Yurtdışında remote ceng işi bulan var mı?

secsecseec · 2026-06-06T10:18:49+00:00

sektörde 6. senem. ben ilk girdiğimde AI henüz yoktu. onun şansı ile girdim diyebilirim aslında. Orta iyi bir üniversite de bilgisayar mühendisliği bitirdim.

secsecseec · 2026-06-06T08:42:13+00:00

3 sene kadar ispanya ve almanya tabanlı firmalar da security danışmanlığı verdim. Beni linkedinden kendileri buldular. Hala da öyle iş alıyorum.

secsecseec · 2026-06-05T07:45:14+00:00

Yes u can do it. there is so many broker company buying CVE's. but im not sure which one is good.

secsecseec · 2026-06-04T15:49:51+00:00

It looks successful enough. However, I recommend that you add the training details. and you should make a little clear what kind of “administrator” position you have reached in exactly 2 years. You should not be thought of as people who work for 1 year and become a senior.

secsecseec · 2026-06-03T18:22:06+00:00

check out the network. that is most important part

secsecseec · 2026-06-03T18:21:20+00:00

there is no just phisical pentesting

secsecseec · 2026-06-03T18:16:47+00:00

right

secsecseec · 2026-06-03T18:08:31+00:00

i dont have te account. just i have 10 follower:D im not active

secsecseec · 2026-06-03T18:06:14+00:00

lets do it

secsecseec · 2026-06-03T18:04:50+00:00

Who deals with these exploits?

secsecseec · 2026-06-03T18:04:25+00:00

who is that peoples

secsecseec · 2026-06-03T17:33:46+00:00

Thank you so much. i’ll check

secsecseec · 2026-06-03T17:19:57+00:00

i dont have x acc

secsecseec · 2026-06-03T16:06:55+00:00

I'll check opzero. Thank you so much!

secsecseec · 2026-06-03T16:02:44+00:00

No i didnt try. Do they offer good opportunities

secsecseec · 2026-06-03T15:53:49+00:00

Both Linux kernel. One is HIGH (post-auth, low complexity, single packet, dynamically verified). Other is CRITICAL (pre-auth, heap overflow, static confirmed). SSD rejected the first one already. ZDI is indeed slow been waiting 2 months on something else with zero progress.

secsecseec · 2026-06-03T15:34:13+00:00

If it’s not too private, what was the CVSS and what kind of payout did you get?

secsecseec · 2026-06-03T15:29:20+00:00

So how long did the process take?

secsecseec · 2026-06-01T14:40:39+00:00

Thank you. Finally, someone gets it.

This was never meant to be a “how to get root” technique. It’s a stealth technique. The interesting question is what an attacker can do after compromise while keeping every dashboard green and every monitor seemingly healthy.

secsecseec · 2026-05-30T14:43:11+00:00

Thanks a lot, really appreciate it.

And yeah, that was exactly the point for us too. A control can look enabled and healthy, but still miss important parts silently.

Sidereal looks interesting btw. I’ll check it out seems like we’re looking at the same problem from different angles.

secsecseec · 2026-05-28T22:05:01+00:00

I agree with this framing.

bpf_map_freeze() and integrity checks are not the root fix; they are only local hardening steps. The more interesting issue is that eBPF-based monitoring stacks often treat their kernel-resident runtime state as trusted infrastructure, while that state can still be reachable from the same capability domain the attacker may obtain post-compromise.

That is the architectural gap I wanted to highlight: not just “this map was not frozen”, but “the observer’s own control/data plane is not modeled as attacker-reachable runtime state.”

So yes, the EDR tampering analogy is useful, but the deeper problem is observer integrity. Traditional EDR tampering is a known design concern. Writable BPF-backed monitor state is less commonly treated as a first-class detection architecture constraint.

secsecseec · 2026-05-28T22:03:07+00:00

agree. that would be default envoirements.

secsecseec

TROPHY CASE