Available for Security Engagements

Breaking Systems.
Securing Futures.

Offensive Security Researcher, Penetration Tester, and Bug Hunter focused on discovering vulnerabilities before attackers do.

OM PRASAD POUDEL

(OPPOSIR)

opposir@kali:~
// ABOUT ME

Security Researcher

A passionate cybersecurity professional dedicated to finding vulnerabilities and strengthening digital defenses across the globe.

Who I Am

I'm Om Prasad Poudel, known in the security community as OPPOSIR. My journey into cybersecurity began with a curiosity about how systems workβ€”and how they can be broken.

Today, I specialize in offensive security, conducting penetration tests, vulnerability assessments, and red team operations for organizations worldwide. My mission is simple: find the weaknesses before malicious actors do.

When I'm not hunting bugs or breaking into systems (legally), you'll find me contributing to open-source security tools, participating in CTF competitions, and sharing knowledge with the security community.

Offensive Mindset

Think like an attacker to defend like a champion

Constant Vigilance

Security is a continuous process, not a destination

Ethical Approach

Responsible disclosure and ethical hacking practices

Rapid Response

Quick identification and remediation of threats

My Journey

2019

Started Security Journey

Began exploring ethical hacking and CTF competitions

2020

First Bug Bounty

Discovered first critical vulnerability in a major platform

2021

Professional Pentesting

Started conducting professional penetration tests

2022

Security Research

Published security research and obtained certifications

2023

Advanced Red Teaming

Expanded into advanced adversary simulation

2024

Continuing the Mission

Breaking systems and securing digital futures

// EXPERTISE

Attack Surface Map

A comprehensive overview of my security expertise and the areas where I excel at finding and exploiting vulnerabilities.

Web Application Security

95%

OWASP Top 10, XSS, SQLi, CSRF, SSRF

Network Security

90%

Network pentesting, packet analysis, firewall bypass

API Security

92%

REST, GraphQL, authentication flaws

Cloud Security

85%

AWS, Azure, GCP misconfigurations

Active Directory

88%

AD attacks, privilege escalation, Kerberos

Linux

93%

System hardening, privilege escalation

OSINT

87%

Reconnaissance, information gathering

Malware Analysis

80%

Static & dynamic analysis, reverse engineering

Vulnerability Assessment

94%

Scanning, reporting, risk assessment

Red Teaming

86%

Adversary simulation, social engineering

5+

Years Experience

500+

Vulnerabilities Found

100+

Security Assessments

50+

Happy Clients

// CREDENTIALS

Professional Certifications

Industry-recognized certifications that validate my expertise in offensive security and penetration testing.

eJPT

eLearnSecurity Junior Penetration Tester

INE Security

Network Pentesting
Web App Testing
Information Gathering

CEH

Certified Ethical Hacker

EC-Council

Ethical Hacking
Vulnerability Analysis
System Hacking

PNPT

Practical Network Penetration Tester

TCM Security

AD Attacks
Network Pivoting
Report Writing

Security+

CompTIA Security+

CompTIA

Security Concepts
Threat Analysis
Risk Management

OSCP

Offensive Security Certified Professional

Offensive Security

Advanced Pentesting
Exploit Development
Buffer Overflow

Currently pursuing additional certifications in advanced red teaming and cloud security.

// ARSENAL

Security Toolkit

The weapons of choice in my offensive security arsenal. Each tool mastered for maximum effectiveness.

πŸ”

Burp Suite

Web Testing

Web vulnerability scanner and proxy

🌐

Nmap

Network

Network discovery and security auditing

πŸ’»

Metasploit

Exploitation

Penetration testing framework

πŸ“‘

Wireshark

Network

Network protocol analyzer

πŸ•

BloodHound

Active Directory

AD attack path mapping

πŸ›‘οΈ

Nessus

Vulnerability

Vulnerability assessment scanner

πŸ“‚

Gobuster

Web Testing

Directory and DNS bruteforcing

⚑

FFUF

Web Testing

Fast web fuzzer

⚑

OWASP ZAP

Web Testing

Web app security scanner

πŸ—ΊοΈ

Amass

OSINT

Attack surface mapping

+50 more tools in my arsenal including custom scripts, exploits, and automation frameworks developed for specific engagements.

// PORTFOLIO

Featured Projects

Open-source security tools and frameworks I've developed to help the cybersecurity community and improve offensive security workflows.

Advanced Vulnerability Scanner

A comprehensive vulnerability scanning tool that automates the detection of security flaws across web applications, APIs, and network infrastructure.

PythonNmapSQLMapDocker

Web Recon Automation Framework

Automated reconnaissance framework that chains multiple tools for subdomain enumeration, port scanning, and technology fingerprinting.

BashPythonAmassNuclei

Threat Intelligence Dashboard

Real-time dashboard aggregating threat feeds, CVE data, and security news with automated alerting for relevant vulnerabilities.

ReactNode.jsMongoDBAPIs

OSINT Toolkit

Collection of open-source intelligence tools for gathering information from public sources, social media, and domain records.

PythonShodantheHarvesterMaltego

Internal Network Assessment Suite

Comprehensive toolkit for internal penetration testing including AD enumeration, credential harvesting, and lateral movement automation.

PowerShellPythonBloodHoundImpacket
// ACHIEVEMENTS

Bug Bounty Dashboard

A track record of responsible disclosure and helping organizations secure their digital assets through bug bounty programs.

0+

Vulnerabilities Found

0+

Reports Submitted

0

CVEs Assigned

0+

Hall of Fames

Hall of Fame

Google

Hall of Fame

2024

Microsoft

Security Researcher

2023

Meta

Bug Bounty Hunter

2023

Apple

Acknowledged

2022

Adobe

Hall of Fame

2022

PayPal

Security Researcher

2021

Vulnerability Severity

Critical45 bugs
High120 bugs
Medium200 bugs
Low135 bugs
Total Vulnerabilities500+
// KNOWLEDGE BASE

Security Research Blog

Sharing insights, techniques, and discoveries from the world of offensive security and penetration testing.

Web Security

Advanced SQL Injection Techniques in Modern Web Applications

Exploring sophisticated SQL injection attack vectors and how to identify and exploit them in contemporary web architectures.

Mar 15, 202412 min read
Read
Red Teaming

Breaking into Active Directory: A Red Teamer's Guide

Comprehensive walkthrough of Active Directory attack methodologies from initial foothold to domain dominance.

Feb 28, 202418 min read
Read
Cloud Security

Cloud Misconfigurations: The New Attack Surface

How attackers exploit common cloud misconfigurations in AWS, Azure, and GCP environments.

Feb 10, 202410 min read
Read
API Security

API Security Testing: Finding the Hidden Vulnerabilities

Deep dive into API security testing methodologies and common vulnerabilities in REST and GraphQL APIs.

Jan 22, 202414 min read
Read
// GAMIFIED LEARNING

Capture The Flag

Continuously sharpening skills through CTF competitions and hacking challenges on leading cybersecurity platforms.

🎯

TryHackMe

@OPPOSIR

Top 1%

0

Points

0

Rooms

0

Badges

Progress to next rank78%
πŸ“¦

Hack The Box

@OPPOSIR

Pro Hacker

0

Points

0

Machines

0

Challenges

Progress to next rank78%

Achievement System

0

CTFs Completed

0

Challenges Solved

0

Top 10 Finishes

0

First Bloods

Recent:Completed "HackTheBox - Certified Bug Bounty Hunter" path
// GET IN TOUCH

Let's Connect

Have a security concern? Need a penetration test? Want to collaborate? I'm always open to discussing new opportunities.

Location

Available Worldwide (Remote)

Response Time

Usually within 24 hours

Note:For urgent security matters or responsible disclosure, please include "[URGENT]" or "[SECURITY]" in your subject line.