oguzhan@ops:~ $ whoami

Oğuzhan
Yılmaz

Offensive Security Researcher — red team operations,
C2 infrastructure & hardware attack surfaces.
Computer Engineering @ Erzurum Technical University

available for red team engagements
github linkedin
focus area

Red Team Operations

Adversary simulation, lateral movement, and persistence mechanisms. Systematic approach to identify and exploit weaknesses before real threats do.

primary

C2 Infrastructure

Building and analyzing command-and-control channels. Hands-on experience with Adaptix and Sliver, and ML-based detection of C2 communication patterns.

primary

Linux & Windows Systems

Linux internals, kernel-level hardening, and system security. Active Directory environments — enumeration, lateral movement, and domain compromise paths in enterprise setups.

core

Web Application Security

OWASP Top 10, WAF evasion, and DevSecOps integration. Designed and taught web security curriculum, built custom tooling for WAF fingerprinting.

applied

Threat Intelligence & OSINT

CTI methodology, dark web monitoring, Shodan, and Google dorking. Contextualizing technical findings into operational threat pictures.

applied

Privilege Escalation

Linux and Windows/AD post-exploitation. Building tools that parse, cross-reference, and surface actionable privesc paths from automated scanner output.

applied
honors & awards
BEiNG-WISE CTF — Team Category
International online CTF. First place in team category against competitors from across the global infosec community.
#1
International · Online
Türkiye Siber Vatan Bootcamp 2025
Multi-stage online elimination with 6,000+ candidates. Selected for in-person technical bootcamp in Alanya.
250 /6k+
National · Alanya
projects
detection · ml · network
c2detected.py

Three-stage pipeline for C2 channel detection. ML pre-classifier on domain and network features, secondary validation layer, multi-stage decision mechanism. Built to surface C2 indicators at scale.

pythonmlnetwork-analysis
● active
recon · web · waf
wafeye.py

Plugin-based WAF detection combining passive and active probing. Maps vendor fingerprints and behavioral patterns. Gives pre-engagement visibility into the security layer in front of a target.

pythonplugin-archhttp-analysis
● active
privesc · linux · triage
pehunter.py

Privilege escalation triage assistant for Linux. Parses linPEAS output and cross-references findings with Exploit-DB to surface the highest-signal vectors without noise.

pythonbashexploit-db
◐ wip
hardware · usb-hid · firmware
badpico.bin

Security analysis of RP2040-based USB HID devices. Investigates the implicit trust model granted to HID and how defensive mechanisms hold up against adversarial firmware.

rp2040cfirmware
◇ research
blog
// more dispatches inbound — writing in progress
about

Offensive security researcher focused on red team operations, system internals, and adversary tooling. I approach security from the attacker's perspective — understand the system, find what breaks, validate it, document it.

Computer Engineering student at ETÜ. Contributing to Türkiye Siber Vatan and a vetted team engagement. Previously taught offensive security at the university's cyber club.

location
Mersin, Türkiye
availability
open to work
github
@oguzylmzx ↗
linkedin
/oguzhanyilmaz ↗