Penetration Tester & Red Team Practitioner

MD Nahid Hasan

eJPT | Penetration Tester | Red Team Practitioner
"Red team practitioner who finds critical paths attackers love—and fixes them before they're exploited."
View Projects Get In Touch ⬇ Download CV
30+
Assessments
5
Certifications
80%
Avg Risk Reduction
MD Nahid Hasan
Who I Am

Security Engineer with a Red Team Mindset

With a Computer Engineering foundation from AIUB and hands-on red team experience at QA Pro Limited, I specialize in uncovering hidden attack paths that automated tools miss. My 30+ assessments — spanning web applications, Active Directory, and PCI DSS environments — focus on translating technical findings into business-risk insights aligned with NIST and CIS frameworks. I'm driven by the belief that proactive offense is the foundation of resilient defense.

⚔️
Offensive Security Specialist
Web apps, Active Directory, Network VAPT
🛡️
Compliance-Aligned
PCI DSS, NIST CSF, CIS Controls
📊
Business-Risk Focus
Translates technical findings into executive insights
📍
Dhaka, Bangladesh
Bangladesh market specialist & open to remote
Technical Arsenal

Skills & Capabilities

Web Penetration Testing

Burp Suite ProManual OWASP Top 10 (XSS, SQLi, CSRF)Secure Code ReviewSession & Auth Testing

Network & Vulnerability Assessment

NmapWiresharkNessus / OpenVASMasscan

Active Directory Attacks

BloodHoundKerberoastingPass-the-HashACL AbuseImpacket

Red Team & Adversary Emulation

MetasploitMITRE ATT&CK MappingPTES MethodologyCustom PowerShell Payloads

EDR Evasion Basics

In-Memory ExecutionPayload StagingObfuscation Techniques

Compliance & Reporting

PCI DSS Req 11.3NIST CSFCIS ControlsCVSS ScoringExecutive Reporting
Career

Work Experience

Engineer (Penetration Tester)
QA Pro Limited
Aug 2025 – Mar 2026
  • Led APT red team simulations across web & infrastructure using Nmap, OSINT, Burp Suite and custom PowerShell payloads
  • Executed 10+ penetration tests on web apps and networks; exploited OWASP Top 10, Kerberoasting & pass-the-hash in AD environments
  • Built Python/Bash automation scripts for reconnaissance & exploitation; delivered hardening recommendations across servers, workstations and cloud infrastructure
Case Studies

Featured Engagements

01
Active DirectoryNetwork VAPTRed Team

Enterprise Network & Active Directory Security Assessment

Leading Commercial Bank, Bangladesh  ·  Q4 2025
🎯 Objective

Comprehensive VAPT across network devices, servers, workstations, and Active Directory environment.

🔧 Methodology
  • MITRE ATT&CK + PTES framework
  • BloodHound attack path mapping
  • Kerberoasting & privilege escalation testing
  • Credential policy analysis
🔑 Key Findings
  • Critical AD misconfigurations enabling domain escalation
  • Weak GPO inheritance allowing privilege abuse
  • Detection gap: no alerting on abnormal PowerShell execution
📊 Business Impact

Full domain compromise path identified within simulated timeframe; regulatory exposure under Bangladesh Bank guidelines.

✅ Outcome

12 prioritized findings delivered; credential policy redesign implemented; 80% risk reduction on re-test; cleared final report.

02
PCI DSSWeb AppCompliance

PCI DSS Security Assessments

Payment & E-commerce Systems, Bangladesh  ·  2025
🎯 Objective

Targeted VAPT on web applications in cardholder data environments (CDE) to meet PCI DSS Requirement 11.3.

🔧 Methodology
  • OWASP Top 10 manual + automated testing
  • Auth, session management & transaction flow review
  • Input validation & authorization control testing
  • Annual PT + quarterly remediation support
🔑 Key Findings
  • OWASP Top 10 vulnerabilities with PoC documentation
  • Authentication and session management gaps
  • Input validation failures in payment flows
📊 Business Impact

Production payment systems with direct cardholder data exposure; compliance gap with PCI DSS Req 11.3.

✅ Outcome

All findings fully remediated and re-verified; cleared reports delivered; strengthened PCI DSS readiness across production systems.

03
Web AppOWASP

Web Application Security Assessment

National Professional Accounting Institute, Bangladesh  ·  2025
🎯 Objective

Manual and automated VAPT on core web application following OWASP Top 10 methodology.

🔧 Methodology
  • Manual + automated VAPT
  • OWASP Top 10 methodology
  • Exploitation PoC development
  • Remediation guidance
🔑 Key Findings
  • High-risk vulnerabilities with documented exploitation proof-of-concept
  • Access control and authentication weaknesses
📊 Business Impact

Sensitive institutional data at risk; potential for unauthorized access to member records.

✅ Outcome

Detailed exploitation PoC and remediation guidance delivered; fully cleared final report.

04
FintechWeb AppFirewall

Fintech Payment Platform Security Assessment

Leading Digital Payment Provider  ·  2025
🎯 Objective

Full-scope web application penetration testing combined with firewall rule review and configuration audit.

🔧 Methodology
  • Web application penetration testing
  • Firewall rule review
  • Configuration audit
  • Perimeter security analysis
🔑 Key Findings
  • Application-layer flaws in payment processing logic
  • Perimeter security gaps in firewall configuration
📊 Business Impact

Financial transaction integrity at risk; potential for transaction manipulation and data exposure.

✅ Outcome

Actionable hardening recommendations and remediation roadmap delivered.

Credentials

Certifications & Qualifications

🏅
Junior Penetration Tester (eJPT)
INE Security
🏅
Certified in Cybersecurity (CC)
ISC2
🏅
Certified Red Team Operations Management (CRTOM)
Red Team Leaders
🏅
Certified Ransomware Protection Officer (CRPO)
EU Cyber Academy
🏅
Certified Threat Intelligence & Governance Analyst (CTIGA)
Red Team Leaders
Academic Background

Education

Bachelor of Computer Science & Engineering
American International University - Bangladesh (AIUB)
Jun 2021 – May 2026
Dean's Award recipient • Academic scholarships • GPA 3.88
Beyond Work

Community & Development

Let's Work Together

Get In Touch

📧
Email
mnahid.infosec@gmail.com
📞
Phone
+880 1521 551357
🔗
LinkedIn
View Profile ↗
🐙
GitHub
View Repos ↗
📄
Resume / CV
Download ↓