MRKNIGHTNIDU

Hi, I am MrKnightNidu.
My real name is Nidal Khan.

Security Researcher & Bug Bounty Hunter with over three years of experience in vulnerability research and penetration testing. I have identified critical and high-impact vulnerabilities for multiple organizations including Binalyze, Hackerate, Amsterdam, Translated, and Descope and many more.

I actively participate in open-source security programs and have discovered zero-day vulnerabilities. Passionate about offensive security, responsible disclosure, and helping organizations strengthen their security posture.

I crossed the Aquila Rift.
I saw beyond the simulation.
Now I defend reality.
SCROLL TO DESCEND
REALMS SECURED

SKILL MATRIX

Reverse Engineering & Exploit Development 0%
Penetration Testing & Red Team 95%
Web3 & Smart Contract Security 2%
Zero Trust Architecture 90%

CERTIFICATES

CWSE • Certified web security expert 2026
CAPT • Certified Associate Penetration Tester 2025
THM • Jr Penetration Tester Certificate 2025

HALL OF FAME

HackerOne • Mercedes-Benz2026
Check Point MVP2025

MANY MORE

DISCOVERED CVEs

CVE-2026-46620

I found a CSRF vulnerability in e107 CMS where an attacker could trick a logged-in admin into deleting or approving comments without their knowledge, just by getting them to visit a malicious page. It affected all versions up to 2.3.4. I responsibly reported it to the e107 team and it was patched in v2.3.5 and assigned CVE-2026-46620.

CVE-2026-54321

I discovered an authentication bypass in Daytona where public sandbox previews could remain accessible without authentication for up to one hour after being switched to private, due to stale cache of the visibility state. Fixed in v0.184.0.

CVE-2026-54322

We Found a high Cross-Organization IDOR vulnerability in Daytona. Any organization owner could modify or delete roles belonging to other organizations, leading to privilege escalation and broken access control across tenants. Fixed in v0.185.0.

PROJECTS

??
??
??