Upesh Bhujel

Penetration Tester & Security Specialist

Bagar, PKR
+977 9849599044
[email protected]
@bhujelupesh

PROFILE

Penetration Tester with over 3 years of hands-on experience in cybersecurity, specializing in web application security, infrastructure security, and cryptography. Skilled in identifying and exploiting vulnerabilities, with a strong foundation in networking, penetration testing methodologies, and threat analysis. Actively engaged in security research and offensive security practices, leveraging tools like Burp Suite, Metasploit, and Wireshark to assess and secure applications. Passionate about exploring AI-driven cybersecurity solutions and automation in penetration testing. Seeking opportunities to enhance technical expertise, contribute to security assessments, and strengthen cyber defense strategies in a dynamic environment.

SKILLS

Web Penetration Testing

Expertise in web security testing methodologies, including identifying OWASP Top 10 vulnerabilities, security policies, and access controls. Experienced in using tools like Burp Suite for comprehensive vulnerability assessments and web exploitation.

Web Security

Advanced understanding of Web Application Firewalls (WAFs), risk management strategies, and security best practices to secure web applications against evolving threats.

CTF Experience

Hands-on experience in participating in both online and offline Capture The Flag (CTF) competitions, applying penetration testing techniques and security concepts to real-world challenges and scenarios.

Networking Concepts

Strong knowledge of networking protocols and concepts, including routing, switching, NAT, IP addressing, DHCP, TCP/IP, and the OSI model, with practical experience in identifying and mitigating network vulnerabilities.

Cryptography

In-depth understanding of encryption algorithms, hashing techniques, and blockchain cryptography principles, with a focus on securing communications and data.

Tools & Technologies

Proficient in using a wide range of security tools such as Burp Suite, Wireshark, Metasploit, Packet Tracer, and Ghidra for security analysis, vulnerability testing, and exploit development.

Linux Server Security & Hardening

Extensive experience in securing and hardening Linux servers, applying security best practices, and ensuring system integrity through effective configurations and access control mechanisms.

Programming & Scripting

Skilled in programming languages like Python, C, and Bash, leveraging them for security automation, vulnerability exploitation, and system analysis.

EXPERIENCES

Penetration Tester & Security Instructor

July 2023 – Present
TheMisFitOfNightRaid
  • Lead comprehensive security assessments using industry-standard tools such as Nmap, Wireshark, Burp Suite, and Metasploit to perform reconnaissance, enumeration, and exploitation, identifying and mitigating vulnerabilities across diverse environments.
  • Actively participate in red team exercises, simulating real-world cyber threats to assess and improve security controls, providing actionable insights to strengthen defensive measures.
  • Deliver hands-on training sessions on Web Security and Penetration Testing, empowering learners with practical cybersecurity skills and helping them develop expertise in offensive security practices.
  • Spearheaded a cybersecurity awareness campaign, successfully attracting 20+ new members interested in security research, ethical hacking, and offensive security.
  • Conduct in-depth training on Linux Server Hardening, equipping participants with the skills needed to secure Linux-based infrastructures, protect against cyber threats, and implement effective access control mechanisms.
  • Organized and led a 48-hour Capture The Flag (CTF) competition, engaging 25+ participants from diverse technical backgrounds in real-time cybersecurity challenges, promoting collaboration and skill development in a competitive environment.
  • Provided in-depth training on cryptographic algorithms, emphasizing their applications in real-world systems and highlighting common security vulnerabilities.
  • Collaborated closely with development teams to integrate security best practices into the Software Development Lifecycle (SDLC), ensuring robust and secure application development and minimizing risks associated with vulnerabilities.

Cyber Security Intern

January 2023 – June 2023
TheMisFitOfNightRaid
  • Developed and optimized automated security scripts to streamline and enhance penetration testing and vulnerability assessment workflows, improving overall testing efficiency and effectiveness.
  • Spearheaded the design and curation of advanced CTF (Capture The Flag) challenges, fostering hands-on learning and practical cybersecurity experience for participants, with a focus on real-world attack scenarios.
  • Led the security team in penetration testing newly hardened servers and applications, identifying critical vulnerabilities, misconfigurations, and recommending strategic improvements for enhanced security.
  • Coordinated and executed security assessments on client-facing applications and internal systems, providing actionable insights and mitigation strategies.
  • Contributed significantly to online security labs and CTF competitions, demonstrating expertise in offensive security techniques and applying penetration testing methodologies in real-world contexts.

CERTIFICATION

Certified in Cybersecurity – ISC2

ADDITIONAL

As a key team member, I have contributed to web penetration testing for applications like Dozen and skillsewa.digital, owned by TheMisFitOfNightRaid and Skillsewa. I have worked on identifying security vulnerabilities and improving application security. Additionally, I have been actively involved in security sessions conducted by the company, sharing insights and assisting in knowledge transfer.