evren's b0x

About

I'm Evren. 38 years old and currently located in USA. I graduated from Istanbul Kultur University with a degree in Communication Design - Multimedia.

I've been in the cybersecurity field for over 5 years, starting as a hobby, and I'm currently working at Picus Red Team. I'm particularly interested in application security because I enjoy reading and writing code.

In my spare time, I participate in bug bounty programs (a.k.a bug bounty). I find it fun to understand new technologies and identify their vulnerabilities.

Feel free to reach out to me via email at evren[at]superbug.co. I'm open to friendly conversation about security, AI, or anything else that interests you.

Selected Projects

LLMBUS

Private

AI Red Team Tool

LLMBUS AI Red Team Tool

ProjectX CTF

Public

CTF Competition

First physical CTF competition in Turkey.

Prompt Firewall

Public

AI Security Research Lab

We are focused on AI security and safety for the future.

Subflaw

Public

Newsletter

A diary of AI security

Detailed case studies available upon request.

Posts

2025-07-31

Prompt Injection and Link-Based Data Exfiltration via PDF Upload in Lumo AI v1.0

2025-04-14

MCP Security v1.0

2025-02-03

DeepSeek Janus Security & Safety Concerns v1.0

2024-05-22

Memory Pollution in LLMs: Understanding New AI Security Concerns v1.1

2024-05-25

LangChain JS Arbitrary File Read Vulnerability v1.2

2024-04-24

Multiple Vulnerabilities in Open Devin (Autonomous AI Software Engineer) v1.0

2024-02-20

Understanding Task Injection Vulnerabilities: A Bug Bounty Perspective v1.0

2023-11-12

GPTs and Assistants API: Data Exfiltration and Backdoor Risks in Code Interpreter v1.2

2023-11-01

GPT-4 Vision Prompt Injection v1.2

2020-09-17

F5 Advanced WAF / ASM Signature Bypass v1.0 [Picus Security]

2020-07-27

Exploiting Electron Applications using Debug Feature v1.0

2020-07-26

Lolbas for Security Researchers v1.0

2020-06-03

Freshdesk Vulnerability v1.0

2018-03-01

Diversify Attack Vectors via Time Management v1.0

2017-11-09

How-To: Find IDOR (Insecure Direct Object Reference) Vulnerabilities for Large Bounty Rewards v1.0 [Bugcrowd]