NADER ALHARBI

I'm Penetration Tester

About me Get In Touch

Summary

Cybersecurity enthusiast with a strong interest in penetration testing, red teaming, and ethical hacking. Skilled in identifying and exploiting security vulnerabilities to help strengthen systems and networks. Actively pursuing advanced knowledge about new exploitation techniques. A team player with a proactive approach to learning and problem-solving, aiming to contribute effectively to the field of cybersecurity while continuously honing technical expertise.

Profile Image

Education

Bachelor degree in Cybersecurity

University of Jeddah

2021 - Present

Experience

Cybersecurity Content Specialist

Synapse

2025 - Present

Certifications

Professional certifications that enhance my expertise and validate my skills in various domains.
Under each Certificate you can find key topics and skills gained by the Certificate.

Certification 1

Certified Red Team Professional (CRTP)

Issued by Altered Security

Key Topics and skills

• Active Directory (AD) Enumeration
• AD attacks
• ACLs Abuse
• AD Presistance
• Child to parent domain escalation
• Trust Attacks
• Forest privilege escalation

Certification 2

Web Application Penetration Tester eXtreme (eWPTX)

Issued by INE

Key Topics and skills

• Web Application Penetration Testing Methodology
• Web Application Reconnaissance
• Authentication Attacks
• Advanced Injection Vulnerabilities
• API Penetration Testing
• Server-Side Attacks
• Filter Evasion & WAF Bypass

Certification 3

Certified Professional Penetration Tester (eCPPT)

Issued by INE

Key Topics and skills

• Client-Side Attacks
• Web Application PT
• Network Penetration Testing
• Exploit Development
• Post-Exploitation
• Red Teaming and Active Directory Penetration Testin

Certification 5

Mobile Application Penetration Testing (eMAPT)

Issued by INE

Key Topics and skills

• Android and iOS Architecture
• Static and Dynamic Analysis
• Developing APK Exploits
• Reversing APKs
• Intercepting Web Requests

Certification 9

Certified Red Team Analyst (CRTA)

Issued by CWL

Key Topics and skills

• Red Team Methodologies
• Understanding of MITRE ATT&CK
• Internal & External Recon
• Perform Kerberos based attacks in fully patched Active Directory
• Pivoting and Lateral Movement Techniques

Certification 4

Certified Threat Hunting Professional (eCTHP)

Issued by INE

Key Topics and skills

• Threat hunting methodology
• Threat hunting using Splunk
• Threat hunting using ELK
• Memory-based threat hunting

Certification 5

Junior Penetration Tester (eJPT)

Issued by INE

Key Topics and skills

• Assessment Methodologies
• Host & Networking Auditing
• Host & Network PT
• Web Application PT

Certification 10

Offshore ProLab

Issued by Hack The Box

Key Topics and skills

• Web Application Attacks
• Enumeration
• Exploiting Real-World Active Directory Flaws
• Local Privilege Escalation
• Lateral Movement and Crossing Trust Boundaries
• Evading Endpoint Protections
• Compromising all 5 Domains

Certification 6

Zephyr ProLab

Issued by Hack The Box

Key Topics and skills

• Active Directory
• Red Teaming
• Enumeration
• ACLs Abuse
• Lateral movement and crossing trust boundaries
• Pivoting
• SQL attacks

Certification 6

Dante ProLab

Issued by Hack The Box

Key Topics and skills

• Enumerating networks and machines
• Exploiting numerous vulnerabilities
• Crafting custom payloads
• Lateral movement
• Pivoting
• Escalating privileges

Courses & Bootcamps

Continuous learning is key to staying ahead in the fast-evolving cyber landscape. Here are some of the courses and bootcamps I've completed to enhance my skills.

Augest 2023

TryHackMe

Top 1% of overall users

TryHackMe is a Cybersecurity Learning platform Where I completed over 100+ rooms ranging from cybersecurity basics to Penetration testing and red teaming

December 2023

Cybersecurity Bootcamp

NCA & KAUST

One of the amazing bootcamps that I attended Where I advanced through 3 stages hardening my knowledge in the Cybersecurity field

March 2024

Threat hunting Bootcamp

CyberHub

This Bootcamp covered the eCTHP certificate. I was one of the top students and I was awarded a voucher for the eCTHP Certificate

April 2024

Web Application Penetration Testing Bootcamp

CyberHub

This Bootcamp mainly focused on the eWPT & eWPTX certificate. Really enhanced my skills in Web Application Penetration testing.

May 2024

Web Application Penetration Tester (eWPT)

INE

Even though I did not take the eWPT certifications I finished the course where I learned The basics of Web Pentesting

July 2024

NCA & SITE

Cybersecurity Bootcamp

Fruitful bootcamp where it went over certifications like the Network+, Security+ and real life simulations for SOC analysis And Penetration Testing Engagement. Ended with Practical exam preforming the skills we obtained

Augest 2024

Active Directory Penetration Testing Bootcamp

CyberHub

This Bootcamp focused on Active Directory Pen testing life cycle. including these topics (Active Directory Foundations, Breaching Active Directory, Enumerating, Attacks, Lateral Movement, Persistence)

October 2024

Mobile Application Penetration Testing Bootcamp

CyberHub

This Bootcamp initially was about the eMAPT Certificate. But, It went above and beyond the Certificate topics. Covering Advanced topics like (Frida, Binary patching techniques, bypassing certificate pinning, root and virtual machine checks, Frameworks like Flutter, Xamarin Forms, and React Native)

Projects

Here are some of the projects I've worked on that showcase my skills and expertise. Click project to see demo video.

Google Chrome Password Stealer

Google Chrome Password Stealer

This malware decrypts and steals passwords stored in Google Chrome, sending them to the attacker’s Command and Control (C2) server without detection from Windows Defender on Windows 10.

Python Stealer Evasion
Subnet Scanner

Subnet Scanner

This Python program identifies live hosts on a subnet, useful for penetration testers to locate active hosts.

Python Enumeration
Fake CAPTCHA Attack Simulation

Fake CAPTCHA Attack Simulation

This demo replicates how threat actors use fake CAPTCHA pages to trick victims into executing malicious code. Designed to raise awareness, it highlights the importance of verifying website authenticity to prevent falling for such social engineering attacks.

Try Demo
Awareness Social Engineering
TelegramC2

NRcTwo

This is a IP-less C2 (Command And Control) That I have created that leverages Telegram for communication. This C2 has multiple functionalities, including:
• Gathering system information from the victim machine
• Executing commands on the victim machine
• Taking screenshots
• Retrieving public IP and location
• Persistence via startup apps

C2 Telegram Bot Python

Connect

Feel free to reach out if you're interested in working together or have any questions.