Gábor Funk

afghangoat@proton.me | afghan_goat | github.com/afghangoat

Summary

Dedicated my time to penetration testing since 2018. Built scalable whistleblower SaaS which are used by the 30 largest Hungarian companies. Helped finding a bug, which allowed the registration of .gov domains without proper identification. Helped finding multiple zero-day exploits in the Windows 10 and Windows 7 operating systems. Helped identifying malicious trojan code in softwares.

Experience

Backend security analyst

From 2020. 05. 05. – 2023. 02. 01.

Afghan Goat Development

Budapest, Hungary

Developed anti-cheats for multiplayer games. Sandblasters and Political fight uses my anticheat.
Helped fixing security issues in PHP codebases, such as the forum of afghangoat.hu.
Created a no-logging chat application which uses maximum security to transfer data.

Projects

I performed extensive documentation for all 300+ of my own project and SaaS projects. You can see them at https://afghangoat.hu/docs/site/index.html in a markdown format. You can also find mirrors for downloads there.

Open-Source projects

Jan 2014 – Present

SCHiz-OS: My self-made 32-bit operating system with a custom bootloader, kernel, filesystem support, multiple language support and with a basic shell system.
Bitfuscator: An advanced obfuscation tool which you can use to obfuscate your code in 16 supported programming languages!
Webshop scraper: A web app which helps you scrape data from Joomla webshops.
Crawler tarpit: A tool which helps to protect your site from non-ethical scrapers by giving them useless data which looks like useful data. Visit it at your own risk: https://afghangoat.hu/the_pit/ (expect high CPU usage)
Exploiter madness: A tool which punishes those who try to exploit phpmyadmin, wpadmin and other sensitive pages by serving a bunch of ads and uses resources.
SEO analyzer: An online tool which gives you critical information about how to optimize your website. Completely free.
Sand blasters: Made the multiplayer and security component of the game. (WIP) Multiplayer server is available upon request.
Cybersec research: Private cyber thread research. Available at request.
Interactive portfolio: A 3D portfolio showcasing my skills. Check it out at https://afghangoat.hu/me.
You can check out the live demos and source codes at https://afghangoat.hu!

SaaS projects

Jun 2025 – Present

Designed and built the backend infrastructure of a private whistleblower system.

Education and training

B.Sc. in Computer Engineering, Budapest University Of Technology And Economics - GPA: 4.1 - CKI: 3.9 - Expected date: 2027

Hungarian Advanced IT Matura Exam - 98%, (Equivalent to an advanced IT certification) - 2024

Hungarian Mathematics Matura Exam - 96% - 2024

ICDL Standard certificate - 2023

Logischool Python Institute Certificate - 2019

Effective Security Operations and Infrastructure Defence - Aston University (Innovacybridge), 2025

Strategic Cyber Security Governance and AI Integration - Aston University (Innovacybridge), 2025

Human-centric Security and Organisational Resilience - Aston University (Innovacybridge), 2025

Intelligent Threat Detection, Forensics and Response - Aston University (Innovacybridge), 2025

Relevant coursework: Programming in C, C++ and Java, Computer architectures, Operating systems, Embedded systems, Introduction to computer science.

Achievments

(2025. 02. 15.) Passed competitive pre-exam (top 1%) allowing me to skip half a year of university programming curriculum.
(2025. 10. 16.) TechTogether 1st Place - Hepenix Task: Designed and prototyped a robotic manipulator system capable of operating in a simulated nuclear reactor pond environment, focusing on team cooperation, precision actuation and safety-critical control.
(2025. 10. 16.) TechTogether special prize - Hepenix Task: Awarded by making new and detailed models for the pond manipulator. Achieved via heavy team cooperation.
(2021) Found the exploit which allowed the unidentified users to register .gov domains.
(2018) Found 2 zero-day exploits in the Windows 10 and Windows 7 systems.

Technical skills

Programming languages:

Python Java C C++ C# Rust Visual Basic Visual Basic Script Erlang Go Haskell Lua Fortran COBOL Pascal Algol Lisp Bash Win. Batch Ruby x86 Assembly Verilog Prolog Forth Perl Zig Kotlin Ocaml Basic APL

From which I am the active maintainer of:

Modula 2 Simula HorthyC U.C.C.P.L

Debugging & Testing tools:

LCov Address Sanitizer Valgrind

Version control:

Git Github Github-Desktop

Tools:

Wireshark Nmap Packet sniffer Bytecode viewer Git Virustotal FileScan.io

Tools I maintain:

Bitfuscator

Database and modelling:

SQL PostgreSQL MongoDB GraphQL SQL Developer

Networking tools:

Socket.io Express.js Discord.js Apache Nginx Zustand Axios

Operating systems:

Kali Arch Mint Ubuntu Debian Windows(XP - Present)

IDEs & editors:

VSCode Visual Studio Code::Blocks Intellij Eclipse Notepad++

Productivity tools:

Jupyter notebook Vite Anaconda Mkdocs Midnight Commander LaTeX SSH Mongoose Docker Docker composer Gradle Maven WinSCP Android Studio VMWare VirtualBox XLaunch

Proficient in malware analysis.
Proficient in penetration testing.

Foreign Languages

Fluent English
Fluent Hungarian
Conversational German

Publications & Books

Introduction to C and C++ obfuscation methods — 2025

Beginners guide to obfuscation in C and C++.

100 common PHP mistakes — 2025

A book which covers the most common security flaws, PHP developers leave in the code and introduces fixes for them.