# White Hats Nepal > Cybersecurity research blog covering penetration testing, vulnerability analysis, bug bounty writeups, security tools, 944 CWE entries, 697 MITRE ATT&CK techniques, 250k+ CVE entries, and a directory of 795+ bug bounty programs. ## About White Hats Nepal is an independent cybersecurity research publication by security researchers and penetration testers. We publish in-depth vulnerability analysis, practical exploitation tutorials, real-world bug bounty writeups, and free browser-based security tools. ## Sections - [Articles](https://blog.pentestnepal.tech/articles/) — In-depth cybersecurity articles and research - [Writeups](https://blog.pentestnepal.tech/writeups/) — Real-world bug bounty vulnerability reports - [Tools](https://blog.pentestnepal.tech/tools/) — Free browser-based cybersecurity tools - [Bug Bounty Directory](https://blog.pentestnepal.tech/bugbounty/) — 795+ programs from HackerOne, Bugcrowd, Intigriti - [CWE Database](https://blog.pentestnepal.tech/cwe/) — 944 Common Weakness Enumeration entries with code examples, mitigations, and CVE references - [ATT&CK Techniques](https://blog.pentestnepal.tech/attack/) — 697 MITRE ATT&CK Enterprise techniques with mitigations, detection, threat groups - [CVE Database](https://blog.pentestnepal.tech/cve/) — 250,000+ CVE vulnerability entries with CVSS scores, affected products, references - [About](https://blog.pentestnepal.tech/about/) — About the team and contact information ## Free Security Tools - [Hash Generator](https://blog.pentestnepal.tech/tools/hash-generator/) — MD5, SHA-1, SHA-256, SHA-384, SHA-512 - [Base64 Encode/Decode](https://blog.pentestnepal.tech/tools/base64/) — Text ↔ Base64 conversion - [URL Encode/Decode](https://blog.pentestnepal.tech/tools/url-encode/) — URL encoding/decoding with component mode - [JWT Decoder](https://blog.pentestnepal.tech/tools/jwt-decoder/) — Decode and inspect JSON Web Tokens - [Password Generator](https://blog.pentestnepal.tech/tools/password-generator/) — Cryptographically secure password generation ## Key Topics SQL Injection, XSS, SSRF, IDOR, CSRF, XXE, OAuth Security, Prototype Pollution, HTTP Request Smuggling, Privilege Escalation (Linux/Windows), Active Directory Attacks, Network Penetration Testing, Web Application Security, API Security, OWASP Top 10, MITRE ATT&CK ## Tools Covered Burp Suite, Nmap, Metasploit, Hashcat, Mimikatz, BloodHound, Wireshark, sqlmap, Nuclei, subfinder, httpx, ffuf, Gobuster, John the Ripper, Hydra, Kali Linux ## Bug Bounty Programs Directory Live directory of 795+ bug bounty and vulnerability disclosure programs aggregated from HackerOne, Bugcrowd, and Intigriti. Updated daily. Each program page includes scope details, payout information, tips, and related resources. ## CWE Weakness Database Complete database of 944 Common Weakness Enumeration (CWE) entries from MITRE. Each entry includes detailed descriptions, potential impact, demonstrative code examples (vulnerable and fixed), mitigation strategies by development phase, detection methods, real-world CVE references, related weaknesses, and taxonomy mappings. Updated monthly. Categories: Pillar (10), Class (112), Base (523), Variant (292), Compound (7). ## MITRE ATT&CK Techniques Database Complete database of 697 MITRE ATT&CK Enterprise techniques (222 parent + 475 sub-techniques) across 15 tactics. Each technique page includes description, platforms, mitigations, detection guidance, associated threat groups, software, references, related CWEs, and FAQ. Organized by kill chain: Reconnaissance → Resource Development → Initial Access → Execution → Persistence → Privilege Escalation → Defense Impairment → Stealth → Credential Access → Discovery → Lateral Movement → Collection → Command and Control → Exfiltration → Impact. Updated monthly. ## CVE Vulnerability Database Complete NVD database with 250,000+ CVE entries. Each page includes vulnerability description, CVSS v2/v3 scoring with detailed metrics, affected products (CPE), references with tags, related CWE weaknesses (cross-linked), FAQ, and links to NVD. Searchable by CVE ID. Updated weekly. ## Contact Website: https://blog.pentestnepal.tech Full content index: https://blog.pentestnepal.tech/llms-full.txt