CatByte - Software & Security

* X: 0
Y: 0

Scroll

Software Development & Security

Offensive security meets production engineering. Small team. Ulaanbaatar, Mongolia.

Get in touch Our work

[ SERVICES ]

From code to
compromise.

[01]

Penetration Testing

OSWE-certified assessments across web, API, and mobile attack surfaces.

[02]

Full-Stack Dev

Next.js, React, Go - security-first from line one.

[03]

Security Engineering

Source code review, threat modeling, and hands-on remediation.

[04]

Infrastructure

Containers, CI/CD, cloud migrations. No shortcuts.

[ TEAM ]

Small crew.
Sharp edges.

Every one of us writes code, breaks code, and ships to production. No managers. No overhead.

@ochk00

Erdene-Och Byambabayar

Tech Lead

Full-stack architect. System design to deployment.

Next.jsDockerAWS

@tulgoasi

Byambaa Battulga

Software Engineer

Crypto & backend. 5 years deep. CTF competitor.

PythonUnixCrypto

@uug4na

Uuganbayar Lkhamsuren

Security Engineer

OSWE. 40+ pentests. Finds what scanners can't.

OSWERed TeamGo

[ SECURITY RESEARCH ]

Bugs found.
CVEs published.

Active in bug bounty programs and responsible disclosure - making open-source safer, one CVE at a time.

CVEs Published

High / Critical

Companies

Popped bugs from

Google

Yahoo

AWS

Monero

Lambda.global

Агула Даатгал

Татварын Ерөнхий Газар

Vercel

Published CVEs

CVE-2026-25896fast-xml-parsernpmCritical CVE-2026-4926path-to-regexpnpmHigh CVE-2026-28492filebrowserGoHigh GHSA-5c6j-r48x-rmvqserialize-javascriptnpmHigh CVE-2026-39365vitenpmModerate CVE-2026-28350lxml-html-cleanpipModerate CVE-2026-28348lxml-html-cleanpipModerate CVE-2026-34518aiohttppipLow CVE-2026-33343etcdGoLow CVE-2026-28360nocodbnpmLow CVE-2026-28358nocodbnpmLow

[ WORK ]

Shipped &
secured.

Unread

News

Writing.mn

Publishing

TNGR Media

Broadcast

UB Life

Magazine

Zeely

Fintech

Repositories

public

Unread 100

TypeScript

public

MeForm

TypeScript

public

TalentSummit

TypeScript

public

DataSummit

TypeScript

private

Unread Games

Flutter

private

Blockchain Core

TypeScript

private

GoBack

private

Bot Check

TypeScript

[ Contact ]

LET'S
TALK.

Security assessment or a full product build - we're ready.

contact@catbyte.mn

From code tocompromise.

Penetration Testing

Full-Stack Dev

Security Engineering

Infrastructure

Small crew.Sharp edges.

Erdene-Och Byambabayar

Byambaa Battulga

Uuganbayar Lkhamsuren

Bugs found.CVEs published.

Shipped &secured.

Unread 100

MeForm

TalentSummit

DataSummit

Unread Games

Blockchain Core

GoBack

Bot Check

LET'STALK.

From code to
compromise.

Small crew.
Sharp edges.

Bugs found.
CVEs published.

Shipped &
secured.

LET'S
TALK.