About

Learn more about his

Expert Cyber Security Consultant & Back-End Developer

Tağmaç started to learn software at a young age, turned this hobby into a business and started to earn money during his secondary school years by working freelance.

Tağmaç, who went deeper into the software languages, found vulnerabilities on the projects he wrote and started researching how to close these vulnerabilities and stepped into Cyber ​​Security.

He found his first vulnerability at the age of 13, in a web application he developed himself. Tağmaç, who wanted to improve himself in this field, started to do security research. It found and reported vulnerabilities in many web/mobile, browser plug-ins and computer software. Sometimes when him get bored, it finds security vulnerabilities in some open source applications and prepares exploitation code and presents them on the platform called Exploit-DB.

Tağmaç, who likes to challenge, learn programming languages that he does not know, develop new projects with those programming languages, and constantly learn something new, continues to do new tests and research on more than 10 servers of his own at home.

He still works as a vulnerability researcher in his spare time.

  • Birthday: 15 January
  • Website: tagmachan.com
  • City: Ankara, TURKEY
  • Degree: Master
  • Email: info@tagmachan.com
  • Freelance: Available

Developed Projects

Vulnerabilities Found in Enterprise Products

Programming Language that Basically knows

Developed Exploit Codes

Skills

Security Research in Web Applications 95%
Back-End Development 90%
Security Research in Mobile Application 70%
Security Research in Cloud 50%
Front-End Development 40%
.NET / .NET Core 90%
Python 80%
PHP 70%
Java 50%
Node JS 30%

Resume

Check His Resume

Sumary

                                    

He has spent 9+ years working on Development, Server Installation, Network Configuration and Cyber Security. According to his place, the blue team took part in the red team according to his place.

  • Web Application [ Black-Gray-White Box ] Pentest
  • Mobil Application [ Black-Gray-White Box ] Pentest
  • Network Application [ Black-Gray-White Box ] Pentest
  • Microservice Application [ Black-Gray-White Box ] Pentest
  • Cloud [ Black-Gray-White Box ] Pentest
  • Television and Television Application BlackBox Pentest
  • EDR Bypass
  • Windows/Linux/CentOS Server Configuration & Management
  • Network Firewall Configuration & Management
  • Web Firewall Configuration & Management & Testing
  • Malware Analysis
  • SIEM Configuration & Management
  • BackEnd Development

Education

Master's Degree in Cyber Security

2023 - 2025

Ahmet Yesevi University

Management Information Systems

2018 - 2023

Anadolu University

Computer Programming

2013 - 2015

Cumhuriyet University

Professional Experience

Senior Cyber Security Consultant

2022 - Present

Presidency of the Republic of Türkiye Cumhuriyeti

  • Red Teaming Service
  • Development

Cyber Security Consultant & Backend Developer

2023 - 2024

beIN Media Group

  • Red Teaming Service
  • Development

Senior Cyber Security Expert

2022 - Present

BilgeAdam Technology

  • Red Teaming Service
  • Consulting

Cyber Security Expert & Backend Developer

2018 - 2022

beIN Media Group

  • Red Teaming Service
  • BackEnd Development
  • Full-Stack Development

Cyber Security Researcher & Backend Development

2015 - 2018

FreeLancer

  • Red Teaming Service
  • BackEnd Development
  • Full-Stack Development

Cyber Security Researcher & IT Consultant

2013 - 2015

Cumhuriyet University

  • Red Teaming Service
  • Server Installation, Management, Configuration
  • VMesxi Management
  • Network Configuration & Management

Exploits & Projects

Source Code Repository

Type Name Category Description Date
Daily AbuseIP Collector Project The Daily AbuseIP Collector is a .NET 9.0 console application designed to run as a background service within a Docker container. Its primary purpose is to automatically fetch, filter, and store a list of abusive IP addresses from a public blocklist into a MongoDB database. Sun Dec 15 2024
Movie Rating System 1.0 - SQL Injection to Remote Code Execution (Unauthenticated) Exploit Movie Rating System Unauthenticated SQL Injection and Unauthenticated Remote Code Execution Tue Jan 04 2022
Movie Rating System 1.0 - Admin Account Creation (Unauthenticated) Exploit Movie Rating System Unauthenticated Admin Account Creation Tue Jan 04 2022
Traffic Offense Management System 1.0 - Remote Code Execution (Unauthenticated) Exploit Traffic Offense Management System Unauthenticated Remote Code Execution Tue Aug 31 2021
Simple Image Gallery 1.0 - Remote Code Execution (Unauthenticated) Exploit Simple Image Gallery CMS Unauthenticated Remote Code Execution Tue Aug 17 2021
Responsive Tourism Website 3.1 - Remote Code Execution (Unauthenticated) Exploit Zero-Day Discovery & Exploit Development: Responsive Tourism CMS Mon Jun 21 2021
Online Shopping Portal 3.1 - Remote Code Execution (Unauthenticated) Exploit Zero-Day Discovery & Exploit Development: Online Shopping Portal Sun Jun 06 2021

Blog

His Works

No posts found.

View All Posts
2024 © Tağmaç Han