I’m Samip, an offensive security specialist with seven plus years across penetration testing, red team operations, malware development, and exploit research.

Most of my time goes into full-scope offensive engagements: scoping and executing web, network, and Active Directory assessments, planning and emulating APT-style red team operations, and standing up the infrastructure that makes those operations work (C2, redirectors, phishing pipelines). The corner of the craft I enjoy most is the loader code: writing C/C++ and C#/.NET payloads that side-step modern EDR through direct and indirect syscalls, ETW patching, AMSI and AppLocker bypass, PPID spoofing, and process injection. Recently passed the OSEP exam, which sharpened a lot of this end to end.

When I’m not on a client engagement I’m usually deep in Windows internals, reverse engineering, or building custom tooling, Beacon Object Files, Aggressor scripts, post-exploitation modules, the occasional sleep-mask experiment. CTFs are a permanent fixture too: runner-up at ThreatCon 2023, 2022, and 2019; winner of NepHack 2020. Along the way I’ve been acknowledged by Facebook, Xiaomi, and Microworld for responsible disclosures.

Outside the keyboard I co-lead Hack The Box Nepal and speak at OWASP Kathmandu and Pentester Nepal whenever the chapters meet up.

I’m always interested in conversations about red team tradecraft, EDR evasion, Windows internals, and exploit development. Reach out by email or connect on LinkedIn.

Recognition

• 2026 — Star of the Team Award (PT Team), StickmanCyber.
• 2023, 2022, 2019 — Runner-Up, ThreatCon CTF.
• 2020 — Winner, NepHack CTF.
• Bug bounty — Acknowledgments from Facebook, Xiaomi, and Microworld Technologies.

Certifications

• OSEP, Offensive Security Experienced Penetration Tester, OffSec, May 2026
• OSCP, OffSec Certified Professional, OffSec, March 2024
• eWPTXv2, Web Application Penetration Tester Extreme, INE Security, November 2022
• eCXD, Certified Exploit Developer, INE Security, July 2022
• CAP, Certified AppSec Practitioner, The SecOps Group, January 2023
• CSA, Certified SOC Analyst, EC-Council, April 2021
• ISO/IEC 27001, Information Security Associate, SkillFront, May 2021