Munich, Bavaria, Germany
I'm an offensive security specialist with 7+ years of hands-on experience in red teaming, vulnerability research, and full-spectrum penetration testing from embedded devices and firmware to modern web and mobile applications. So far, my work has involved: - Security testing and analysis of medical and IoT systems at the hardware and software level - Web/mobile/API pentesting, source code analysis, and hardened system bypasses - Exploit development, reverse engineering, and protocol fuzzing - Advanced assessments targeting wireless interfaces (BLE, Wi-Fi, NFC, RFID), USB/serial ports, and secure boot environments - End-to-end research: from physical access attacks (JTAG, UART, chip-off) to OS-level privilege escalation on Windows, Linux, and RTOS - Hands-on experience with OSINT investigations, cyber threat intelligence, and dark web monitoring for threat actor profiling and risk reporting in real-world scenarios. I hold the OSEP, OSWE, OSCP, and OSWP certifications, and I have academic backgrounds in Software Engineering and Management Information Systems. I’ve earned multiple awards in national and private-sector CTF competitions, and occasionally participate in bug bounty programs with a focus on high-impact findings. Currently helping organizations build secure systems by identifying vulnerabilities before attackers do.
- Vulnerability research and exploit development on medical and IoT devices - Web, mobile (iOS, Android), and API penetration testing - Source code analysis to identify security vulnerabilities across embedded, web, and application-level components - Firmware extraction and analysis via UART, JTAG etc. - Reverse engineering of proprietary protocols and binaries (Windows, Linux, .NET, ELF, PE) - OS-level security testing and privilege escalation on Windows, Linux, and real-time operating systems (RTOS), depending on target architecture - Bypass and exploitation of hardened systems, including kiosk environments and restricted shells - Protocol security testing: Modbus, CAN bus, BLE, NFC, RFID, Zigbee, Wi-Fi, and manufacturer-specific custom protocols - Wireless protocol assessments, including fuzzing, traffic analysis, and attack simulation - USB and serial interface security testing, including access control bypass, device emulation, and firmware drop techniques - Development of custom fuzzers, instrumentation tools, and dynamic analysis frameworks - Real-world device takeovers and hands-on exploitation of physical targets in lab and field environments
- Conducted red team operations and penetration tests (web, API, Wi-Fi, internal/external networks, AD) - Performed application and mobile app security testing (static & dynamic), secure code review - Carried out API and +100 web application pentests, reported to developers with actionable findings - Conducted threat intelligence and OSINT research, including dark web monitoring and leak site tracking, to support IOC/TTP reporting. - Assisted blue, SOC/NOC teams during incidents using log analysis, forensic methods, and threat hunting - Performed phishing simulations and social engineering attacks targeting large enterprise environments with customized scenarios. - Used and customized 50+ tools (e.g. Burp Suite, OWASP ZAP, Acunetix, Nessus, Fortify, Nmap); wrote own scripts - Collaborated in large-scale environments (+1M users), analyzing malware and remediating high-impact 1-day vulnerabilities with relevant teams. - Provided forensic intelligence supporting law enforcement efforts in identifying real-world threat actors.
- Led offensive security projects for many clients across finance, defense, telecom, energy, and government sectors - Conducted red teaming engagements including physical security testing (e.g. RFID cloning, Wi-Fi attacks, lock picking) - Performed full-scope penetration testing (web/mobile apps, internal/external networks, social engineering, DDoS) - Managed and mentored Red Team & CTI unit, delivering tailored threat intelligence and technical reporting - Designed and developed 5+ threat intelligence tools from scratch (e.g. IOC pools, phishing detection, dark web monitoring, leak data analysis)
- Worked on the Turkcell MAXIMO Team using Java Spring MVC and Oracle PL/SQL. - Built mini internal tools with Python/Django and PostgreSQL.