Hi, my name is Oğuz and I am an IT security consultant who’s in the industry of software development and security services since 2017 at various companies. I always had a special interest in computers and cybersecurity, which helped me develop my skills over the years.

If you are interested in the services I offer, please reach out to me!

Work Experience

• IT Security Consultant @ Self-Employed (2026 - Current)

  • Vulnerability Research
  • Red Team and Penetration Tests
  • Malware Analysis

• University Staff Tutor @ University of Vienna (2026 - Current)

  • Tutoring on course “Operating Systems”

• IT Security Consultant (Red Team) @ SBA Research (2022 - 2026)

  • Development of a Red Teaming Framework in C++ and Python
  • Red Teaming and Penetration Tests within complex business environments
  • Realistic phishing simulations
  • Web Application Pentests according to OWASP Methodology

• Linux Software Developer @ Proxmox Server Solutions (2018 - 2022)

  • Development of Proxmox Virtual Environment and other products in Perl
  • Internal network pentests

• Software Developer @ 1NAR Bilişim (2017 - 2018)

  • Development of LogSenTH environment monitoring system
  • Infrastructure deployment and maintenance

CVEs and Research

• (CVE-2026-40369) Windows Kernel Elevation of Privilege Vulnerability
• (CVE-2025-59284) Microsoft Windows TAR File Parsing NTLM Relay Vulnerability
• (0Day) Microsoft Windows TAR File UI Misrepresentation Vulnerability (ZDI-25-1058))
• (0Day) Microsoft Office URI Handler NTLM Response Information Disclosure Vulnerability (ZDI-26-293)
• Stay tuned for upcoming research…

Talks

• Red Teaming 2.0: Modern Attacks and Defenses
• CVE-2025-59284: How reading a gnu manpage led to a Windows NetNTLM phishing exploit

Certifications

• OSCP (Offensive Security Certified Professional)
• CRTO (Certified Red Team Operator)
• CRTL (Certified Red Team Lead)
• GWAPT (GIAC Web Application Penetration Tester)
• LPIC-1 (Linux Professional Institute Certified)

Projects

• ArchStrike (2016-2024): An Arch Linux based repository for security professionals, including various pentesting and security tools.

Skills

• Reverse Engineering (x86, x64) and Debugging (Userspace, Kernelspace)
• Programming and scripting languages (C, C++, Python, Perl, Javascript, …)
• Red Teaming
• Penetration Testing
• Application Security
• Threat Modeling
• System Administration
• Software Development

Languages

• Turkish (native)
• English (advanced)
• German (advanced)