Skip to content
View sefabasnak's full-sized avatar
2 followers · 14 following
  • tielestudio.com
  • Turkey

Block or report sefabasnak

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
sefabasnak/README.md

whoami

I work at the intersection of cyber threat intelligence, offensive security, application security and security product development.

My focus is not only finding vulnerabilities, but also building systems that help organizations detect, understand and act on external cyber risks before they become incidents.

I build security-focused tools, automate intelligence workflows and develop products around real-world attacker behavior, exposed assets, leaked credentials and fraud signals.

focus

CTI                  ████████████
Offensive Security   ███████████░
Malware Analysis     ██████████░░
AppSec               ██████████░░
ASM                  ███████████░
Security Products    ████████████
Automation           ███████████░

Security Research

CVE-2025-63317

Todoist v8896 — Cross-Site Scripting Vulnerability

Discovered and reported a Cross-Site Scripting vulnerability affecting Todoist v8896.

The issue was related to SVG file upload handling in /api/v1/uploads. Uploaded SVG files were not properly sanitized, allowing embedded JavaScript to execute when the attachment was opened from a task or comment.

References

External Threat Visibility

Threat Proxy is a cyber threat intelligence platform designed to make external threats visible, track leaked data, monitor exposed assets and help organizations take early action. 

Threat Proxy
├─ Dark Web Intelligence
├─ Credential Exposure Tracking
├─ Attack Surface Visibility
├─ Malware IOC Monitoring
├─ Phishing & Brand Abuse Tracking
└─ Fraud Intelligence

Core Capabilities

  • Dark web and hacker forum monitoring
  • Data leak and credential exposure tracking
  • Corporate domain, email and username monitoring
  • Exposed service and critical port monitoring
  • Malware IOC, malicious URL and blacklist IP tracking
  • Phishing and brand abuse monitoring
  • Fraud intelligence and early warning signals
See the invisible. Act early.

Arsenal

Code

Data

Infra

Workflow

Operating Model

collect  →  correlate  →  enrich  →  prioritize  →  report  →  act

I mostly work on systems that transform raw security signals into actionable intelligence.

GitHub Telemetry


Cybersecurity is not only about finding what is broken.
It is about seeing what others miss before it becomes visible.

Popular repositories Loading

  1. MULTIPLE-PING MULTIPLE-PING Public

    This Python application is used to send ICMP pings to multiple IP addresses.

    Python 1

  2. toplu-mail toplu-mail Public

    Toplu mail

    Python 1

  3. windows-temelleri windows-temelleri Public

    1

  4. sitemapper sitemapper Public

    Python 1

  5. sefabasnak sefabasnak Public

    1

  6. Windows-Privilege-Escalation Windows-Privilege-Escalation Public

    Forked from frizb/Windows-Privilege-Escalation

    Windows Privilege Escalation Techniques and Scripts

    Batchfile 1