About

Learn more about his

Tagmac Han

Expert Cyber Security Consultant & Back-End Developer

Tağmaç started to learn software at a young age, turned this hobby into a business and started to earn money during his secondary school years by working freelance.

Tağmaç, who went deeper into the software languages, found vulnerabilities on the projects he wrote and started researching how to close these vulnerabilities and stepped into Cyber ​​Security.

He found his first vulnerability at the age of 13, in a web application he developed himself. Tağmaç, who wanted to improve himself in this field, started to do security research. It found and reported vulnerabilities in many web/mobile, browser plug-ins and computer software. Sometimes when him get bored, it finds security vulnerabilities in some open source applications and prepares exploitation code and presents them on the platform called Exploit-DB.

Tağmaç, who likes to challenge, learn programming languages that he does not know, develop new projects with those programming languages, and constantly learn something new, continues to do new tests and research on more than 10 servers of his own at home.

He still works as a vulnerability researcher in his spare time.

  • Birthday: 15 January
  • Website: tagmachan.com
  • City: Ankara, TURKEY
  • Degree: Master
  • Email: [email protected]
  • Freelance: Available

Developed Projects

Vulnerabilities Found in Enterprise Products

Programming Language that Basically knows

Developed Exploit Codes

Skills

Security Research in Web Applications 95%
Back-End Development 90%
Security Research in Mobile Application 70%
Security Research in Cloud 50%
Front-End Development 40%
.NET / .NET Core 90%
Python 80%
PHP 70%
Java 50%
Node JS 30%

Resume

Check His Resume

Summary

                                    

He has spent 9+ years working on Development, Server Installation, Network Configuration and Cyber Security. According to his place, the blue team took part in the red team according to his place.

  • Web Application [ Black-Gray-White Box ] Pentest
  • Mobil Application [ Black-Gray-White Box ] Pentest
  • Network Application [ Black-Gray-White Box ] Pentest
  • Microservice Application [ Black-Gray-White Box ] Pentest
  • Cloud [ Black-Gray-White Box ] Pentest
  • Television and Television Application BlackBox Pentest
  • EDR Bypass
  • Windows/Linux/CentOS Server Configuration & Management
  • Network Firewall Configuration & Management
  • Web Firewall Configuration & Management & Testing
  • Malware Analysis
  • SIEM Configuration & Management
  • BackEnd Development

Education

Master's Degree in Cyber Security

2023 - 2025

Ahmet Yesevi University

Management Information Systems

2018 - 2023

Anadolu University

Computer Programming

2013 - 2015

Cumhuriyet University

Professional Experience

Senior Cyber Security Consultant

2022 - Present

Presidency of the Republic of Türkiye Cumhuriyeti

  • Red Teaming Service
  • Development

Cyber Security Consultant & Backend Developer

2023 - 2024

beIN Media Group

  • Red Teaming Service
  • Development

Senior Cyber Security Expert

2022 - Present

BilgeAdam Technology

  • Red Teaming Service
  • Consulting

Cyber Security Expert & Backend Developer

2018 - 2022

beIN Media Group

  • Red Teaming Service
  • BackEnd Development
  • Full-Stack Development

Cyber Security Researcher & Backend Development

2015 - 2018

FreeLancer

  • Red Teaming Service
  • BackEnd Development
  • Full-Stack Development

Cyber Security Researcher & IT Consultant

2013 - 2015

Cumhuriyet University

  • Red Teaming Service
  • Server Installation, Management, Configuration
  • VMesxi Management
  • Network Configuration & Management

Exploits & Projects

Source Code Repository

Type Name Category Description Date
Daily CVE Reporter ProjectDaily CVE Reporter is an automated security tool designated to keep researchers updated on the latest vulnerabilities. It fetches new CVEs from the National Vulnerability Database every 24 hours, automatically detects if a Proof of Concept (PoC) exploit exists, and presents the data in a clean, interactive HTML report. Tue Dec 30 2025
Daily AbuseIP Collector ProjectThe Daily AbuseIP Collector is a .NET 9.0 console application designed to run as a background service within a Docker container. Its primary purpose is to automatically fetch, filter, and store a list of abusive IP addresses from a public blocklist into a MongoDB database. Sun Dec 15 2024
Movie Rating System 1.0 - SQL Injection to RCE (Unauthenticated) ExploitZero-Day Discovery & Exploit Development: Movie Rating System SQLi to RCE Tue Dec 21 2021
Movie Rating System 1.0 - Broken Access Control (Admin Account Creation) ExploitZero-Day Discovery & Exploit Development: Movie Rating System Broken Access Control Tue Dec 21 2021
Traffic Offense Management System 1.0 - SQLi to Remote Code Execution (RCE) (Unauthenticated) ExploitZero-Day Discovery & Exploit Development: Traffic Offense Management System Wed Aug 18 2021
Simple Image Gallery 1.0 - Remote Code Execution (Unauthenticated) ExploitZero-Day Discovery & Exploit Development: Simple Image Gallery Mon Aug 16 2021
Responsive Tourism Website 3.1 - Remote Code Execution (Unauthenticated) ExploitZero-Day Discovery & Exploit Development: Responsive Tourism CMS Mon Jun 21 2021
CVE-2023-38890 – Online Shopping Portal 3.1 Remote Code Execution ExploitCVE-2023-38890 - Zero-Day Discovery & Exploit Development: Online Shopping Portal Thu Jun 17 2021

Blog

His Works

Building a Compact Cyber Security Home Lab with Proxmox
Mon Dec 08 2025

Turning a modest notebook into a powerhouse running Tor, Exploit Dev, Docker, and OPNsense environments.

View All Posts
2024 © Tağmaç Han