Skip to content

Recep Emir Yardım — Security Researcher

What’s inside

  • Web Application Security: Dynamic and static testing covering OWASP topics (XSS, SQLi, SSRF, IDOR, broken auth/session); PoCs based on Burp/Ffuzz/ffuf/SQLmap/gtfobins; exploit chains and techniques to bypass security controls (CSP, SameSite, rate limiting).

  • Mobile Application Security: Reverse engineering for Android (Smali/DEX, JADX, apktool) and iOS (ObjC/Swift, class-dump, Hopper/IDA); runtime hooks with Frida/Objection, bypassing root/jailbreak/debugger detections and TLS cert-pinning; WebView/JS bridge, Intent/Deep Link, and Content Provider vulnerabilities.

  • HTB / CTF Machines: Network discovery (nmap), service fingerprinting, exploit/poison usage, version-based exploits, pivoting (SSH tunneling, proxychains), privilege escalation (sudo misconfigs, SUID, kernel exploits) and comprehensive write-ups.

  • Malware Development & Analysis: C2 prototypes, packer/obfuscator techniques, static analysis (strings, YARA, PE/ELF/IPA inspection) and dynamic analysis (sandboxing, process tracing, memory forensics); IoC extraction and mitigation recommendations.