and AI Security research.

Skills

  • Web, Mobile (Android), API, and Network Penetration Testing
  • Active Directory Attacks
  • OSINT and Dark Web Monitoring
  • Social Engineering and Phishing Simulations
  • PCI DSS Segmentation Testing
  • Vulnerability Assessment
  • Python and Bash Scripting
  • Technical and Executive Report Writing
  • CVSS-based Risk Scoring and PoC Documentation

Work History

Offensive Security Consultant | StickmanCyber — Remote (Contract) Nov 2025 – Present

  • Conduct external and internal network penetration testing engagements
  • Perform PCI DSS segmentation testing and Active Directory assessments
  • Deliver web application penetration tests and comprehensive technical reports

Senior Offensive Security Engineer | Cryptogen Nepal Pvt. Ltd. — Kathmandu, Nepal Oct 2024 – Apr 2025

  • Led planning and execution of web, mobile (Android), and network penetration testing engagements
  • Produced technical and executive reports with full exploit chains and remediation guidance
  • Delivered findings to technical teams and C-suite executives
  • Mentored junior engineers on test planning, tooling, and methodology
  • Acted as primary client liaison, coordinating retests and technical clarifications

Security Analyst — Offensive Security | Cryptogen Nepal Pvt. Ltd. — Kathmandu, Nepal Dec 2021 – Oct 2024

  • Performed black-box and grey-box penetration testing across web, mobile, and network infrastructure
  • Exploited vulnerabilities using Burpsuite, Nuclei, Nessus, Metasploit, CrackMapExec, and Frida
  • Developed CVSS-based risk-scored reports with detailed PoC exploits and remediation steps
  • Researched and implemented Active Directory attack techniques to uplift team VAPT methodology
  • Applied OWASP and PTES frameworks to ensure consistent, repeatable assessments

Education

Bachelor’s in Information Management | Asian School of Management & Technology — Kathmandu, Nepal

+2 Management Faculty | Ex Service Man Higher Secondary School — Nepal

Certifications

  • Certified Red Team Professional (CRTP) — Altered Security
  • Certified Ethical Hacker – Practical (CEH Practical) — EC-Council
  • NSE 1 & 2 Network Security Associate — Fortinet
  • CNSS Certified Network Security Specialist — CNSS
  • CCNA Routing & Switching Bootcamp — Cisco

Accomplishments

  • Acknowledged by Nokia, Dutch Government, Iflix, and ServiceNow for identifying and responsibly disclosing security vulnerabilities through bug bounty and coordinated disclosure programs