Skip to main content
MemCyber

About

Run by a researcher who still writes the PoCs.

I started MemCyber after one engagement: a fintech that had paid two prior firms for pentests and still had a critical authorization flaw in production. I delivered the finding in a morning. The report came back with a working exploit and a one-line fix. That is still how the firm works.

I’m Atilla Mammadli — a security researcher with a long record on public and private bug bounty platforms, smart contract contests, and independent web application assessments. I still write every PoC personally. That is where the signal is.

Every engagement is run by the same senior researcher who scoped it. No junior hand-offs. No subcontractors. That constraint is the trade-off: it lets us move fast, read code carefully, and find the bugs that scanner-driven pipelines miss.

LinkedIn Email
AM
Atilla Mammadli
Founder & Lead Security Researcher
On platform since 2022 — HackerOne, Cantina, Sherlock
Web App · API · Smart Contract (Solidity / Move / Rust)
Coordinated disclosure with 50+ vendors

Credentials

  • Ranked contributor
    Cantina & Sherlock audit contests
  • HackerOne triage history
    50+ valid reports across private programs
  • Responsible disclosure
    Coordinated with fintech, crypto, and SaaS vendors globally
  • Speaker / Writeups
    Technical writeups on IDOR, oracle manipulation, KYC bypass

Platforms & Programs

CantinaSherlockHackerOneCode4rena

Since 2022

A short track record.

Independent research to full firm, one public milestone at a time.

  1. 22
    2022
    First HackerOne submission
    Started independent research on public bug bounty programs.
  2. 23
    2023
    Smart contract entry
    First Solidity audit contest contribution on Cantina and Sherlock.
  3. 24
    2024
    First private engagement
    First paid pentest for a fintech — disclosed a critical authorization flaw two prior firms had missed.
  4. 25
    2025
    Continuous retainer model
    Long-term retainer engagements across fintech and Web3.
  5. 26
    2026
    MemCyber founded
    Independent firm launched. Same commitment: senior researcher on every engagement, no subcontractors.

Expertise

Depth across the surfaces attackers care about.

We specialize in the intersection of application, protocol, and on-chain security — the boundary where the hardest bugs live.

01
Web Application Security
OWASP ASVS L2/L3, business-logic flaws, auth primitives
02
Smart Contract Audit
Solidity (EVM), Move (Sui/Aptos), Rust / Anchor (Solana)
03
API Security
REST, GraphQL, WebSocket, OAuth/OIDC flows
04
Cryptographic Review
Protocol misuse, key management, signature flaws
05
Cloud & Infra
AWS / GCP misconfiguration, IAM privilege paths

How we operate

Values that shape every engagement.

Evidence over opinion

Every finding ships with a working proof-of-concept. If we say it is exploitable, we show you how — and we stop calling it a finding if we cannot.

Signal over noise

We don't pad reports with scanner output, missing headers, or "informational" filler. You get the findings that actually change your risk posture.

Engineer-first reports

Reports are written for the person who will fix them. Executive summary for leadership, root-cause and remediation for engineering.

Responsible by default

All testing runs under written authorization. Scope is respected. Findings go through coordinated disclosure. Always.