Ankara, Türkiye
I focus on finding real-world vulnerabilities through source code analysis and offensive security research. My work involves identifying logic flaws, insecure implementations, and trust boundary violations in modern applications often leading to CVE assignments and coordinated disclosures. Beyond standard security assessments, I spend significant time reading code, understanding how systems fail under edge conditions, and turning those observations into practical security findings. I regularly publish technical write-ups about the vulnerabilities I discover, aiming to contribute to the broader application security community. Offensive security is not only about testing systems but understanding how they are built, and where they break.
• Conduct offensive security assessments on web and mobile applications, including source-code analysis, reverse engineering, and runtime instrumentation. • Develop internal red team tools and automation scripts to support penetration testing, phishing campaigns, and evasion techniques. • Build and maintain custom extensions , tools and payloads for advanced spoofing and traffic inspection scenarios. • Lead phishing simulation campaigns and security awareness initiatives to reduce social engineering risk. • Participate in incident response and forensics investigations, supporting threat analysis and containment activities. • Contribute to evaluation of third-party software security as part of the procurement and vendor risk process. • Collaborate with compliance and vulnerability management teams to align offensive insights with organizational risk posture. • Engage in continuous research on modern attack vectors, detection bypass techniques, and post-exploitation methods. Skills & Focus Areas: Penetration Testing · Reverse Engineering · Android Security · Red Teaming · Incident Response · Tooling & Automation · Social Engineering