👋 Hi, I'm Devran Atuğ
Red Team Security Engineer · Bug Bounty Hunter · TEDx Organizer
I’m a 19‑year‑old university student with ~2 years of hands‑on cybersecurity experience. My core focus areas are Web & Mobile Application Security, real‑world vulnerability research, and exploit development. I also work with Amazon Web Services (AWS), delve into Active Directory defence & attack surface analysis, and explore digital forensics.
-
CTF Competitions: I regularly compete in national & international CTFs, building offensive tooling and sharing knowledge with teammates. I regularly compete in national & international CTFs, building offensive tooling and sharing knowledge with teammates.
-
Bug Bounty: Listed in multiple local and international Hall of Fame pages for responsible disclosure efforts.
-
Professional Services: Provide penetration‑testing engagements for organisations, emphasising actionable remediation and clear reporting.
-
Continuous Learning: I invest heavily in research, reverse‑engineering, and lab environments to sharpen my tradecraft.
🚀 Featured Articles
-
GLPI Pre‑authentication RCE / CVE‑2025‑24801 – Analysis & PoC
Remote code execution on GLPI 10.0.17 via unauthenticated PHP upload.
→ Document -
Next.js v12 → v15 CVE‑2025‑29927 – Analysis & PoC
Bypassing middleware controls by forging thex-middleware-subrequestheader.
→ Document -
CVE‑2025‑24813 | Tomcat Session Deserialization RCE
Chained RCE through partial PUT of.sessionfiles and deserialisation.
→ Document