Hacktivities
I like Hacking Activities
I find it fascinating to research and develop new things, participate in CTFs and engage in other cybersecurity activities and here are some of my notable hacktivities.
- R
Recognized among the Top 250 MSSPs globally by MSSP Alert
Worldwide
Being recognized among the worldโs top Managed Security Service Providers (MSSPs) is a testament to the trust we've earned and the dedication of our team. In 2023, CryptoGen Nepal was ranked 163rd in MSSP Alert's global rankings and in 2024, we climbed to 81st position. This achievement reflects our unwavering commitment to excellence, and we express our heartfelt gratitude to MSSP Alert for this recognition. - F
First International Conference as a Speaker - PyCon JP 2024
Japan
I have always believed and still do that Python is one of the most suitable languages for cybersecurity as it is used everywhere from exploit development to automation. Since people generally donโt think about this aspect much, I always wanted to highlight its importance. Finally, I got the opportunity to do so at PyCon JP 2024 and I express my gratitude to PyCon JP for this oppurtunity. - N
Nepali Girl - Trojan Analysis
Nepal
Nepali Girl is an Android trojan that spread in Nepal for over a month via the WhatsApp messaging platform. This sophisticated trojan is designed to steal sensitive information from victims' mobile devices, compromising their privacy and security. It is primarily delivered through WhatsApp messages containing malicious links or apps. Once installed, the trojan tricks victims into granting sensitive permissions through fake accessibility pages. After obtaining these permissions, the trojan can access SMS, calls, accounts, camera, contacts, microphone and storage, enabling it to perform further malicious actions like downloading additional malware, setting wallpapers, installing shortcuts and more. - T
Top 10 Ethical Hacker in The World by EC-Council
Worldwide
I was listed among the top 10 ethical hackers in the world by EC-Council, a renowned organization known for its prestigious certifications like Certified Ethical Hacker (CEH). This recognition was awarded in the second quarter of April 2021 by EC-Council itself. - F
Finalist - CEH Hall of Fame 2021
Worldwide
I was honored to be a finalist for EC-Council's prestigious CEH Hall of Fame in recognition of my skills and contributions to cybersecurity. This program celebrates Certified Ethical Hackers who excel in cybersecurity practices, uphold ethical standards and make a global impact. - M
My first CVE was officially assigned "CVE-2021-3258"
Worldwide
Question2Answer.org is the developer of Q2A, a platform similar to WordPress but specifically designed for Question and Answer forums like Stack Overflow. In 2017, I discovered a stored XSS vulnerability that could lead to account takeover. The issue was promptly fixed by the development team. However, considering its global usage, I obtained a CVE for this vulnerability in 2021, marking my first CVE assignment. - H
Honored with the ICT Startup Award in 2020
Nepal
At CryptoGen Nepal, we have always believed that robust cybersecurity is essential for organizations of all sizes. Our commitment to providing professional grade cybersecurity solutions has been unwavering since our inception. In recognition of our efforts, we were honored to receive the Startup ICT Award in 2020. ICT AWARD This accolade has further motivated us to continue our mission of safeguarding our clients' information from potential security threats. - F
Finding XSS on Samy Kamkar's Site
Worldwide
Samy Kamkar, a legendary figure in the world of security, has crafted his website in a way that makes it nearly impossible to even view the code, let alone find an XSS vulnerability. Yet, I managed to uncover one on his site, which felt like a huge achievement. Samy is a master in many areas of security, and finding a vulnerability on his site is something I will always cherish. He is the mastermind behind the MySpace XSS worm, the worldโs fastest-spreading JavaScript-based worm. The fact that I was able to find the same vulnerability on a legendโs site and contribute to securing it makes this discovery feel like a milestone in my own journey. - R
Released My first Google Hacking Database Dork
Worldwide
Google is full of information, and sometimes it can reveal sensitive data that could be exploited by bad actors. There are special search syntaxes known as 'dorks' By using Google Search efficiently, you can uncover valuable information within the search results. Exploit-DB, a repository for publicly known exploits, maintains the Google Hacking Database (GHDB). I submitted a Google search query, or 'Google dork' that could find sensitive information exposed on websites due to deployment misconfigurations that still works today. - T
Top 25 in YESWEHACK Platform
Worldwide
It was the first quarter of 2017 when one of Europe's earliest bug bounty platforms, BugBounty Factory (now called YesWeHack) had recently launched. I spent a significant amount of time on the platform and ranked among the Top 25 bug bounty hunters. - 1
1st Runner Up in HackBack CTF 2017
Nepal, Kathmandu University
HackBack, held as part of Kathmandu University's annual IT Meet in 2017 and organized by Rigo Technology, featured Nepal's first on-site CTF competition. I secured 1st Runner-Up in this prestigious event.