whoami?
I'm Ataberk, a smart contract auditor and offensive security engineer with 7+ years across Web3 and traditional security. I started out in penetration testing (web apps, internal/external networks, Active Directory) and moved into blockchain security, auditing Solidity and Move smart contracts.
Most recently I was
Principal Smart Contract Auditor at Hacken (2023–2026), where I led the auditor team and owned audit delivery across Solidity and Move engagements. Before that I was Lead Offensive Security Engineer at Halborn. Lately I've been building tools like
gossipcat-ai.
More detail on my
LinkedIn or
GitHub.
Certifications
Offensive Security Certified Professional (OSCP)
Offensive Security Web Expert (OSWE)
Certified Red Team Professional (CRTP)
Recognition
CVE-2019-1068: n-day research on a Microsoft SQL Server stack overflow (analyzed the bug and wrote a working exploit). Writeup.
T-Mobile Hall of Fame: XSS, SQLi, and RCE findings.
Mail.ru Hall of Fame: Cross-Site Scripting findings.
HackingWars CTF #1: finished 1st of 324, hosted by Prodaft.
Open source
gossipcat-ai: a multi-agent code-review orchestrator (TypeScript / MCP) where agents cross-verify each other's findings against real code to filter hallucinations.
other stuff
Past member of
CanYouPwn.me. On the offensive side I'm comfortable with AD attack vectors like Kerberoasting and NTLM relaying; on the building side, Solidity and Move auditing plus AI-assisted tooling (Claude Code, Cursor).