- Penetration Tester & Security Researcher
- Hackerone Profile: @nhienit2010
- Huntr Profile: @nhienit2010
- Email: ngocnhien0511@gmail.com
- Security Engineer @ Galaxy One (1.2023 - Now)
- Security Engineer @ Techlab Corporation (1.2022 - 12.2022)
- Member of KCSC (KMA Cyber Security Club) @ Vietnam Academy of Cryptography Techniques
- Information Security Student @ Vietnam Academy of Cryptography Techniques (2018 - 2023)
- OffSec Web Expert (OSWE) by Offsec
- Burp Suite Certified Practitioner by PortSwigger's Web Security Academy
- Technical write-up about SQL Injection leads to Remote Code Execution (RCE) on ManageEngine ADAudit Plus
- Authored a technical write-up on CVE-2024-5443 (Remote Code Execution) published on the Huntr Blog
- 2025 Adobe Researcher Hall of Fame
- 2024 Informatica Security Researcher Hall of Fame
- 2024 LG Electronics Vulnerability Report & Reward
- 2023 Zoho Corp Hacker Board Hall of Fame
- 2023 Huntr Q2 Top 1 Leaderboard Monthly
- 2022 ASEAN Student Contest on Information Security Contest (ASCIS) by VNISA - Finalist
- 2021 ASEAN Student Contest on Information Security Contest (ASCIS) by VNISA - Second Prize
- CVE-2025-54261: Adobe ColdFusion Arbitrary File Write Remote Code Execution Vulnerability
- CVE-2025-61823: Adobe ColdFusion Authenticated Blind XML External Entity Injection Vulnerability
- CVE-2025-61812: Adobe ColdFusion Arbitrary File Write Remote Code Execution Vulnerablity
- CVE-2025-61822: Adobe ColdFusion Path Traversal Arbitrary File Deletion Vulnerability
- CVE-2025-49538: Adobe ColdFusion Authentication Bypass XML External Entity Injection Vulnerability
- CVE-2025-50213: Apache Airflow Providers Snowflake Sql Injection Vulnerability
- CVE-2024-45498: Apache Airflow Authenticated Command Injection Remote Code Execution Vulnerability
- CVE-2023-48792: ME ADAudit Plus Authenticated Sql Injection Remote Code Execution Vulnerability
- CVE-2023-48793: ME ADAudit Plus Authenticated Sql Injection Remote Code Execution Vulnerability
- CVE-2023-49335: ME ADAudit Plus Authenticated Sql Injection Remote Code Execution Vulnerability
- CVE-2024-21791: ME ADAudit Plus Authenticated Sql Injection Remote Code Execution Vulnerability
- CVE-2024-36518: ME ADAudit Plus Authenticated Sql Injection Remote Code Execution Vulnerability
- CVE-2024-5487: ME ADAudit Plus Authenticated Sql Injection Remote Code Execution Vulnerability
- CVE-2024-5527: ME ADAudit Plus Authenticated Sql Injection Remote Code Execution Vulnerability
- CVE-2024-27310: ME ADSelfService Plus Unauthenticated LDAP Injection Denial-of-Service Vulnerability
- CVE-2024-5443: LoLLMs Unauthenticated Path Traversal Remote Code Execution Vulnerability
- CVE-2024-2359: LoLLMs Code Execution Remote Code Execution Vulnerability
- CVE-2024-2362: LoLLMs Arbitrary File Deletion Vulnerability
- CVE-2024-2548: LoLLMs Path Traversal Local File Read Vulnerability
- CVE-2024-4322: LoLLMs Path Traversal Information Disclosure Vulnerability
- CVE-2024-4881: LoLLMs Path Traversal Local File Read Vulnerability
- CVE-2024-1699: PaddlePaddle Command Injection Remote Code Execution Vulnerability
- CVE-2023-3491: FossBilling Arbitrary File Upload Remote Code Execution Vulnerability
- CVE-2023-3490: FossBilling Pre-authentication Sql Injection Vulnerability
- CVE-2023-3026: Draw.io Cross-Site Scripting Vulnerability
- CVE-2023-29770: Sentrifugo Arbitrary File Upload Remote Code Execution Vulnerability
- CVE-2023-29769: Sentrifugo Pre-authentication Sql Injection Authentication Bypass Vulnerability