visitor@0xemrek.dev:~$

Emre Koca

Offensive Security · Penetration Testing · OSCP+

Computer Engineering student breaking into things on purpose — Active Directory, lateral movement, privilege escalation. I build open-source security tooling and disclose CVEs.

Istanbul, TR · open to security roles & collaboration
profile.json — emre@kali
$ cat profile.json
{
"name": "Emre Koca",
"role": "Offensive Security",
"cert": "OSCP+",
"focus": ["AD", "privesc", "pivoting"],
"cves": 5,
"status": "available"
}
$
> cat about.md 01 / 05

I'm a Computer Engineering student at Istanbul Kültür University, OSCP+ certified and focused on offensive security.

I picked up hands-on penetration testing during an internship at Turkish Ground Services (TGS), with a strong focus on Active Directory exploitation, lateral movement, privilege escalation and pivoting.

I build open-source security tooling — recon-deck and ZeGuard — and publish technical research on LLM security and recent CVEs. So far I've responsibly disclosed vulnerabilities resulting in 5 assigned CVEs.

// quick facts
education
Istanbul Kültür Üni.
Computer Engineering · 2022–2026
experience
Cyber Security Intern
TGS · 2025
award
2nd place · TEKNOFEST 2025
Active Directory pivoting privesc LLM security
$ ls ~/projects 02 / 05
recon-deck view repo ↗

Turns nmap output or an AutoRecon zip into a port-aware recon checklist — pre-filled commands, HackTricks links and per-service tasks — in under 30 seconds. Offline, single Docker image, no telemetry.

Docker recon MIT
ZeGuard view repo ↗

Browser-based, open-source scanner that detects hidden prompt-injection payloads buried inside PDF, DOCX and PPTX files — before they ever reach your LLM pipeline.

LLM security client-side
oscp-arsenal view repo ↗

Self-contained, kill-chain-organized OSCP toolkit. Serves ~60 offensive tools over HTTP from your Kali box for one-liner delivery — enum, AD attack, token abuse, pivoting, AMSI bypass, msfvenom payloads.

OSCP AD attack pivoting
just-one-command view repo ↗

A reflex game about AI-agent safety. Approve or deny the shell commands an agent suggests before the timer runs out — some are routine, some wipe your machine or exfiltrate your secrets.

AI safety game
$ git clone --all → github.com/kocaemre ↗
# cve-research 03 / 05

Vulnerabilities I've discovered and responsibly disclosed. AI accelerates the source review — every finding is verified by hand in a local lab.

7.8 CVE-2026-54555 Permission-gate bypass via shell separators — rtk advisory ↗ 7.5 CVE-2026-54297 Stack-exhaustion DoS in nested param encoder — Faraday advisory ↗ 7.1 CVE-2026-52851 Authenticated blind SQL injection — Traccar advisory ↗ 6.5 CVE-2026-52852 Infinite-loop DoS via cyclic group hierarchy — Traccar advisory ↗ 5.4 CVE-2026-54095 JWT valid after password reset — File Browser advisory ↗
+ Further vulnerabilities under coordinated disclosure across additional open-source projects.
$ ls ~/certifications 04 / 05
OSCP+
OffSec Certified Professional
issued May 2026 · id 182583647
CyberOps Associate
Cisco
blue-team fundamentals
TEKNOFEST 2025
2nd place · Sustainable Cities
team SEKASE · Nov 2025
// also: CCNA — Intro to Networks · TryHackMe Advent of Cyber 2025 · Akbank Cybersecurity Analyst Program
$ tail -f ~/blog 05 / 05
My first CVEs: chasing two small assumptions in Traccar
Using Claude Code as a source-review partner, then validating every finding by hand in a local lab. AI as accelerator, not decision-maker.
medium ↗
I hid an invisible instruction in a Word file — how many of 3 LLMs caught it?
A prompt-injection experiment across ChatGPT, Claude and Gemini, and the open-source defense I built: ZeGuard.
medium ↗