0%
Available for collaboration & bug bounty programs

Hi, I'm Yunus Emre Öztaş — bug bounty hunter recognized by Apple, Microsoft, Meta & IBM. Intigriti Top Hacker. Building offensive tools and finding critical vulnerabilities before the bad guys do.

★ Intigriti Top HackerApple HOF Microsoft MSRCMeta Bug BountyIBM HOF
View Achievements ↗ Open Source Tools
mitsec@kali — ~/recon
$ whoami
mitsec — security researcher & developer
$ cat /etc/specialties
web_appsec | mobile_pentest | bug_bounty
$ ls ./achievements/
apple_hof/ microsoft_msrc/ meta_bounty/ ibm_hof/
$ _
Scroll
NETWORK
IPscanning...
LOClocating...
ISPresolving...
VISITORS---
01 / Achievements

Hall of Fame

Recognized by industry leaders for responsible vulnerability disclosure.

🏆★ Top Hacker

Intigriti

Bug Bounty Platform

Ranked among the platform's highest-performing security researchers across multiple programs.

🍎HOF Member

Apple

Security Research HOF

Acknowledged for responsible disclosure of vulnerabilities affecting Apple products and services.

🪟MSRC Acknowledged

Microsoft

MSRC — Security Response Center

Recognized for identifying vulnerabilities across Microsoft's products and cloud infrastructure.

📘Bug Bounty HOF

Meta

Facebook / Instagram / WhatsApp

Listed for reporting critical security issues across Meta's broader platform ecosystem.

💎Hall of Fame

IBM

IBM Security Hall of Fame

Inducted for disclosing critical vulnerabilities affecting IBM's enterprise products.

…and many more recognitions across global organizations

100+HOF Entries
2430+Vulns Reported
1100+P1 Critical
120+Years Exp.
02 / Open Source

Offensive Tools

Purpose-built security tools — live from GitHub, shuffled on every visit.

$ fetching repos from github.com/ynsmroztas_
03 / Arsenal

Skills & Expertise

Skill Radar

Web AppSec 95%
Mobile 90%
Recon 88%
Exploit Dev 82%
Reverse Eng. 78%
Tooling 92%

🔴 Offensive Security

Web Application Security95%
Bug Bounty Hunting93%
Mobile App Pentesting90%
Penetration Testing88%
Reverse Engineering78%

🟢 Development

Python90%
JavaScript / Node.js85%
Bash / Shell Scripting88%

Toolbox

Burp SuiteFridaobjectionjadxMobSFDrozerapktoolShodanKali LinuxnucleisubfinderhttpxSSL Pinning BypassXSSIDORSSRF
04 / Research

CVE & Vulnerability Timeline

Security vulnerabilities researched, exploited, and reported.

CVE-2021-3129
Critical — CVSS 9.8 2021
Laravel / Ignition

Remote Code Execution via Ignition debug mode. Phar deserialization chain leading to arbitrary command execution.

CVE-2023-38646
Critical — CVSS 9.8 2023
Metabase

Pre-auth Remote Code Execution in Metabase via H2 JDBC connection string injection.

CVE-2025-29927
High — CVSS 7.5 2025
Next.js

Middleware authorization bypass via x-middleware-subrequest header manipulation in Next.js applications.

CVE-2025-55182
Critical — CVSS 9.1 2025
Next.js RSC

Remote Code Execution via React Server Components with UTF-16LE WAF bypass technique.

05 / Writeups

Blog & Writeups

Security research, vulnerability writeups, and technical deep-dives.

2026
☕ 8 min read Coming Soon

Chaining Email Enumeration to Full DB Dump

How I combined email enumeration, credential brute force, and SSRF into a chain that led to a complete database dump of 7,000+ records.

SSRFBrute ForceData Exposure
2026
☕ 12 min read Coming Soon

DOM Clobbering + Cross-Origin Exploit Chain

Walkthrough of the Intigriti March 2026 XSS challenge — DOM clobbering with cross-origin window.open for code execution.

XSSDOM ClobberingChallenge
2026
☕ 15 min read Coming Soon

Android Pentesting Without Root — FridHunter

Building a rootless Android pentesting framework using Frida Gadget injection on Termux.

AndroidFridaMobile Security
06 / Connect

Let's Work
Together.

Interested in collaboration, bug bounty programs, or security consulting?

Send Email ↗
Twitter / X@ynsmroztas
GitHub@ynsmroztas
LinkedIn@ynsmroztas
Intigriti@mitsec
Instagram@ynsmroztas
YouTube@ynsmroztas