NQHacking specializes exclusively in manual penetration testing. We focus on real attacker methodologies without reliance on automated scanning tools.
Request AssessmentHuman-Driven Penetration Testing is a security assessment led by human experts who simulate real-world attackers. While professional tools are used to support the process, they do not drive the assessment.
The tester defines the strategy, selects the attack paths, and adapts the approach based on how the target behaves. This enables the identification of logic flaws, complex attack chains, and context-specific vulnerabilities that automated scanners cannot detect.
This approach avoids the limitations of automated and industrialized testing, providing a realistic assessment of how an attacker would compromise a system.
Security assessment of web applications to identify vulnerabilities and weaknesses in design and implementation.
Evaluation of mobile applications to uncover security issues affecting data handling, logic, and communication.
Assessment of cloud environments to identify misconfigurations and exposure risks across infrastructure and services.
Review of internal environments to identify pathways that could lead to unauthorized access or system compromise.
Pentester since 2011 with extensive experience in offensive security and vulnerability research.
He has identified multiple zero-day vulnerabilities across widely used technologies and platforms, including organizations such as Google and Akamai.
His work focuses on advanced penetration testing, vulnerability research, and the development of new offensive security techniques.
NQHacking maintains a curated network of trained freelance security professionals.
Partners are selected and trained on our testing methodologies before contributing to client engagements.
This model ensures consistent execution quality while enabling scalable delivery across complex penetration testing projects.
Selected achievements from our real-world penetration testing engagements demonstrating the depth and impact of our work.
Achieved directory traversal write through file upload, enabling blind write capabilities on an SMB share. Leveraged this to overwrite executables executed by a privileged Active Directory service account.
Discovered DOM clobbering and unusual XSS behaviors in production environments—vulnerability classes typically only seen in highly crafted CTF challenges.
Exploited LDAP injection leading to leakage of LAPS passwords, enabling access to privileged systems within the environment.
Performed cache poisoning attacks by infecting JavaScript files for persistent XSS and abusing unkeyed analytics variables to inject payloads into cached responses.
Bypassed AWS IMDSv2 protections against SSRF, demonstrating access to sensitive instance metadata under constrained conditions.
Developed and applied Google Chrome downgrade attack techniques to reintroduce exploitable conditions in hardened environments.
Identified and analyzed multiple Chrome vulnerabilities including use-after-free, type confusion, URL spoofing, and UXSS.
By chaining a server-side vulnerability with a mobile application flaw, it was possible to force sensitive data to be stored in an insecure location.
Exploited a file upload CSRF vulnerability to overwrite sensitive administrative configurations, leading to a full compromise of the web application.
Bypassed WAF protections by targeting origin servers, exploiting lenient JSON parsing, and abusing telemetry parameters to smuggle malicious payloads.
After analyzing the 2024 “Cosmic String” patch, we determined it was insufficient. We advised our clients to implement additional defensive measures beyond patching alone. This assessment was later validated when a bypass (“Session Reaper”) was discovered in 2025.
An arbitrary code execution vulnerability in a casino website enabled the compromise of players’ poker accounts and jackpot slot machines.
A vulnerability in a French government system enabled the extraction of account credentials from the database. This resulted in unauthorized access to the accounts of French prefects and the ability to modify administrative decrees.