Available for hackathons, builds, and disclosures
KTM / NP · 27.7172° N --:--:--

Zenith Kandel.

Developer. Security researcher. Builder of civic tools and off-grid hardware. Seventeen years old, based in Kathmandu, shipping from a quiet room.

Zenith Kandel PORTRAIT · 2026
Born May 12, 2009 Grade 12 · KMSS Bagbazar
01 — About

A high schooler building at the edge of curiosity.

I started writing HTML in 2020. The world had gone quiet — lockdowns, closed schools, an entire childhood paused — and I opened a YouTube tab and taught myself what <html> did. I haven't stopped since.

By grade nine I was building crowd-sourced civic tools. By grade eleven I was reporting security flaws to a national news broadcaster. Now I'm in grade twelve, learning the MERN stack, and breaking applications to understand how they think.

I compete in hackathons. I win some. I learn from all of them. I care about three things: shipped products, clean code, and the human on the other end of the screen.

80+

Public repos

A strong GitHub profile with experiments, builds, and unfinished things I'm not afraid to ship anyway.

github.com/zenithkandel
05

Hackathon builds

Selected projects in civic tech, IoT, transit, agriculture, and education — all demoed to live judges.

2024 → 2025
02

Disclosed bugs

Responsible disclosures at Kantipur Television and Monkeytype — both reported, both patched upstream.

Vuln research
17

Years of curiosity

Born May 12, 2009. Currently finishing grade twelve at KMSS Bagbazar, Kathmandu, Nepal.

Still learning
02 — Work

Selected
projects.

Five projects. Each one was built for a real problem, demoed in front of judges, and pushed past the prototype stage. They live in hackathon halls and school exhibitions — not in tutorial folders.

  1. 01

    Sastomahango

    Civic Tech · Web

    A crowd-sourced price index for everyday goods. Users report what they paid, the system aggregates prices by locality, and shoppers see whether they're about to get scammed at the bazaar. Built to fight the opacity of Kathmandu's informal markets.

    PHPMySQLCrowdsourced dataHackathon build
    2024
  2. 02

    Lifeline

    Hardware · Off-Grid

    An off-grid, RF-based emergency signal system. When there's no cellular coverage — landslides, remote valleys, the post-quake window — Lifeline transmits short distress beacons across radio so a receiver in a populated area can relay them to first responders.

    RF modulesArduinoResilience techField-tested
    2024
  3. 03

    Sawari

    Transit · Web App

    A complete public transport companion for Kathmandu. Enter where you are, enter where you want to go, and Sawari hands you the full walkthrough — the bus, the route, the fare, the road condition, the ETA. Built around the city's actual, chaotic network.

    JavaScriptRouting logicKathmandu transitLive demo
    2025
  4. 04

    AgroPan

    IoT · Agriculture

    A soil monitoring and crop recommendation rig. Sensor arrays measure moisture, pH, and nutrients in the field; AgroPan returns a crop recommendation tailored to what's actually in the ground — not what the seed shop is selling.

    ESP seriesSensorsPrecision agricultureField prototype
    2024
  5. 05

    Edu Track Pro

    RFID · EdTech

    A smart attendance system for Nepali schools. Every student taps their ID card on an RFID reader at the gate, attendance is logged instantly, and class teachers see who's actually in the room. Built to replace the paper register that's still standard here.

    RFIDPHPEdTechSchool pilot
    2025
03 — Stack

Tools I
work with.

I started with the boring fundamentals and I still respect them. The list grows on purpose — only when something earns its place in a real project.

01

Frontend

  • HTML5
  • CSS3
  • JavaScript
02

Backend

  • PHP
  • Node.js
  • REST APIs
03

Data

  • MySQL
  • MongoDB
04

Learning Now

  • React
  • Express
  • MongoDB Atlas
05

Security

  • Burp Suite
  • Recon & Fuzzing
  • Responsible Disclosure
06

Hardware

  • Arduino
  • ESP series
  • RF modules
  • RFID
04 — Research

Security
research.

Bug hunting is a way of reading. Every application is a story about assumptions — some of those assumptions are wrong. Below are the ones I found and disclosed.

Kantipur Television Disclosed · 2024

Critical flaw on Kantipur.tv

A critical issue on the website of one of Nepal's largest news broadcasters. Reported through the proper disclosure channel, acknowledged, and patched upstream.

Web Auth boundary Resolved
Monkeytype Disclosed · 2025

Bug in Monkeytype

A flaw in the popular open-source typing utility used by tens of thousands of typists worldwide. Reported, acknowledged, and patched upstream.

Web Client-side logic Resolved
05 — Contact

Let's build
something.

Open to collaborations, hackathon teams, internships, and interesting security disclosures. If you're working on something that actually matters to people, I'd like to hear about it.