Profile

An exceptionally analytic individual with good experience in determining possible web/network exploits by looking deep into different server systems. Adept at running tests aimed at finding weaknesses and providing suggestions to overcome them. I have performed web-based penetration testing, researched and analyzed known hacker methodology, system exploits, and vulnerabilities. Created written reports, detailing assessment findings and recommendations. Provided occasional, assistance with the development and maintenance of internal systems and methodologies. have performed penetration testing on more than 50 financial institutions, private organizations & government organizations.

Work Experience

Organization	Designation	Year
Softwarica College of IT & E-commerce	Part-time Lecturer	2022 - Present
OWASP Nepal	Community Leader	2021 - Present
CryptoGen Nepal Pvt. Ltd.	Chief Technology Officer	2019 - Present
Pentester Nepal	Community Leader	2017 - Present
Eminence Ways Pvt. Ltd.	Senior Security Researcher	2016 - 2019

Notable Research And Findings

• Nepali Girl App - Trojan Analysis
• Bypassing eBay Cross-site Script Protection
• Facebook’s SVG Locky Ransomware Analysis
• Chain Exploitation Of Popular Forum Template “Q2A Themes”
• XSS on samy.pl (Samy Kamkar)
• LFI to 10 Servers Pwn

Achievements

• Acknowledged by ESET.
• Listed in eBay whitehat list.
• Secured 1st runner position in Nepal’s First Ethical Hacking Competition.
• Won “Web Sec CTF - 2017”
• Listed under Top 100 bounty hunter list of Yeswehack.io
• Inducted into the hall of fame by other few companies which are under bug bounty program of Yeswehack.io
• Certified Ethical Hacker - CEH Hall Of Fame (Finalist) - 2021

Coverage

Date	Media	Title
09 May 2023	Sushant Pradhan Podcast	Episode 148: Nirmal Dahal | Cyber Security, World of Hacking, Cyber Safety
11 Feb 2023	TechPana	खतरनाक ‘नेपाली गर्ल’ को सर्च अपरेसन
11 Feb 2023	Gorkha Patra	कमजोर साइबर सुरक्षा
19 December 2022	TechPana	‘नेपाली गर्ल’को नाममा यसरी फैलिँदैछ खतरनाक एपीके, जुनसुकै बेला रित्तिन सक्छ तपाईँको बैङ्क खाता
07 November 2022	TechPana	बङ्गलादेशदेखि अस्ट्रेलियासम्मका कम्पनीलाई सम्भावित साइबर आक्रमणबाट जोगाउने नेपाली स्टार्टअप
15 August 2022	Arthik Awaj	क्रिप्टोजेन नेपाल र डिजी पे बीच सहकार्य गर्ने सम्झौता
18 Jun 2022	Gadgets in Nepal	Talk show on Cyber Security in Nepal with Mr. Nirmal Dahal
8 May 2022	Nepal News	Have data breaches become common in Nepal?
7 December 2021	Nepal Watch	साइबर सुरक्षाको पहरेदार
11 August 2021	Online Khabar	Bug bounty hunting is growing among Nepali youth, but cybersecurity experts suggest caveats
7 April 2021	The Annapurna Express	Nepali state, organizations remain highly vulnerable to cyberattacks
23 March 2021	Online Khabar	10 things you should know about cybersecurity in Nepal
2021	Apple Podcast by Nepal Got Hacked	Nepal Got Hacked - S2Episode 1 - Attraction Towards Bounties And Infosec Development In Nepal
21 August 2020	Blinc Ventures	QuantumHack’s pre-event on Cyber Security Domain!!
22 April 2020	ICT Frame	Nepal To Organize Ethical Hackers Meetup
23 July 2019	The Kathmandu Post	Faceapp is a privacy nightmare, but Nepalis seem to be least bothered about it
30 July 2017	myRepublica	First Pentester Nepal (PTN) Meetup - 2k17 held in Kathmandu.
24 July 2017	myRepublica	Nepal, Vulnerable to cyber attacks.
3 July 2017	MNS Vmag	How Nepal’s ethical hackers protect the country’s cyberspace

Certifications

Certification	Issued On	Expires On	Validate
AWS Academy Educator	January 2023	January 22	Click Here
Certified AppSec Practitioner - Merit	January 2023	-	Certificate ID: 6902032
(ISC)² Candidate	November 2022	Never	Click Here
Certified in Cybersecurity℠ - CC	November 2022	-	-
Certified Ethical Hacker v10 - CEH (Master)	March 2021	March 2024	Click Here
Certified Ethical Hacker v10 - CEH (Practical)	March 2021	March 2024	Click Here
Certified Payment-card Industry Security Impalement - CPISI	July 2020	Never	Click Here
Certified Ethical Hacker v10 - CEH (ANSI)	June 2020	Jun 2023	Click Here
ICSI Certified Network Security Specialist - CNSS	May 2020	Never	Click Here
Network Security Expert 1 - NSE	April 2020	April 2022	Click Here
Network Security Expert 2 - NSE	April 2020	April 2022	Click Here
Cyber Security Foundation Professional Certificate - CSFPC	January 2020	January 2023	Click Here
CCNA Cyber Ops	April 2018	April 2021	Click Here

References

Links
https://soundcloud.com/nepal-got-hacked/attraction-towards-bounties-and-infosec-development-in-nepal
https://yeswehack.com/ranking?year=2017&period=Q1
https://nvd.nist.gov/vuln/detail/CVE-2021-3258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3258
https://www.cvedetails.com/cve/CVE-2021-3258/
https://onecovernepal.com/blog/10%20things%20you%20should%20know%20about%20cybersecurity%20in%20Nepal
https://www.intgovforum.org/multilingual/index.php?q=filedepot_download/7508/1757
https://himalsanchar.com/96714/
https://eventsnp.com/2020/08/30/quantumhack-largest-international-digital-hackathon/
https://www.ebay.com/securitycenter/ResearchersAcknowledgement.html
https://pages.ebay.com/securitycenter/security_researchers_acknowledgements.html
https://www.exploit-db.com/ghdb/4997
https://www.youtube.com/watch?v=8miyLD8y_vw
https://www.question2answer.org/qa/58520/important-q2a-ultimate-seo-important-update
https://www.quora.com/What-is-the-scope-of-ethical-hacking-in-Nepal
https://yifey.com/10-things-you-should-know-about-cybersecurity-in-nepal-1919.html
https://pentester.land/list-of-bug-bounty-writeups.html
https://systemweakness.com/facebook-svg-locky-ransomware-analysis-baa1b5d2d23a
https://www.techradiant.com/2020/01/25/xss-on-samy-pl-samy-kamkar/
https://www.cybersecuritywebtest.com/google-hacking-database/dork-ghdb~4997

Languages

• Nepali
• English
• Hindi