ozcanpng
was here

Penetration tester, CTF player and security researcher. Writing about what I find.

ozcanpng@pngwashere:~$

$catfocus_areas.md

~/web-app-pentesting

Authenticated & unauthenticated web application assessments across modern stacks.

~/red-teaming

Adversary emulation, initial access, lateral movement and post-exploitation.

~/android-sec

Android app reversing, runtime instrumentation and API abuse.

~/cti

Cyber threat intelligence — tracking actors, IOCs and campaign infrastructure.

~/malware-dev

Offensive tooling, evasion research and custom implants for red team ops.

~/disclaimer

you don't need to know all of them :)

$ls~/honors

RACONF'26 CTF

Individual CTF competition held at the RACONF'26 conference. Third place finish among 49 competitors.

National · Apr 2026

BEING-WiSE CTF 2025 — Team DELiLER

International online CTF. First place in the team category against competitors from across the global cybersecurity community.

International · Online · Nov 2025

Türkiye Siber Vatan Bootcamp CTF 2025 — Solo

On-site CTF exam — the final selection stage for the bootcamp, following a multi-stage online elimination among 6,000+ candidates.

National · Alanya · Jul 2025

Reference Letter — Penetration Testing & Vulnerability Assessment

As part of a penetration test I conducted at Erzurum Technical University, I analyzed security vulnerabilities and reported them to the institution. In recognition of my contribution, I was awarded a letter of reference.

National · Erzurum · Apr 2025

LoR

$ls-la ~/blogs|head-n 4

CTF

RACONF'26 — CTF WRITE-UP

Write-ups for the 6 challenges I solved at RACONF'26: Aurora Industries (web), Nova Media Network (OSINT), kepler10b.apk (mobile), Orbital Communications (forensics), Helix Biocore (crypto), and Quante Systems (reverse).

★★★★☆ · Apr 25, 2026 · 16 min

CVE