Available for opportunities

Hi, I'm Kabin Khadka

Cybersecurity learner, CTF player, ethical hacking student, security enthusiast, and lifelong learner.

Cybersecurity student and enthusiast learning ethical hacking, vulnerability research, and how secure systems are built. I break things in labs to learn how to make them stronger.


View My Work Get In Touch

9+ Certifications
12+ Labs & Case Studies
Nepal Security Focus
Scroll down
About

Who I Am

Kabin Khadka - Cybersecurity Enthusiast from Nepal

EC-Council Certified

I'm a cybersecurity student and enthusiast building hands-on experience in penetration testing, web application security, and digital forensics.

My journey started with curiosity — wanting to understand how systems work and, more importantly, how they break. That curiosity is shaping the path I'm on now: learning, lab by lab, challenge by challenge.

I practise through hands-on labs and challenges on TryHackMe, Hack The Box, and PortSwigger Web Security Labs — including OWASP Top 10 vulnerabilities, network pentesting, and reverse engineering.

BCS Cybersecurity & Networking — Texas College of Management & IT (Ongoing)

EC-Council certified · view certifications on Credly

Based in — Bouddha, Kathmandu, Nepal

Let's Connect
Skills

Skills I'm Building

Familiarity levels across the areas I practise as a student — tap any card to try a hands-on challenge.

Penetration Testing

Learning web, network, and host penetration testing with industry-standard methodologies and tooling.

Web Exploitation

Practising the OWASP Top 10 — XSS, SQLi, IDOR and more — in deliberately vulnerable lab environments.

Scripting & Automation

Writing Python and Bash scripts for recon, automation, and small security tools.

OSINT & Recon

Passive and active reconnaissance, digital footprinting, and information gathering.

Reverse Engineering

Getting started with binary and malware analysis using Ghidra and GDB in CTF challenges.

Network Security

TCP/IP, Nmap, Wireshark, and network security fundamentals at a CCNA level.

Digital Forensics

Log analysis, disk and memory basics, and malware triage using Autopsy, Volatility, and Binwalk.

Tools I Use

  • Burp Suite
  • Metasploit
  • Nmap
  • Wireshark
  • Ghidra
  • SQLmap
  • Gobuster
  • Hydra
  • Hashcat
  • John the Ripper
  • Nikto
  • Responder
  • BloodHound
  • Impacket
  • ffuf
  • CyberChef
  • Autopsy
  • Volatility
  • Binwalk
  • FTK Imager
  • Strings
Projects

Things I've Built

Hands-on projects where I applied security-first thinking. More on my GitHub.

Highlight

Real Estate Net — Secure Real Estate Platform

A full-stack Django web app for real estate listings, built with a security-first mindset: secure authentication, input validation, and basic encryption, applying OWASP principles.

  • Django
  • Python
  • SQLite
  • OWASP Top 10

Linux Log Monitoring & Alert System

A PHP tool that analyses Linux system logs in real time to flag suspicious activity — automated alerts for failed logins and unauthorised access — built to practise SOC fundamentals.

  • PHP
  • Linux Syslog
  • Bash
  • SOC Practice
Case Studies

Case Studies & Research

High-level breakdowns of real incidents and threats I've researched as a learner. These are awareness-focused summaries — the full write-ups and discussion live on my LinkedIn.

Nepal

Vianet Data Breach 2020 (Nepal)

A structured analysis of a Nepali ISP data breach — mapping the incident timeline, the categories of customer data exposed, the cyber-law implications, and the protection gaps it revealed.

Read on LinkedIn
Nepal

Digital Vulnerabilities in Nepal's Passport System

A high-level look at digital risks around national identity and passport infrastructure, and why strong data protection matters for public systems — focused on awareness and policy gaps.

Read on LinkedIn
AI Security

Google Gemini Security Flaw — A New Era of AI Security

Notes on a reported flaw in a major AI assistant and what it signals for the emerging field of AI/LLM security — prompt-handling risks and the defensive mindset understanding.

Read on LinkedIn
Threat Intel

Transparent Tribe (APT36) RAT Campaign

A threat-intelligence summary of the APT36 group and its remote-access-trojan activity — who they target, why it matters for the region, and the detection signals to track.

Read on LinkedIn
Threat Intel

Shai-Hulud — Software Supply-Chain Worm

An explainer on a software supply-chain worm and why dependency security has become critical — the high-level idea and the guardrails (lockfiles, provenance, least privilege).

Read on LinkedIn
Web

WordPress Security Lab

A hands-on lab write-up: finding common web flaws (SQLi, XSS, RCE) in a deliberately vulnerable WordPress setup, then applying patching, access control, and hardening steps.

Read on LinkedIn

Want the full breakdowns? Follow my case-study posts on LinkedIn.

Contact

Get In Touch

Have a project, need a security assessment, or just want to talk hacking? I'm always open to interesting conversations.

Email kabinkhadka12345@gmail.com GitHub github.com/kabinkhadka923 Credly credly.com/users/kabin-khadka LinkedIn linkedin.com/in/kabinkhadka

Message sent successfully! I'll get back to you soon.