$ whoami

PROFILE_DATA//initialized

I'm Sanjok Karki 👋

$_
root@TheSanjok:~#cat about.me

>_ OffSec Engineer | Recon • Exploit Dev • Adversary Simulation. I move fast from signal to impact: automate recon, validate exploitability, and translate findings into fixes that stick. Since 2021, I've been recognized by Zoom, Amazon, Dell, NASA, the UN, Microsoft, and others for high-severity vulnerability disclosures.

SECURITY_PHILOSOPHY
"Companies spend millions of dollars on firewalls, encryption, and secure access devices, and it's money wasted — none of these measures address the weakest link in the security chain."— Kevin Mitnick

Effective security begins with understanding how real attackers think and operate. My approach focuses on identifying practical failure points across people, processes, and technology—then working with engineering teams to reduce risk through clear, actionable remediation.

SERVICE_MODULES

VAPT

Vulnerability Assessment & Penetration Testing

End-to-end security evaluation combining automated vulnerability scanning with deep manual penetration testing.

OWASP Top 10Network TestingAPI SecurityBlack/Gray/White Box

Code Review

Security Code Review

Line-by-line analysis of your codebase to identify security flaws and logic vulnerabilities.

Static AnalysisLogic FlawsSecure Coding

Red Team

Red Team Operations

Real-world adversary simulation to test your organization's defenses.

Social EngineeringAPT SimulationPost-Exploitation

Bug Bounty

Bug Bounty Consulting

Expert assistance in setting up and managing bug bounty programs.

Program SetupTriageCoordination
TECHNICAL_ARSENAL[LOADED]

//Offensive Security

  • Web Application Security Testing
  • API Security Assessment
  • Mobile Application Security (Android / iOS)
  • Network & Infrastructure Security
  • Cloud Security (AWS / Azure)
  • Malware & Binary Analysis

//Reconnaissance & OSINT

  • Attack Surface Management
  • Passive & Active Reconnaissance
  • Asset & Subdomain Discovery
  • Cloud & GitHub Exposure Analysis

//Tooling & Arsenal

  • Burp Suite Pro, Caido, ZAP
  • Postman, Insomnia, GraphQL Playground
  • Metasploit Framework, Wireshark
  • Cobalt Strike
  • Nessus, Acunetix
  • Frida, Objection, MobSF, Drozer
  • Ghidra, IDA Pro

//Development & Scripting

  • Python (Exploit Development & Automation)
  • Bash (Recon & Workflow Automation)
  • Go (Security Tooling)
  • C / C++ (Reverse Engineering)
  • JavaScript (Client-Side & Logic Flaws)
  • PHP (Server-Side Security Testing)
LANG_CONFIG
NepaliNative
HindiNative
EnglishProfessional
OFF_GRID
Night Solo RidesStreet BasketballHeavy LiftingUrban ExplorationChill Fishing SessionsDeep-Dive Books & Coffee
INITIATE_CONTACT

Open to security consulting, research collaboration, and high-impact testing engagements.

$ ./connect.sh