Skip to content
View biplavbhandari's full-sized avatar
6 followers · 5 following

Achievements

Achievement: Pull Shark

Achievements

Achievement: Pull Shark

Highlights

  • Pro

Organizations

@EddieHubCommunity

Block or report biplavbhandari

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
biplavbhandari/README.md

Hey, I'm Biplav πŸ‘‹

Cybersecurity & Networking | Pentesting Β· Bug Bounty Β· Cloud Β· IoT

LinkedIn X Upwork

I break things to understand how they work β€” then build them back stronger. Based in Kathmandu πŸ‡³πŸ‡΅, I focus on offensive security and web application pentesting, with hands-on experience in cloud infrastructure and IoT systems.

πŸ” What I'm Working On

  • Grinding through PortSwigger Web Security Academy labs (Access Control, Auth, SQLi)
  • Building toward bug bounty on HackerOne & Bugcrowd
  • Exploring real-world recon workflows and automation

πŸš€ Projects

ShopSafe β€” Web App Penetration Test

Built a deliberately vulnerable e-commerce app, then pentested it end-to-end.

  • Exploited IDOR, broken authentication, missing RBAC, and information disclosure
  • Full grey-box pentest documented across all 7 phases of the Cyber Kill Chain
  • Node.js SQLite Docker Burp Suite Nmap Gobuster

Multi-Threat IoT Room Security Monitor

Cloud-connected IoT security system deployed on AWS EC2.

  • ESP32 β†’ MQTT β†’ Python subscriber β†’ InfluxDB β†’ Grafana dashboard β†’ SNS alerts
  • Infrastructure provisioned with AWS CloudFormation
  • ESP32 Python Docker MQTT InfluxDB Grafana AWS EC2 SNS

Gym Membership Management System

Full desktop GUI in Java with OOP architecture and real-time duplicate detection.

  • Java Swing OOP File I/O

πŸ› οΈ Tools & Stack

Security

Burp Suite Kali Linux Nmap Wireshark OWASP

Dev & Cloud

Python Java Bash Docker AWS Linux

πŸ“– Currently Learning

PortSwigger Web Security Academy  β†’  Access Control Β· Business Logic Β· SQLi
HackerOne                         β†’  Recon Β· Subdomain enumeration Β· Real targets

Always down to collaborate on security research, CTFs, or open source β€” reach out anytime.

Pinned Loading

  1. GymMembershipSystem GymMembershipSystem Public

    Java

  2. room-security-monitor room-security-monitor Public

    This is my first attempt to learn AWS using IOT devices like ESP32

    Python

  3. shopsafe-vapt shopsafe-vapt Public

    Vulnerable and hardened Node.js web app β€” full grey-box VAPT across 7 phases of the Cyber Kill Chain

    JavaScript