Security Researcher & Bug Hunter  Β·  @ox033

NirmalShrestha

// Curious mind. Offensive mindset. Defensive knowledge.

Cybersecurity enthusiast from Kathmandu, Nepal, focused on web application security, bug bounty hunting, and responsible disclosure. Where there is curiosity, there is a way of learning.

Get In Touch β†— Read My Blog β†’
3+Blog Posts
3Certifications
1Hall of Fame
πŸ‡³πŸ‡΅Kathmandu
NS
Nirmal Shrestha
@ox033
01 β€” About Me

Who am I?

I'm Nirmal Shrestha, a cybersecurity practitioner from Kathmandu, Nepal with a deep passion for web application security, vulnerability research, and bug bounty hunting.

My journey is driven by an insatiable curiosity β€” I believe that understanding how systems break is the first step to making them unbreakable. I specialise in identifying logic flaws, race conditions, and authentication bypasses that traditional scanners miss.

When I'm not hunting bugs, I write about my findings on Medium to share knowledge with the security community.

"Where there is Curiosity there is a way of learning β€” that's why I am a curious person."

What I focus on:

My research centres around web application vulnerabilities β€” particularly race conditions, response manipulation, and business logic flaws. I enjoy digging into how modern web applications handle concurrent requests and authentication flows.

I participate in CTF competitions to sharpen my offensive skills and stay current with emerging attack techniques. Every challenge is an opportunity to learn something new about how systems can be exploited β€” and subsequently hardened.

Currently: Actively participating in bug bounty programs on HackerOne and Bugcrowd while pursuing advanced certifications in penetration testing.

02 β€” Technical Skills

What I do.

πŸ•ΈοΈ
Web App Pentesting
Deep-dive testing of web applications for OWASP Top 10 and beyond β€” logic flaws, auth bypasses, injection attacks.
Burp SuiteOWASPSQLiXSS
🏁
Bug Bounty Hunting
Hunting vulnerabilities on HackerOne and Bugcrowd. Specialising in race conditions and response manipulation.
HackerOneBugcrowdRecon
⚑
Race Conditions
Identifying and exploiting race conditions in concurrent systems β€” from TOCTOU to limit-override vulnerabilities.
ConcurrencyTOCTOUTiming
πŸ”
Reconnaissance
Passive and active recon using OSINT tools to map attack surfaces before engagement.
SubfinderAmassShodan
πŸ“
Vulnerability Research
Researching and documenting novel attack vectors and writing clear proof-of-concept reports for responsible disclosure.
CVEPoCDisclosure
🚩
CTF Competitions
Web, crypto, and forensics challenges. Constant learning through competition to build offensive skill depth.
TryHackMeHackTheBoxPicoCTF
03 β€” Experience

Journey so far.

2024 β€” Present
Independent Security Researcher
// Bug Bounty Β· HackerOne Β· Bugcrowd
Actively hunting bugs across multiple public and private programs. Focused on web application vulnerabilities including race conditions, IDOR, authentication flaws, and business logic bypasses. Responsible disclosure with multiple Hall of Fame recognitions.
2023 β€” 2024
Security Learning & Certification Track
// TCM Security Β· TryHackMe Β· PortSwigger
Completed intensive training in practical bug bounty, web application security, and penetration testing. Built hands-on skills through labs, CTFs, and real-world application testing.
2022 β€” 2023
CTF Competitor & Community Learner
// PicoCTF Β· HackTheBox Β· TryHackMe
Started the cybersecurity journey through Capture the Flag competitions and self-directed learning. Developed foundational knowledge in networking, web security, and basic exploitation techniques.
04 β€” Hall of Fame

Recognised findings.

πŸŽ“
Coursera Β· via HackerOne
Hall of Fame β€” Coursera
Recognised by Coursera for responsible disclosure of a security vulnerability through the HackerOne bug bounty platform. Acknowledged in Coursera's official Hall of Fame for ethical reporting and quality submission.
HackerOne Responsible Disclosure Web Security
2024
05 β€” Certifications

Credentials.

Web Security RTA
// Web-RTA Certification
βœ“
Practical certification covering real-world web application security testing and vulnerability assessment methodologies, including exploitation techniques and defensive strategies.
Web Security Exploitation Practical
CAP V2
// Certified Appsec Practitioner V2
βœ“
Advanced application security practitioner certification validating expertise in identifying and mitigating security vulnerabilities across modern web and API-based applications.
AppSec API Security OWASP
Practical Bug Bounty
// TCM Security
βœ“
Hands-on bug bounty training by TCM Security covering reconnaissance, vulnerability discovery, exploitation, and professional report writing for real-world bug bounty programs.
Bug Bounty Recon Report Writing
06 β€” Blog

Latest writes.

// 001
Race Condition to Account Takeover
How I exploited a race condition vulnerability to achieve account takeover β€” walking through the discovery, exploitation, and responsible disclosure process.
Medium Β· @ox033β†’
 // 002
Response Manipulation in the Wild
A deep dive into response manipulation techniques β€” how attackers can intercept and modify HTTP responses to bypass client-side controls and escalate privileges.
Medium Β· @ox033β†’
 // 003
My Bug Bounty Journey: Starting Out
Lessons from my early days in bug bounty hunting β€” tools, mindset, mistakes, and how I found my first valid vulnerability on a real program.
Medium Β· @ox033β†’
07 β€” Contact

Let's connect.

Whether you want to collaborate on a security project, discuss a finding, or just talk cybersecurity β€” I'm always open to a conversation.

✍️
Medium Blog medium.com/@ox033
β†’
🏹
HackerOne hackerone.com/ox033
β†’
πŸ’Ό
LinkedIn linkedin.com/in/ox033
β†’
// Send a message