Md Nahid Alam

Researcher | Web/Android Pentester | Red Teamer

About Me

Hi, I'm Md Nahid Alam

AKA Nahid0x1

I am a Bangladeshi cybersecurity researcher, Red Teamer, and Bug Hunter specializing in web security testing, Android security testing, malware development, and network security. I am currently works as a Researcher at Collective Insight Organization (CIO) and a Junior Cyber Security Engineer at Infosec.

Read My Blog See My Projects
Hacker at Work

My Skills


Web Security Testing


Web Application Testing


Mobile Application Security


Hardware Hacking


Bash


Python


C#


Html/CSS

Services

Web-App Penetration Testing

Conducts a thorough manual penetration test on the web application to verify its security.

Mobile App Penetration Testing

Performs penetration testing for iOS and Android applications using both manual and automated methods to identify vulnerabilities and enhance mobile app security.

Network Security testing

Conducts a comprehensive manual penetration test to strengthen network security and safeguard all connected devices against potential future attacks.

My Acknowledgements

Acknowledgment sparks gratitude, weaving respect and kindness into every stride.

I have been acknowledged by more than PENDING well-known companies for reporting security vulnerabilities in their services and products.

Acknowledgments include rewards, fame, and swags; my top ones are remarkable.

Pending+

Valid Reports

Pending+

Bug Bounty Acknowledgements

5+

Years of Experience

Write-Ups

Write-Up Image 1

CVE-2024–27956: SQL Injection Vulnerability in ValvePress Automatic (WP-Automatic)

CVE-2024–27956 refers to a critical SQL injection (SQLi) vulnerability discovered in the WP-Automatic plugin, a popular content automation tool for WordPress websites. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries on the affected website’s database, potentially leading to complete website compromise.

READ MORE ▪
Write-Up Image 2

Reverse Router Firmware & Backdooring It

Router firmware is a critical component of any network infrastructure, and its security is often overlooked. As a hacker, understanding how to reverse engineer and backdooring router firmware. In this write-up, we will see the process of reverse engineering and backdooring a router firmware.

READ MORE ▪
Write-Up Image 3

Exploiting CVE-2024–24919: Information Disclosure in Check Point Quantum Gateway

In the rapidly evolving landscape of cybersecurity, vulnerabilities are discovered that can have far-reaching implications for organizations. One such vulnerability is CVE-2024–24919, an information disclosure flaw in Check Point Quantum Gateway. This vulnerability, identified by the researcher johnk3r, poses a significant risk by potentially allowing attackers to access sensitive information on internet-connected Gateways configured with IPSec VPN, remote access VPN, or mobile access software blade.

READ MORE ▪

Projects

Write-Up Image 1

Android Security Toolkit

The Android Security Toolkit is a bash script designed to assist in various security testing activities on Android devices. It provides a convenient interface for tasks such as extracting APKs, decompiling APKs, running activities, and identifying potential security vulnerabilities. The toolkit is particularly useful for security researchers, penetration testers, and developers concerned with Android app security.

See Here ▪
Write-Up Image 2

CVE-Finder

This script helps you search for Proof of Concepts (PoCs) for given CVEs, scan for CVEs on a specific host, and find PoCs for CVEs detected on a host. It uses APIs like Shodan InternetDB and PoC-in-GitHub to fetch relevant data.

See Here ▪