Available for security engagements

Hi, I'm Abhinab Shrestha

> Penetration Tester

I break things so they can't be broken in the wild. As a Penetration Tester at Biz Serve IT Pvt. Ltd., Lalitpur, I assess web applications, mobile apps, and APIs — uncovering vulnerabilities, validating real-world impact, and helping teams ship more secure software.

View My Work Get in Touch

Web

App Pentesting

Mobile

Android Security

API

Security Testing

abhinab@kali: ~/recon

$ whoami

abhinab_shrestha — penetration tester

$ cat profile.txt

role : Cyber Security Researcher

company : Biz Serve IT Pvt. Ltd.

location : Lalitpur, Nepal

focus : web · mobile · api · bug bounty

$ ./scan --target self

[+] status: ready to secure your stack

$

What I Do

Security Expertise

Offensive security services focused on finding what attackers would — before they do.

Web App Pentesting

End-to-end testing of web applications against OWASP Top 10 — auth flaws, IDOR, injection, SSRF, access control, and business-logic abuse.

Mobile Security

Android app assessments following MASVS/MASTG — static & dynamic analysis, insecure storage, IPC abuse, and runtime instrumentation with Frida.

API Security Testing

REST/GraphQL API assessments — broken object-level authorization, mass assignment, rate-limit bypass, and token/JWT weaknesses.

Bug Bounty & Research

Vulnerability research and responsible disclosure — reconnaissance, exploit development, and clear, reproducible impact-driven reports.

Toolkit

Skills & Arsenal

The tools and techniques I reach for across an engagement.

// Recon & Discovery

Nmap Subfinder Amass ffuf httpx Nuclei

// Web Exploitation

Burp Suite sqlmap OWASP ZAP XSStrike

// Mobile & Reversing

Frida Objection MobSF jadx apktool Ghidra

// Network & Post-Ex

Metasploit Wireshark Hashcat Hydra

// Languages & Scripting

Python Bash JavaScript SQL C

// Frameworks & Standards

OWASP Top 10 OWASP MASVS MASTG WSTG CVSS

Background

Experience & Education

Experience

Present

Penetration Tester

Biz Serve IT Pvt. Ltd., Lalitpur — Performing security assessments of web, mobile, and API targets; identifying, exploiting, and reporting vulnerabilities with actionable remediation guidance.

Ongoing

Independent Security Researcher

Vulnerability research and bug bounty hunting — reconnaissance, exploitation, and responsible disclosure of real-world security issues.

Education & Involvement

Graduate

B.Sc. Computer Science & Information Technology

St. Xavier's College, Maitighar, Kathmandu — Completed.

Community

LOCUS 2025 Ambassador

IOE Pulchowk Engineering Campus — Representing and promoting one of Nepal's largest tech events.

Community

Member — SXC Collabrain (IT Club)

St. Xavier's College — Collaborating on technology and security initiatives.

Certifications

eJPT

eLearnSecurity Junior Penetration Tester — INE Security

CRTA

Certified Red Team Analyst — CyberWarFare Labs

PT1 — Jr Penetration Tester

TryHackMe — Penetration Testing Pathway

Research

Focus Areas & Projects

Where I spend my time digging — and where you'll find my write-ups and tooling.

WEB

Web Application Security

Hunting access-control flaws, injection, SSRF and business-logic bugs across modern web stacks.

View on GitHub

MOBILE

Android App Security

Reverse engineering and runtime analysis of Android apps — bypasses, insecure storage, and IPC abuse via MASTG methodology.

View on GitHub

RESEARCH

Bug Bounty Write-ups

Documenting vulnerability research, methodology, and proof-of-concepts for the security community.

View on GitHub

Get in Touch

Let's Work Together

Have an app or system that needs testing, or a security question? Drop me a message.

Email

[email protected]

Location

Lalitpur, Nepal

abhinab-shrestha

GitHub

@Abhinab433