Web
eWPTX
Web Application Penetration Tester eXtreme
INE Security · Apr 2026
時の魔法
rootmancer — junior penetration tester: web, network and AI/ML security
Junior penetration tester — web · network · AI/ML.
時の魔法 · focus
Web Application Pentesting
SQLi · XSS · auth flaws · Burp Suite — eWPTX, CWSE
Network Pentesting
Enumeration · exploitation · privesc — CNPen, THM PT1
AI / ML Security
Attacking ML models & LLM-powered apps — C-AI/MLPen
Writeups & Always Learning
TryHackMe & HTB rooms · HTB CWES in progress
I時whoami
About me
I'm a final-year software-engineering student in İstanbul who fell for offensive security and never looked back. My software background means I'm comfortable reading and writing code, which I lean on when I'm breaking web apps.
I'm certified across web, network and AI/ML pentesting, and I'm especially drawn to AI/ML security— a niche that's only getting bigger. Right now I'm sharpening web exploitation while preparing for HackTheBox CWES.
Everything I learn turns into a writeup. I'm looking for a junior pentester role (Türkiye or remote) where I can keep leveling up fast.
rootmancer
Junior Pentester · 時の魔法
- Class
- Junior Penetration Tester
- Affinity
- Web · Network · AI/ML
- Rank
- SWE student · final year
- Grimoire
- 6 sealed
- Forging
- CWES — Hack The Box
- Tongue
- TR (native) · EN (professional)
- Region
- İstanbul · remote-ready
- Status
- open to work
II刻credentials
Certifications
Six earned certifications across web, network and AI/ML security — every one verifiable, plus one more in the forge.
Web
CWSE
Certified Web Security Expert
Hackviser · Feb 2026
Network
CNPen
Certified Network Pentester
The SecOps Group · May 2026
AI/ML
C-AI/MLPen
Certified AI/ML Pentester
The SecOps Group · May 2026
General
CAPT
Certified Associate Penetration Tester
Hackviser · Feb 2026
General
PT1
Junior Penetration Tester
TryHackMe · Apr 2026
In the forge
CWES — Certified Web Exploitation Specialist · Hack The Box
III録learning log
Writeups & Walkthroughs
Beginner-to-intermediate CTF walkthroughs — I document every room I solve. More land as I level up toward CWES.
WebTryHackMeEasy
TryHackMe — Simple CTF
Enumeration → web exploitation via SQL injection, hash cracking, SSH access, then privilege escalation to root.
SQLiHash crackingSSHPrivesc
NetworkTryHackMeEasy
TryHackMe — Basic Pentesting
A full beginner pentest walkthrough: service enumeration, brute-forcing credentials, and privilege escalation, with notes.
EnumerationBrute-forcePrivesc
WebTryHackMeEasy
TryHackMe — RootMe
Bypassing a file-upload filter to plant a PHP web shell, then escalating privileges to root.
File uploadWeb shellPHPPrivesc
WebTryHackMeEasy
TryHackMe — Pickle Rick
A Rick-and-Morty themed web challenge: source-code recon, command execution, and hunting the three secret ingredients.
WebCommand executionRecon
ToolingCTFMedium
Hammer CTF — Brute-force Tooling
A custom Python brute-force script written to solve the Hammer challenge — automating the boring part of the attack.
PythonBrute-forceAutomation
IV映video walkthroughs
Walkthrough Videos
Step-by-step exploitation, recorded end to end — TryHackMe rooms and PortSwigger labs on YouTube.
preview soonTryHackMe5:38
SQL Injection & Command Injection to Root — Operation Promotion
SQLiCommand InjectionPrivesc
preview soonTryHackMe1:31
JWT Privilege Escalation to Admin — TryHeartMe
JWTPrivesc
preview soonPortSwigger2:09
SQL Injection Login Bypass — Web Security Academy
SQLiAuth bypass
preview soonTryHackMe6:28
Operation Coldstart — SSRF + tar Wildcard Injection to Root
SSRFWildcard InjectionPrivesc
preview soonPortSwigger1:37
SQLi in WHERE Clause — Retrieving Hidden Data
SQLi
preview soonTryHackMe6:31
Silent Monitor — SQL Injection to Root via Command Injection
SQLiCommand InjectionPrivesc
preview soonTryHackMe6:49
JWT kid Injection to Admin — Hammer
JWTkid injectionPrivesc
preview soonTryHackMe7:34
Cracking SSH with a Custom Wordlist (CeWL + Hydra) — Checkmate
SSHHydraCeWL
V縁open a channel
Let's talk
Open to junior penetration tester roles — Türkiye or remote. My inbox is open.