CV

CV

Download PDF version

Kathmandu, Nepal · sameepx2@gmail.com · samipp.com.np · github.com/maskop9 · linkedin.com/in/samip-pokharel

Summary

Offensive security specialist with 7+ years of experience across penetration testing, red team operations, exploit development, malware analysis, and adversary emulation. OSCP and OSEP certified, with hands-on experience delivering enterprise assessments, developing custom offensive tooling, and communicating complex attack paths to technical and executive stakeholders. Engagements span banking, fintech, healthcare, government, and corporate environments.

Experience

Offensive Security Consultant, StickmanCyber

Australia (Remote) · 2024-07 → Present

  • Led full-scope web, network, and Active Directory penetration tests for enterprise clients, covering scoping, threat modeling, exploitation, post-exploitation, reporting, and executive debriefs.
  • Designed and operated authorised red team infrastructure, including C2 servers, redirectors, payload delivery workflows, and phishing infrastructure for adversary emulation engagements.
  • Developed authorised red team tooling in C/C++ and C#/.NET for endpoint-control validation, including syscall-based execution, ETW-aware tradecraft, PPID spoofing, and process injection techniques.
  • Executed end-to-end adversary emulation engagements (initial access, lateral movement, privilege escalation, persistence) against APT-style scenarios to validate detection and response capabilities.
  • Authored technical and executive deliverables; led client debriefs translating complex attack chains and risk impact for both engineering teams and C-suite stakeholders.

Security Analyst II, Cotiviti

Kathmandu (Remote) · 2021-08 → 2024-07

  • Performed vulnerability assessments and Active Directory security reviews across enterprise environments, identifying critical misconfigurations, kerberoasting paths, and exploitable trust relationships.
  • Conducted secure code review and triaged Veracode SAST findings, validating exploitability and prioritizing remediation work for development teams.
  • Drove purple team exercises against SOC detections and the enterprise security stack (CrowdStrike, Splunk SIEM, Imperva WAF, ZScaler, Proofpoint, DarkTrace, Digital Guardian DLP), producing actionable detection-tuning guidance.
  • Partnered with the blue team to strengthen SOC playbooks, detection coverage, and incident response workflows.

Penetration Tester, Eminence Ways

Kathmandu, Nepal · 2018-12 → 2021-07

  • Delivered VAPT engagements for clients in banking, fintech, government, and corporate sectors, covering both web applications and network infrastructure.
  • Led offensive security research and development initiatives, building internal tooling, evaluating emerging techniques, and improving team capability across web, network, and exploit-focused assessments.
  • Performed incident response and malware analysis investigations for client environments under tight time constraints.
  • Mentored junior testers and trainees; delivered technical security training programs to government and corporate staff.

Education

Bachelor of Engineering (B.E.), Computer Science, Siddaganga Institute of Technology

Tumkur, India · 2014 → 2018 · CGPA 7.1

Certifications

  • OSEP, Offensive Security Experienced Penetration Tester, OffSec, May 2026, Credential ID 183305438
  • OSCP, OffSec Certified Professional, OffSec, March 2024, Credential ID 100121114
  • eWPTXv2, Web Application Penetration Tester Extreme, INE Security, November 2022, Credential ID 7755815
  • eCXD, Certified Exploit Developer, INE Security, July 2022, Credential ID 1444671
  • CAP, Certified AppSec Practitioner, The SecOps Group, January 2023, Credential ID 6910103
  • CSA, Certified SOC Analyst, EC-Council, April 2021, Credential ID ECC1973260845
  • ISO/IEC 27001, Information Security Associate, SkillFront, May 2021, Credential ID 02781930917511

Skills

Languages & Scripting: C, C++, C# / .NET, Python, PowerShell, Bash.

Offensive Security: Web, Network, and Active Directory penetration testing; red team operations and adversary emulation; purple teaming; phishing campaign design.

Red Team Tooling & Development: Custom C# / .NET tooling, PInvoke wrappers, reflective loaders, Cobalt Strike Beacon Object Files (BOFs), Aggressor scripts, payload delivery workflows, post-exploitation modules.

Tradecraft & Evasion: Direct and indirect syscalls (SysWhispers), process injection, ETW-aware execution, PPID spoofing, AMSI and AppLocker bypass, signed-binary abuse, sleep-mask techniques.

Exploit Development & Reverse Engineering: x86 / x64 reverse engineering, Windows and Linux exploit development (ASLR, DEP/NX, stack cookies, RELRO bypass), shellcoding.

C2 & Adversary Tooling: Cobalt Strike, Mythic, Sliver, Havoc, Metasploit, Evilginx, Gophish.

Post-Exploitation: BloodHound, Rubeus, Impacket, NetExec, Evil-WinRM, Responder, mitm6.

VAPT Tooling: Burp Suite Pro, Nmap, Nessus, Acunetix, OpenVAS.

Security Operations: Splunk SIEM, CrowdStrike EDR, Imperva WAF, ZScaler, Proofpoint, DarkTrace, Digital Guardian DLP, Veracode.

Honors & Awards

  • 2026, Star of the Team Award, PT Team (StickmanCyber). Recognized for exceptional performance, unwavering dedication, and outstanding contributions to organisational success.
  • 2023, Runner-Up, ThreatCon CTF (ThreatCon Nepal). Capture-the-Flag competition.
  • 2022, Runner-Up, ThreatCon CTF (ThreatCon Nepal). Capture-the-Flag competition.
  • 2020, Winner, NepHack CTF (NepHack). Capture-the-Flag competition.
  • 2019, Runner-Up, ThreatCon CTF (ThreatCon Nepal). Capture-the-Flag competition.
  • 2019, Bug Bounty Acknowledgments (Facebook · Xiaomi · Microworld Technologies). Recognized for responsible disclosure of security vulnerabilities.

Community & Volunteering

  • Co-Leader & Speaker, Hack The Box Nepal. Co-leading the Nepal community chapter; organizing meetups and delivering technical talks.
  • Speaker, OWASP Kathmandu Chapter. Delivered talks on offensive security and red team tradecraft.
  • Speaker, Pentester Nepal. Talks on penetration testing methodology and adversary emulation.