About

Hello,

I write blog posts which are mostly related to computer security. Currently, I’m living in Berlin, Germany.

You can find more information about me on my LinkedIn profile.

Do not hesitate to get in touch with me.

Interested in

1. Finding or analyzing security problems of computer software.
2. Robustness Testing for Software Development such as fuzz testing and related sub-topics https://github.com/cemonatk/onefuzzyway.
3. Coding.

Some of my amateur/college projects

1. Padding Oracle Demo 1
2. Estimator Tool Development for Number of People in a Particular Area
3. Designing Downgrader from LTE GRC Block for UHDs
4. EMP Generator Circuit on PCB 1, 2
5. KOU OBS iOS Mobile Application 1, 2
6. Temperature Measurement on MSP430 MCU (Microcontroller Unit) Server via Bluetooth Comm.
7. Simple Link Shortener 1

Security researcher acknowledgments

1. 35𝒕𝒉 and 92𝒕𝒉 (Nickname: Arif Isik) on Microsoft Security Response Center’s Top 100 Security Researchers of 2018. Attended BlueHat18 invite-only conference in Microsoft’s Headquarters, Seattle
2. CVE-2017-8758: Microsoft Exchange Server Elevation of Privilege Vulnerability - Allowed to obtain victim’s data on Outlook Web Access by sending crafted emails even it is not opened by the victim. PoC Video. More detailed PoC Video is available upon request.
3. Null Pointer Dereference Bug on Oracle VM VirtualBox, Ticket, PoC.cpp
4. Google Chromium Remote Heap Memory Corruption, Exploit-DB
5. Oracle - (6 bugs in same Critical Patch Update)
6. Google
7. Apple
8. Several bugs of Microsoft’s products and online services. (Since 2016) 1, 2
9. Mail.Ru and Pentagon
10. Geeks for Geeks
11. CERT-EU
12. IT Department of Kocaeli University 1, 2
13. Some private programs from several platforms and direct-invites from some of big companies

Other Bugs:

1. Memory Corruption (Access Violation) on Zoom for Windows (2021). Fixed and rewarded by the vendor.

2. Multiple bugs in Vim Editor (Written in C).
   • Heap Overflows: CVE-2021-3903, CVE-2021-3927, CVE-2021-3973, CVE-2021-3984.
   • Use of Uninitialized Variable: CVE-2021-3928.
   • Use After Free: CVE-2021-3974.
3. Multiple bugs in tsMuxer which is used by Universal Media Server (https://www.universalmediaserver.com/about/) internally - Most starred transport stream muxer project on Github (Written in C++).
   • Out-of-bounds Read: CVE-2021-34070 - Report, code is actually from ffmpeg project
   • Heap Overflows: CVE-2021-34067, CVE-2021-34068, CVE-2021-34071, CVE-2021-35344, CVE-2021-35346.
   • Divide-by-zero: CVE-2021-34069.
4. Multiple bugs in ffjpeg project.
   • Heap Overflows: CVE-2021-44956.
   • Buffer Overflow in global: CVE-2021-44957

Other

1. Ex-Core Member at CanYouPwn.Me
2. Ex-Member of WeedSquad
3. Python for Hackers Instructor at PwnlyDays