Tağmaç | root@Tagoletta:~#

About

Learn more about his

Tagmac Han

Expert Cyber Security Consultant & Back-End Developer

Tağmaç started to learn software at a young age, turned this hobby into a business and started to earn money during his secondary school years by working freelance.

Tağmaç, who went deeper into the software languages, found vulnerabilities on the projects he wrote and started researching how to close these vulnerabilities and stepped into Cyber ​​Security.

He found his first vulnerability at the age of 13, in a web application he developed himself. Tağmaç, who wanted to improve himself in this field, started to do security research. It found and reported vulnerabilities in many web/mobile, browser plug-ins and computer software. Sometimes when him get bored, it finds security vulnerabilities in some open source applications and prepares exploitation code and presents them on the platform called Exploit-DB.

Tağmaç, who likes to challenge, learn programming languages that he does not know, develop new projects with those programming languages, and constantly learn something new, continues to do new tests and research on more than 10 servers of his own at home.

He still works as a vulnerability researcher in his spare time.

  • Birthday: 15 January
  • Website: tagmachan.com
  • City: Ankara, TURKEY
  • Degree: Master
  • Email: info@tagmachan.com
  • Freelance: Available

Developed Projects

Vulnerabilities Found in Enterprise Products

Programming Language that Basically knows

Developed Exploit Codes

Total CVEs

Skills

Security Research in Web Applications 95%
Back-End Development 90%
Security Research in Mobile Application 70%
Security Research in Cloud 50%
Front-End Development 40%
.NET / .NET Core 90%
Python 80%
PHP 70%
Java 50%
Node JS 30%

Resume

Check His Resume

Summary

                                    

He has spent 9+ years working on Development, Server Installation, Network Configuration and Cyber Security. According to his place, the blue team took part in the red team according to his place.

  • Web Application [ Black-Gray-White Box ] Pentest
  • Mobil Application [ Black-Gray-White Box ] Pentest
  • Network Application [ Black-Gray-White Box ] Pentest
  • Microservice Application [ Black-Gray-White Box ] Pentest
  • Cloud [ Black-Gray-White Box ] Pentest
  • Television and Television Application BlackBox Pentest
  • EDR Bypass
  • Windows/Linux/CentOS Server Configuration & Management
  • Network Firewall Configuration & Management
  • Web Firewall Configuration & Management & Testing
  • Malware Analysis
  • SIEM Configuration & Management
  • BackEnd Development

Education

Master's Degree in Cyber Security

2023 - 2025

Ahmet Yesevi University

Management Information Systems

2018 - 2023

Anadolu University

Computer Programming

2013 - 2015

Cumhuriyet University

Professional Experience

Senior Cyber Security Consultant

2022 - Present

Presidency of the Republic of Türkiye Cumhuriyeti

  • Red Teaming Service
  • Development

Cyber Security Consultant & Backend Developer

2023 - 2024

beIN Media Group

  • Red Teaming Service
  • Development

Senior Cyber Security Expert

2022 - Present

BilgeAdam Technology

  • Red Teaming Service
  • Consulting

Cyber Security Expert & Backend Developer

2018 - 2022

beIN Media Group

  • Red Teaming Service
  • BackEnd Development
  • Full-Stack Development

Cyber Security Researcher & Backend Development

2015 - 2018

FreeLancer

  • Red Teaming Service
  • BackEnd Development
  • Full-Stack Development

Cyber Security Researcher & IT Consultant

2013 - 2015

Cumhuriyet University

  • Red Teaming Service
  • Server Installation, Management, Configuration
  • VMesxi Management
  • Network Configuration & Management

Exploits & Projects

Source Code Repository

Type Name Category Description Date
CVE-2025-69460 - Simple Image Gallery 1.0 - Remote Code Execution (Unauthenticated) - Exploit Code ExploitCVE-2025-69460: Unauthenticated Remote Code Execution (RCE) vulnerability in Simple Image Gallery 1.0. Zero-day discovery and exploit by Tağmaç 'Tagoletta'. Wed Jan 21 2026
CVE-2025-69459 - Movie Rating System 1.0 - Broken Access Control (Admin Account Creation) - Exploit Code ExploitCVE-2025-69459: Broken Access Control vulnerability allowing Admin Account Creation in Movie Rating System 1.0. Zero-day discovery and exploit by Tağmaç 'Tagoletta'. Wed Jan 21 2026
CVE-2025-69458 - Movie Rating System 1.0 - SQL Injection to RCE (Unauthenticated) - Exploit Code ExploitCVE-2025-69458: Unauthenticated SQL Injection to Remote Code Execution (RCE) vulnerability in Movie Rating System 1.0. Zero-day discovery and exploit by Tağmaç 'Tagoletta'. Wed Jan 21 2026
CVE-2025-69457 - Responsive Tourism Website 3.1 - Remote Code Execution (Unauthenticated) - Exploit Code ExploitCVE-2025-69457: Unauthenticated Remote Code Execution (RCE) vulnerability in Responsive Tourism Website 3.1. Zero-day discovery and exploit by Tağmaç 'Tagoletta'. Wed Jan 21 2026
CVE-2023-38890 – Online Shopping Portal 3.1 Remote Code Execution - Exploit Code ExploitCVE-2023-38890: Unauthenticated SQL Injection to Remote Code Execution (RCE) vulnerability in Online Shopping Portal 3.1. Zero-day discovery and exploit by Tağmaç 'Tagoletta'. Wed Jan 21 2026
Daily CVE Reporter ProjectDaily CVE Reporter is an automated security tool designated to keep researchers updated on the latest vulnerabilities. It fetches new CVEs from the National Vulnerability Database every 24 hours, automatically detects if a Proof of Concept (PoC) exploit exists, and presents the data in a clean, interactive HTML report. Tue Dec 30 2025
Daily AbuseIP Collector ProjectThe Daily AbuseIP Collector is a .NET 9.0 console application designed to run as a background service within a Docker container. Its primary purpose is to automatically fetch, filter, and store a list of abusive IP addresses from a public blocklist into a MongoDB database. Sun Dec 15 2024
Traffic Offense Management System 1.0 - SQLi to Remote Code Execution (RCE) (Unauthenticated) - Exploit Code ExploitZero-Day Exploit Code for Traffic Offense Management System RCE. Wed Aug 18 2021

Blog

His Works

CVE-2025-69460 – Simple Image Gallery 1.0 - Remote Code Execution (Unauthenticated)

Wed Jan 21 2026

CVE-2025-69460: Unauthenticated Remote Code Execution (RCE) vulnerability in Simple Image Gallery 1.0. Zero-day discovery and exploit by Tağmaç 'Tagoletta'.

CVE-2025-69457 – Responsive Tourism Website 3.1 - Remote Code Execution (Unauthenticated)

Wed Jan 21 2026

CVE-2025-69457: Unauthenticated Remote Code Execution (RCE) vulnerability in Responsive Tourism Website 3.1. Zero-day discovery and exploit by Tağmaç 'Tagoletta'.

CVE-2023-38890 – Online Shopping Portal 3.1 Remote Code Execution

Wed Jan 21 2026

CVE-2023-38890: Unauthenticated SQL Injection to Remote Code Execution (RCE) vulnerability in Online Shopping Portal 3.1. Zero-day discovery and exploit by Tağmaç 'Tagoletta'.

CVE-2025-69458 – Movie Rating System 1.0 - SQL Injection to RCE (Unauthenticated)

Wed Jan 21 2026

CVE-2025-69458: Unauthenticated SQL Injection to Remote Code Execution (RCE) vulnerability in Movie Rating System 1.0. Zero-day discovery and exploit by Tağmaç 'Tagoletta'.

CVE-2025-69459 – Movie Rating System 1.0 - Broken Access Control

Wed Jan 21 2026

CVE-2025-69459: Broken Access Control vulnerability allowing Admin Account Creation in Movie Rating System 1.0. Zero-day discovery and exploit by Tağmaç 'Tagoletta'.

Building a Compact Cyber Security Home Lab with Proxmox

Mon Dec 08 2025

Turning a modest notebook into a powerhouse running Tor, Exploit Dev, Docker, and OPNsense environments.

View All Posts
2024 © Tağmaç Han