~$
01 / About
Offensive security consultant specialising in web application, API, mobile, and network penetration testing. Operating with one of the most respected offensive security teams in the industry, conducting adversarial assessments against enterprise clients across aviation, energy, and financial sectors.
Holder of both a Bachelor's and Master's degree in Computer Engineering from Bahçeşehir University, Istanbul. Former cybersecurity working student at Siemens, with hands-on exposure to IEC 62443, OT/ICS environments, and product security frameworks.
Speaker at MITRE ATT&CKcon 6.0. Fluent in Turkish and English. Outside of offensive work: distance runner, occasional trekker on the Lycian Way, and amateur astronomer.
02 / Expertise
OWASP Top 10, business logic abuse, authentication bypasses, injection chains, and complex multi-step vulnerabilities.
REST & GraphQL assessments, JWT validation flaws, IDOR chains, mass assignment, and payment flow abuse.
iOS & Android reverse engineering, runtime manipulation, certificate pinning bypass, and insecure data storage analysis.
Internal infrastructure assessments, Active Directory exploitation, lateral movement, and ADCS abuse chains.
03 / Speaking