Skip to content
View meinsoft's full-sized avatar
👨‍💻
👨‍💻

Block or report meinsoft

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
meinsoft/README.md

⚔️ Muhammedali Aliyev

🛡️ Security Researcher  ·  🐍 Backend Developer  ·  🎯 CTF Player

Profile views Followers Stars


- Name: Muhammedali Aliyev.
- From: Baku, Azerbaijan.
- Day job: Security Researcher & Backend Developer.
- Currently: studying Logistics at Azerbaijan Technical University.
- Also: CVE Author, CTF Challenge Author.
- Off the clock: breaking things for fun, competing in CTFs worldwide.


🛠️ Technologies & Tools

⚙️ Backend & Databases

Backend stack

🔧 DevOps & Infra

DevOps

🛡️ Security Tools

🧰 Frameworks & Libraries


🔴 CVE & Security Research

CVE-2026-45430    
Missing state parameter validation in the Backdrop CMS Salesforce OAuth 2.0 authorization flow. Callback endpoint was exposed to CSRF attacks enabling unauthorized account linkage and potential account takeover. Conducted responsible disclosure to the Backdrop Security Team, provided a proof-of-concept, and collaborated on the patch shipped in v1.x-1.0.1.

CVSS: AV:N/AC:H/PR:N/UI:R — C:H/I:H/A:L

📋 NVD Entry  |  🔗 GitHub Advisory

📄 ctf writeups


🚀 Featured Projects

Open-source declarative permission system for Django with object-level access control via a custom DSL. SLY (Lex/Yacc) based parser, full AST architecture, CI/CD pipeline — 217 tests @ 96% coverage.

A fully functional blog REST API built with pure Django — no DRF. Demonstrates low-level HTTP handling, manual serialization, and custom auth from scratch.

Feature-rich community bot for the Void Walkers community. Automation, moderation, and utility toolset.


🏆 Hackathons & Competitions

Result Event Date

🥇 1st Place CyberStar CTF League — AKTA Apr. 2023

🎖️ Organizer & Author AzTU CTF 2026 — 25 challenges across 6 categories May 2026

🥉 3rd Place Farm2Tour Hackathon — Ministry of Agriculture May 2026

🎯 Finalist Cursor AI Hackathon — Backend & AI Integration Feb. 2026

🎯 Finalist Industry 4.0 Hackathon — C4IR Azerbaijan Dec. 2025

🎯 Finalist IDDA 1 FinTech Hackathon — Tenity Nov. 2025


📈 Commit Activity

Commit activity graph

🌐 Contact & Socials

GitHub     LinkedIn     Instagram     Medium

Pinned Loading

  1. django-shield django-shield Public

    Declarative permission system for Django. Define rules once, protect views everywhere.

    Python 1

  2. blog-api-pure-django blog-api-pure-django Public

    Python 1

  3. ctf-writeups ctf-writeups Public

    1

  4. turboaz-price-api turboaz-price-api Public

    Python 3