>> INITIATING SEQUENCE
SECURING
THE UNKNOWN
I break things to understand how they work, and I build things to ensure they can't be broken. Specializing in vulnerability management, penetration testing, and secure architecture design.
EXPLORE>> CORE COMPETENCIES
EXPERIENCE
Security Engineer
- Conducting advanced Web Application, API, and Mobile security assessments, focusing on identifying OWASP Top 10 vulnerabilities and logical flaws.
- Performing code reviews to validate remediation efforts, ensuring vulnerabilities are effectively patched at the source code level.
- Collaborating with development teams to provide remediation guidance and promote secure coding best practices throughout the Software Development Lifecycle.
- Executing threat modeling sessions to analyze potential risks and design secure architectures for new features.
- Developing custom scripts and tools to automate security testing processes and enhance vulnerability detection capabilities.
Vulnerability Management & Security Engineer
- Established a risk-based lifecycle using CVSS v3.1 and NIST SP 800-40 standards to prioritize mission-critical financial assets.
- Implemented a "Verify-Before-Trust" model for third-party libraries using SCA and SBOM (CycloneDX) management.
- Integrated SAST/DAST security gates into the SDLC and architected incident response workflows based on the FIRST PSIRT framework.
Jr. Security Engineer
- Executed penetration testing and application security testing within the Secure Software Development Lifecycle.
- Gained significant experience in the Purple Team approach, collaborating on Managed Detection and Response (MDR) services to improve defense mechanisms.
- Assisted in vulnerability management processes and enterprise remediation efforts.
Jr. Security Engineer
- Conducted comprehensive penetration testing and application security assessments.
- Executed API testing and web penetration tests while ensuring security best practices were followed in development.
- Contributed to the identification and reporting of critical security vulnerabilities.
Application Security Intern
- Enhanced skills in identifying vulnerabilities and performing code review.
- Learned and applied secure coding practices while contributing to team projects.
BLOG POSTS
Prompt Engineering ‘e Giriş — P1 (TR)
Selamlar dostlar. LLM’ler iş akışlarımızda artık kod yazmaktan hikâye üretmeye kadar çoğu görevi devralmaya başladı. Bu gücü verimli…
READ ON MEDIUM -> Sep 9, 2024Active Directory Hacking — GOAD Part 3(TR)
Nedensizce bi anda yazmaya başladığım active directory hacking blog serimin 3. part’ından selamlar. Bugün ADCS’deki sıkılaştırma…
READ ON MEDIUM -> Sep 5, 2024Active Directory Hacking — GOAD Part 2 (TR)
Tekrar selamlar. Önceki yazımda olabildiğince credential toplamaya bakmıştık. Hatırlamak açısından elimizde 6 farklı kullanıcı adı …
READ ON MEDIUM -> Aug 27, 2024Active Directory Hacking — GOAD Part 1 (TR)
Selamlar!! Umarım her şey yolundadır. Bu yazımda GOAD ile active directory ortamında gerçekleştirilen sızma testlerini simüle edeceğiz.
READ ON MEDIUM -> Jun 7, 2024Cloudflare Bypass by Scanning The Entire EC2
w/kun3fe
READ ON MEDIUM -> Nov 9, 2023ARP Nedir? ARP Poisoning ile MITM ve Korunma Yöntemleri
1.0 ARP Nedir?
READ ON MEDIUM -> Sep 13, 2023DHCP Nedir? DHCP Spoofing ve Korunma Yöntemleri
1.0 DHCP Nedir?
READ ON MEDIUM -> Oct 29, 2022BASIC BUFFER OVERFLOW PRACTICE
1.0 beginning
READ ON MEDIUM -> Oct 25, 2022RETRO Write-Up
New high score!
READ ON MEDIUM -> Oct 24, 2022JACK Write-Up
Compromise a web server running Wordpress, obtain a low privileged user and escalate your privileges to root using a Python module.
READ ON MEDIUM ->