$ whoami

β–ΆPROFILE_DATA//initialized

I'm Sanjok Karki πŸ‘‹

$_
root@TheSanjok:~#cat about.me

>_ OffSec Engineer | Recon β€’ Exploit Dev β€’ Adversary Simulation. I move fast from signal to impact: automate recon, validate exploitability, and translate findings into fixes that stick. Since 2021, I've been recognized by Zoom, Amazon, Dell, NASA, the UN, Microsoft, and others for high-severity vulnerability disclosures.

β–ΆSECURITY_PHILOSOPHY
"Companies spend millions of dollars on firewalls, encryption, and secure access devices, and it's money wasted β€” none of these measures address the weakest link in the security chain."β€” Kevin Mitnick

Effective security begins with understanding how real attackers think and operate. My approach focuses on identifying practical failure points across people, processes, and technologyβ€”then working with engineering teams to reduce risk through clear, actionable remediation.

β–ΆSERVICE_MODULES

VAPT

Vulnerability Assessment & Penetration Testing

End-to-end security evaluation combining automated vulnerability scanning with deep manual penetration testing.

OWASP Top 10Network TestingAPI SecurityBlack/Gray/White Box

Code Review

Security Code Review

Line-by-line analysis of your codebase to identify security flaws and logic vulnerabilities.

Static AnalysisLogic FlawsSecure Coding

Red Team

Red Team Operations

Real-world adversary simulation to test your organization's defenses.

Social EngineeringAPT SimulationPost-Exploitation

Bug Bounty

Bug Bounty Consulting

Expert assistance in setting up and managing bug bounty programs.

Program SetupTriageCoordination
β–ΆTECHNICAL_ARSENAL[LOADED]

//Offensive Security

  • ➜Web Application Security Testing
  • ➜API Security Assessment
  • ➜Mobile Application Security (Android / iOS)
  • ➜Network & Infrastructure Security
  • ➜Cloud Security (AWS / Azure)
  • ➜Malware & Binary Analysis

//Reconnaissance & OSINT

  • ➜Attack Surface Management
  • ➜Passive & Active Reconnaissance
  • ➜Asset & Subdomain Discovery
  • ➜Cloud & GitHub Exposure Analysis

//Tooling & Arsenal

  • ➜Burp Suite Pro, Caido, ZAP
  • ➜Postman, Insomnia, GraphQL Playground
  • ➜Metasploit Framework, Wireshark
  • ➜Cobalt Strike
  • ➜Nessus, Acunetix
  • ➜Frida, Objection, MobSF, Drozer
  • ➜Ghidra, IDA Pro

//Development & Scripting

  • ➜Python (Exploit Development & Automation)
  • ➜Bash (Recon & Workflow Automation)
  • ➜Go (Security Tooling)
  • ➜C / C++ (Reverse Engineering)
  • ➜JavaScript (Client-Side & Logic Flaws)
  • ➜PHP (Server-Side Security Testing)
β–ΆLANG_CONFIG
NepaliNative
HindiNative
EnglishProfessional
β–ΆOFF_GRID
Night Solo RidesStreet BasketballHeavy LiftingUrban ExplorationChill Fishing SessionsDeep-Dive Books & Coffee
β–ΆINITIATE_CONTACT

Open to security consulting, research collaboration, and high-impact testing engagements.

$ ./connect.sh