Offensive Security · Penetration Testing · Red Team
Helping you find vulnerabilities before attackers do.
VAPT Engineer specializing in web and network security, Active Directory assessments, and realistic adversary-style attack simulations.
About Me
I'm Rakib Mahmud Nadir, a cybersecurity professional specializing in penetration testing, network security, and ethical hacking. Currently, I serve as a Junior VAPT Engineer at Cyenetic Solutions Ltd., where I conduct deep-dive web and network assessments and deliver comprehensive vulnerability reports.
My technical expertise spans Active Directory attack simulations, AI/LLM security research, and red team operations—including adversarial research against large language models such as prompt injection and guardrail bypass. I hold a suite of industry certifications including CRTP, eJPTv2, CRTA, CNSP, CSEDP, and CJWPT, with CRTO currently in progress.
I am currently pursuing a Bachelor's degree at KUET and serve as the Offensive Security Wing Lead at KCSC, leading technical initiatives and mentoring aspiring ethical hackers. Ranked in the top 1% globally on TryHackMe, I am expanding my expertise into cloud penetration testing to further broaden my offensive security capabilities.
Professional Experience
Junior VAPT Engineer
Apr 2026 – PresentCyenetic Solutions Ltd., Dhaka, Bangladesh
- Conduct vulnerability assessments and penetration testing on web applications, networks, and systems
- Identify, analyze, and document security vulnerabilities and risks
- Prepare detailed reports outlining findings, risk levels, and recommended remediation steps
- Collaborate with the security team to develop and improve testing methodologies
- Support in developing proof-of-concept exploits and security testing scripts
Assistant Mentor – Offensive Security
Dec 2025 – Mar 2026Hack Secure, India · Remote
- Performed web application penetration tests covering OWASP Top 10 vulnerabilities (SQLi, XSS, IDOR, authentication bypass)
- Conducted network penetration testing including service enumeration, credential attacks, and misconfiguration discovery
- Ran automated vulnerability scans and validated findings manually
- Wrote remediation reports with executive summaries and technical recommendations
Cybersecurity Intern
Verify →Hack Secure, India · Remote
- Mentored cybersecurity interns, guiding them through labs and offensive security concepts
- Designed learning content and structured training materials for the internship program
- Co-hosted cybersecurity webinars as a speaker
- Continued active penetration testing while taking on teaching responsibilities
Leadership & Community
Offensive Security Wing Lead
Jan 2026 – PresentKuet Cyber Security Club (KCSC), KUET
- Leading the offensive security wing, focusing on penetration testing, CTF preparation, and red teaming
- Designing and conducting technical workshops and live attack simulations for club members
- Mentoring students in ethical hacking methodologies, toolsets (Burp Suite, Metasploit, etc.), and security best practices
- Managing club infrastructure and maintaining vulnerable lab environments for hands-on practice
Certifications
Honors & Achievements
My Projects
Adversarial LLM Security Assessment
Built and pentested a local multi-model AI environment using Ollama, evaluating Mistral, Qwen, Gemma, Granite, and LLaMA against real-world adversarial techniques. Conducted automated prompt injection testing using Garak v0.14 across 768 attack attempts. Mistral:7b rated DC-2 (Very High Risk). Fingerprinted a live RAG-powered chatbot backend using LLMap. Built and open-sourced garak-report-to-excel for structured vulnerability reporting.
garak-report-to-excel
A Python utility that parses raw Garak LLM vulnerability scanner .jsonl report files into structured Excel spreadsheets. Built to solve the problem of unreadable Garak output during adversarial LLM security research.
Passive Subdomain Parser
An open-source asynchronous subdomain enumeration and alive-checking tool for security assessments, bug bounty hunting, and VDP reconnaissance. Integrates multiple passive intelligence sources including crt.sh, AlienVault OTX, RapidDNS, HackerTarget, urlscan.io, ThreatCrowd, and SecurityTrails. Features concurrent alive-host validation using AsyncIO and AIOHTTP, optional subfinder integration, JSON/CSV export, and a Rich-powered terminal interface.
Multi-Forest Active Directory Lab
Built a fully isolated enterprise-grade AD environment across four network segments — enterprise.dc (Primary Forest), corp.enterprise.dc (Child Domain), and manufacturing.local (Secondary Forest). Simulates real-world attack paths including network pivoting, trust relationship attacks, privilege escalation across domain boundaries, and cross-forest compromise via bidirectional forest trust.
Web App Security Assessment (Grey Box)
Conducted a Grey Box penetration test on a self-hosted web application. Identified critical vulnerabilities including weak JWT implementation leading to account takeover, XSS enabling session hijacking, authentication flaws, and insecure transport mechanisms. Findings manually validated with actionable remediation aligned to OWASP and PTES.
Phishing Email Analysis
Conducted structured forensic analysis of a phishing email impersonating a major brand. Performed full email header inspection, sender infrastructure tracing, and SPF/DKIM/DMARC verification. Analyzed embedded URL using VirusTotal, URLVoid, and PhishTool, confirming an active credential harvesting portal. Documented findings in a structured SOC report with IOC summary and containment recommendations.
Hands-On Endpoint Analysis: Detecting Persistence After a Simulated Compromise
Simulated a full compromise-and-detection scenario on a Windows endpoint using Metasploit. Established a Meterpreter reverse TCP session, deployed malicious.exe as an auto-start Windows service (BackupService), and added a registry run key for logon persistence. Detection phase included process tracing via WMIC, service analysis with Get-CimInstance, network analysis confirming the Meterpreter session on port 5555, registry forensics via PowerShell, and autorun baselining with PSAutoRun to diff pre/post-compromise snapshots. VirusTotal flagged the hash 58/71 as trojan.metasploit/rozena.
SIEM Deployment & Blue Team Detection Lab — Splunk Enterprise
Deployed and configured Splunk Enterprise on Ubuntu to understand how defenders detect offensive techniques at the log level. Ingested real HTTP web server logs and used SPL to investigate traffic patterns — identifying a single IP generating 2,920 out of 3,086 total requests. Surfaced a Hydra brute-force tool signature making POST requests to /login.php. Built a multi-panel security dashboard covering top user agents, URI path frequency, geographic IP distribution, and HTTP volume over time. Configured a real-time alert for Local File Inclusion (LFI) detection.
Remote & Local Credential Harvesting in AD
Demonstrated credential harvesting in Active Directory using Mimikatz, SAM dumps, LSASS extraction, DCSync attacks, and Overpass-the-Hash / Pass-the-Ticket techniques. Highlights precise execution to avoid triggering service loops, with lateral movement simulation across AD environments.
Kerberos Unconstrained Delegation Abuse
Full exploitation of Kerberos unconstrained delegation misconfigurations to achieve domain-level compromise through TGT extraction and impersonation.
AdminSDHolder Persistence & ACL Abuse
Demonstrated persistence through AdminSDHolder ACL abuse, maintaining backdoor access to privileged AD groups through SDProp propagation.
Community & Content
Speaking
Breaking & Building: A Practical Intro to Cybersecurity
- Conducted KCSC's first physical cybersecurity session at Khulna University of Engineering and Technology
- Live demonstrations of real-world web attacks using Burp Suite and PortSwigger Web Security Academy labs
- Helped beginners understand the attacker mindset and how it builds stronger defenders
- Founded KCSC with the goal of building a strong, practical, and community-driven cybersecurity culture at KUET
Hack Your Career: Landing Jobs & Doing Real Work in Cybersecurity
- Career roadmap covering Pentest, SOC, and Red Team paths
- Interview preparation strategies and job hunting alongside studies
- Featuring a live Purple Team simulation: Red vs Blue in action
Cybersecurity Essentials & Career Guidelines
- Cybersecurity basics and common attack vectors
- Career paths in offensive & defensive security
- Portfolio building and certification guidance
Latest Blog Posts
Breaking "Exception" — A Medium Linux Lab Writeup
A walkthrough of the "Exception" challenge lab by Hack Smarter, covering enumeration, exploitation, and privilege escalation on Linux.
Read Article →
How to Start Your Cybersecurity Journey as a Student (The Right Way)
A practical guide for students looking to break into cybersecurity — cutting through the noise with actionable steps.
Read Article →
When a Single Header Bypasses Your Access Control
A deep dive into access control failures — how a single HTTP header misconfiguration can lead to full authorization bypass.
Read Article →
CRTP Exam Preparation and My Experience
My preparation strategy, exam experience, and lessons learned from the Certified Red Team Professional exam.
Read Article →
Advanced PowerShell Security: Defense in Depth and Adversarial Bypasses
AMSI bypasses, constrained language mode, and script block logging from an offensive perspective.
Read Article →
Hack The Box — Querier Writeup
MSSQL enumeration, xp_cmdshell exploitation, and full domain compromise.
Read Article →
TryHackMe — Startup CTF Write-up
FTP enumeration, reverse shells, and Linux privilege escalation on a beginner-level TryHackMe room.
Read Article →Get In Touch
Let's connect
I'm always interested in discussing new security challenges, research collaborations, or potential opportunities. Feel free to reach out through any of the channels below.
- sec.rakibnadir@gmail.com
- +880 1785 029 110
- linkedin.com/in/rakib-nadir
- Khulna, Bangladesh