Application security engineer and AI red team researcher specializing in adversarial LLM attacks, web application security, and vulnerability discovery. 6 published CVEs via MITRE & USOM. eWPTXv3 certified. Former Deloitte CyberOps.
Multi-phase adversarial attack pipeline for red-teaming LLMs. Multi-agent jailbreak generation, system-prompt poisoning, and persona hijacking.
github ↗AI-assisted DAST pipeline. Subfinder, Subzy, FFUF heuristic fuzzing, Nuclei with GPT-4 template selection and automated HTML reporting.
github ↗Threat intelligence platform for credential leak monitoring. Telegram-integrated with Elasticsearch backend for automated leak ingestion and search.
github ↗Stealth Wayback Machine recon with smart URL filtering. Extracts high-value endpoints from historical snapshots.
github ↗Full AI-assisted web scanner: Subfinder, Httpx, FFUF, Katana, WhatWeb, Wappalyzer, Wayback, Subzy, Nuclei. Full report generation.
github ↗AI-generated text optimizer using BERT MLM + Q-Learning + 4-detector ensemble. Reduces AI detection scores while preserving semantic quality.
github ↗Telegram-integrated RAG chatbot tracking Moodle materials, lectures, grades, and attendances in real-time.
github ↗SQL Injection auth bypass PoC for AdminPando v1.0.1. CVSS 10.0 Critical — full unauthenticated admin access.
github ↗Stored XSS in Decap CMS admin preview panel. Contributor-to-admin session hijacking PoC.
github ↗Recon-as-Code: fully automated passive reconnaissance via GitHub Actions CI/CD pipeline.
github ↗Smart home automation implementing 6 GoF design patterns (Singleton, Abstract Factory, Observer, Mediator, Composite, Proxy) in Java.
github ↗Android cryptocurrency trading app with real-time price tracking, buy/sell functionality, and portfolio management.
github ↗Technical review and QA of penetration testing reports. Validated vulnerability findings, impact analysis, and remediation guidance. Alignment with MITRE ATT&CK and CVSS. Refined report structure for international non-Turkish engagements.
Web, mobile, wireless, and LAN penetration tests against real-world targets. AI/ML red team engagements. Cyber threat intelligence including dark web credential leak validation. Mentored junior interns. Built offensive security tooling.
Application security assessments against real-world instances. LAN security tests. Cyber threat intelligence and dark web leak investigations. Wireless penetration testing. Mentored interns. Prepared for eWPT and OSCP.
Application security assessments via Burp Suite and PortSwigger. Custom automation scripts. HackTheBox CTF analysis on Windows machines. Published writeups on Medium. Prepared for CompTIA Security+.
Tested and validated CTF machine vulnerabilities. Published writeups ensuring correct exploit trigger paths per machine design.
Senior Information Systems & Technologies student at Bilkent University (graduating June 2026). Background in C, C++, Python, Java, Kotlin, PHP, Oracle SQL/PLSQL, GoF 23 design patterns, and Linux systems.
Over 16 months of hands-on penetration testing at Bilishim Cybersecurity & Artificial Intelligence and Deloitte CyberOps — web, mobile, wireless, LAN, and AI/ML red team engagements on real-world targets.
Specializing in adversarial LLM security: building red team frameworks (PromptShot), developing threat intelligence platforms (LeakCTL), and publishing CVE research through MITRE and USOM.
90+ technical articles on Medium. First place, Deloitte CTF. Top 2% TryHackMe. IELTS 6.5 Academic. Actively targeting international roles in AI security and offensive research.
Open to international roles in AI security research, offensive security, and red team consulting. Feel free to reach out.
Send an Email