About

Hello,

I write blog posts which are mostly related to computer security. Currently, I’m living in Berlin, Germany.

You can find more information about me on my LinkedIn profile.

Do not hesitate to get in touch with me.

Interested in

Finding or analyzing security problems of computer software.
Robustness Testing for Software Development such as fuzz testing and related sub-topics https://github.com/cemonatk/onefuzzyway.
Coding.

Some of my amateur/college projects

Padding Oracle Demo 1
Estimator Tool Development for Number of People in a Particular Area
Designing Downgrader from LTE GRC Block for UHDs
EMP Generator Circuit on PCB 1, 2
KOU OBS iOS Mobile Application 1, 2
Temperature Measurement on MSP430 MCU (Microcontroller Unit) Server via Bluetooth Comm.
Simple Link Shortener 1

Bug Bounty & Security Research Acknowledgments	Memory Safety Vulnerability Research
35𝒕𝒉 and 92𝒕𝒉 (Nickname: Arif Isik) on Microsoft Security Response Center's Top 100 Security Researchers of 2018. Attended BlueHat18 invite-only conference in Microsoft's Headquarters, Seattle OpenAI (Duplicate) CVE-2017-8758: Microsoft Exchange Server Elevation of Privilege Vulnerability - Allowed to obtain victim's data on Outlook Web Access by sending crafted emails even it is not opened by the victim. PoC Video. More detailed PoC Video is available upon request. Oracle - (6 bugs in same Critical Patch Update) Google Apple - 2017 and 2018 Several bugs of Microsoft's products and online services. (Since 2016) 1, 2 Mail.Ru and Pentagon Geeks for Geeks CERT-EU IT Department of Kocaeli University 1, 2 Some private programs from several platforms and direct-invites from some of big companies	Apple OS X Component PPP Vulnerability, 2026 (Acknowledgement) Null Pointer Dereference Bug on Oracle VM VirtualBox, Ticket, PoC.cpp Google Chromium Remote Heap Memory Corruption, Exploit-DB Memory Corruption (Access Violation) on Zoom for Windows (2021). Fixed and rewarded by the vendor. Two vulnerabilities in MIT Kerberos (krb5). Advisory Null pointer dereference: CVE-2026-40355. Read overrun: CVE-2026-40356. Multiple bugs in Vim Editor (Written in C). Heap Overflows: CVE-2021-3903, CVE-2021-3927, CVE-2021-3973, CVE-2021-3984. Use of Uninitialized Variable: CVE-2021-3928. Use After Free: CVE-2021-3974. Multiple bugs in tsMuxer which is used by Universal Media Server (https://www.universalmediaserver.com/about/) internally - Most starred transport stream muxer project on Github (Written in C++). Out-of-bounds Read: CVE-2021-34070 - Report, code is actually from ffmpeg project Heap Overflows: CVE-2021-34067, CVE-2021-34068, CVE-2021-34071, CVE-2021-35344, CVE-2021-35346. Divide-by-zero: CVE-2021-34069. Multiple bugs in ffjpeg project. Heap Overflows: CVE-2021-44956. Buffer Overflow in global: CVE-2021-44957

Bug Bounty & Security Research Acknowledgments

Memory Safety Vulnerability Research

35𝒕𝒉 and 92𝒕𝒉 (Nickname: Arif Isik) on Microsoft Security Response Center's Top 100 Security Researchers of 2018. Attended BlueHat18 invite-only conference in Microsoft's Headquarters, Seattle
OpenAI (Duplicate)
CVE-2017-8758: Microsoft Exchange Server Elevation of Privilege Vulnerability - Allowed to obtain victim's data on Outlook Web Access by sending crafted emails even it is not opened by the victim. PoC Video. More detailed PoC Video is available upon request.
Oracle - (6 bugs in same Critical Patch Update)
Google
Apple - 2017 and 2018
Several bugs of Microsoft's products and online services. (Since 2016) 1, 2
Mail.Ru and Pentagon
Geeks for Geeks
CERT-EU
IT Department of Kocaeli University 1, 2
Some private programs from several platforms and direct-invites from some of big companies

Apple OS X Component PPP Vulnerability, 2026 (Acknowledgement)
Null Pointer Dereference Bug on Oracle VM VirtualBox, Ticket, PoC.cpp
Google Chromium Remote Heap Memory Corruption, Exploit-DB
Memory Corruption (Access Violation) on Zoom for Windows (2021). Fixed and rewarded by the vendor.
Two vulnerabilities in MIT Kerberos (krb5). Advisory
- Null pointer dereference: CVE-2026-40355.
- Read overrun: CVE-2026-40356.
Multiple bugs in Vim Editor (Written in C).
- Heap Overflows: CVE-2021-3903, CVE-2021-3927, CVE-2021-3973, CVE-2021-3984.
- Use of Uninitialized Variable: CVE-2021-3928.
- Use After Free: CVE-2021-3974.
Multiple bugs in tsMuxer which is used by Universal Media Server (https://www.universalmediaserver.com/about/) internally - Most starred transport stream muxer project on Github (Written in C++).
- Out-of-bounds Read: CVE-2021-34070 - Report, code is actually from ffmpeg project
- Heap Overflows: CVE-2021-34067, CVE-2021-34068, CVE-2021-34071, CVE-2021-35344, CVE-2021-35346.
- Divide-by-zero: CVE-2021-34069.
Multiple bugs in ffjpeg project.
- Heap Overflows: CVE-2021-44956.
- Buffer Overflow in global: CVE-2021-44957

Other

Ex-Core Member at CanYouPwn.Me
Ex-Member of WeedSquad
Python for Hackers Instructor at PwnlyDays
OSCP, OSCE, and Google Cloud Professional Cloud Security Engineer certifications