About This Blog

In 2009, I established my blog with the motto, “Knowledge is power and grows as it is shared”. Since its inception, I have featured the results of over 200 cybersecurity researches that I have conducted to date.

For the past 14 years, I have published my write-ups exclusively in Turkish. However, as of 2023, I have begun to publish my write-ups in both English and Turkish. Furthermore, I have also made available translations of both my recent write-ups as well as my most widely read write-ups in English. (If you come across any older articles in Turkish, you can utilize the “Translate” menu on the right-hand side.)

I hope that the research and analysis presented in these articles will prove valuable to those seeking to improve their knowledge and expertise in the field of cybersecurity.

About Me

Mert is a well-known and respected Cyber Security Researcher, Speaker and Blogger. He has been living and pursuing his career in the United States with an Alien of Extraordinary Ability visa (EB-1A), an employment-based green card, since October 2022.

As of February 2023, Mert has been working at SOCRadar® Extended Threat Intelligence as the Head of Strategy. SOCRadar is a cybersecurity company committed to democratizing threat intelligence and providing superior cybersecurity solutions to over 8,000 companies in 150 countries. SOCRadar’s mission is to provide organizations of all sizes with the tools they need to counter cyber threats.

From October 2020 to September 2022, Mert demonstrated his expertise as an Executive Vice President / CISO of IT Security & Risk Management Group which incorporates Cyber Defense Center, Cyber Security Technologies, Cyber Security Architecture, Information Security & Risk Management teams (40 HCs) at Intertech. Intertech is an Information Technology subsidiary of DenizBank, owned by Emirates NBD

From January 2018 to September 2020 as the Vice President, Mert was responsible for the management of Akbank‘s Cyber Defence Center (CDC) which incorporates Vulnerability Management, Threat Detection, Threat Response & Intel, and Security Engineering teams. (26 HCs)

From 2007 to 2017 Mert was responsible for performing and managing penetration tests, malware analysis, security incident detection, and response as a Technical Lead in the Threat & Vulnerability Management team at IBTech. (Information Technology subsidiary of QNB Finansbank)

From 2014 – 2016 Mert instructed Malware Analysis course in Cyber Security Graduate Program at Bahcesehir University.

In 2003 Mert’s career journey began by discovering a security vulnerability on the e-portal web application of the Yeditepe University where he was studying at that time. After sharing his findings with the executives of the university, he was awarded an achievement grant and recruited as an Ethical Hacker. Mert graduated from Yeditepe University, Information Systems and Technologies in 2006 and Yeditepe University, Master of Business Administration program in 2010.

From the beginning of 2011, Mert spoke at more than 30 technical cyber security conferences. In addition, he was invited as a guest speaker to more than 40 universities to share his cyber security career journey and his profession “Ethical Hacker” to the students as a role model.

For more information about his professional background, you may visit his LinkedIn profile.

Certifications
2020 – CCISO (Certified Chief Information Security Officer)
2013 – CEREA (Certified Expert Reverse Engineering Analyst)
2010 – CREA (Certified Reverse Engineering Analyst)
2009 – OPST (OSSTMM Professional Security Tester)
2009 – OSCP (Offensive Security Certified Professional)
2007 – CISSP (Certified Information Systems Security Professional)
2006 – SSCP (Systems Security Certified Practitioner)

Trainings
2021 – Cyber Threat Intelligence (SANS – FOR 578)
2020 – Certified Chief Information Security Officer (EC-Council)
2020 – Risk Management Approach & Practices (EC-Council)
2020 – Certifed Project Manager (EC-Council)
2020 – SIEM with Tactical Analytics (SANS – SEC 555)
2020 – Blue Team Fundamentals: Security Operations and Analysis (SANS – SEC 450)
2019 – Security Strategic Planning, Policy, and Leadership (SANS – MGT 514)
2018 – The Security Automation Lab (Black Hat USA 2018)
2017 – Advanced Digital Forensics, Incident Response, and Threat Hunting (SANS – FOR 508)
2016 – Hardware Hacking With Hardsploit Framework (Black Hat USA 2016)
2015 – Exploit Laboratory: Black Belt (Black Hat USA 2015)
2014 – Advanced Penetration Testing, Exploits, and Ethical Hacking (SANS – SEC 660)
2013 – Advanced Reverse Engineering Malware (InfoSec Institute)
2012 – Reverse-Engineering Malware (SANS – FOR 610)
2011 – Computer Forensic Investigations – Windows In-Depth (SANS – FOR 408)
2010 – Reverse Engineering: Malware, Binary Analysis and Software Vulnerabilities (InfoSec Institute)
2009 – OSSTMM Professional Security Tester (ISECOM – OPST)
2009 – Pentesting with BackTrack (Offensive Security – OSCP)
2008 – Oracle Anti Hacker Training (Red-Database-Security)
2007 – ISO 27001 Lead Auditor (BSI)
2006 – ISO 27001 Implementation of Information Security Management (BSI)
2005 – Certified Ethical Hacker (EC-Council)

Presentations
2019 – Sandbox Detection (NOPcon Hacker Conference)
2019 – Backdoor Hunt (IstSec Information Security Conference)
2016 – 2017 Hunting Hackers with Custom Deception System – (Bilisim Zirvesi, Istanbul & Cyprus Cyber Security Conferences)
2016 – Malicious JavaScript Analysis – (Netsec)
2016 – Being a Penetration Tester and Career – (Cyber Security Winter Camp)
2015 – Homemade Cryptolocker Prevention Tool (CryptoKiller) – (IstSec Information Security Conference)
2015 – Cyber Attacks & Defence (International Internal Audit Conference (TIDE))
2015 – Firmware Analysis – (Hacktrick Information Security Conference)
2014 – Firmware Analysis – (IstSec Information Security Conference)
2013 – Anti Malware Analysis – (IstSec Information Security Conference)
2013 – Offensive Malware Analysis – (Euroforensics, Cyprus, IstSec Information Security Conference)
2012 – Importance Of Penetration Testing – (Netsec)
2012 – Android Mobile App Pentest – (NOPcon)
2012 – Android Malware Analysis – (Euroforensics)
2011 – 2019 How to Become an Ethical Hacker / Penetration Tester – (Universities)

Blog Hakkında

2009 yılında “Bilgi güçtür ve paylaşıldıkça artar!” mottosu ile hayata geçirdiğim blogumda bugüne kadar gerçekleştirmiş olduğum 200’den fazla siber güvenlik araştırmasının çıktılarına yer verdim.

Emek, zaman ve kaynak ayırarak yaptığım araştırmalar sonucunda yazdığım bu makalelerin, siber güvenlik alanında kendini geliştirmek isteyenler için faydalı olması dileklerimle…

Hakkımda

Mert SARICA, alanında tanınmış ve saygın bir Siber Güvenlik Araştırmacısı, Konuşmacı ve Blogger’dır. 2022 yılının Ekim ayından bu yana kariyerini EB-1A vizesi (Yeşil Kart) ile Amerika Birleşik Devletleri’nde sürdürmektedir.

SARICA, 2023 yılının Şubat ayı itibariyle SOCRadar Siber Tehdit İstihbaratı firmasında Strateji Başkanı olarak görev yapmaktadır. SOCRadar, siber tehdit istihbaratı alanında 150 ülkede 8.000’den fazla şirkete üst düzey siber güvenlik çözümleri sunan ve misyonu gereği her büyüklükteki kuruluşa siber tehditlere karşı koymak için ihtiyaç duydukları araçları sağlayan bir siber güvenlik şirketidir.

Ekim 2020 – Eylül 2022 yıllarında DenizBank’ın iştiraki olan Intertech firmasında BT Güvenlik ve Risk Yönetimi Grubu’ndan sorumlu Genel Müdür Yardımcısı / CISO olarak görev yapmıştır.

Ocak 2018 – Eylül 2020 yıllarında ise Siber Saldırı Tespit ve Müdahale, Siber Güvenlik Mühendisliği, Siber Tehdit İstihbaratı ve Zafiyet Yönetimi Ekipleri’nden sorumlu Müdür olarak Akbank Siber Güvenlik Merkezi (SGM)’nde görev yapmıştır.

SARICA, 2007 – 2017 yıllarında QNB Finansbank’ın bilgi teknolojileri iştiraki olan IBTech firmasında sızma testi, zararlı yazılım analizi ve bilgisayar olayları tespit ve müdahale alanlarından sorumlu olan Tehdit ve Zafiyet Yönetimi Ekibi’nde Teknik Lider olarak görev yapmıştır.

Kurumsal iş hayatının yanı sıra akademik kariyeri 2014 – 2016 yıllarında Bahçeşehir Üniversitesi, Siber Güvenlik Yüksek Lisans Programı’nda öğretim görevlisi olarak verdiği “Zararlı Yazılım Analizi Eğitimleri” ile devam etmiştir.

Yüksek lisansını, 2010 yılında “Yeditepe Üniversitesi İngilizce İşletme (MBA) Programı” üzerine yapan SARICA’nın kariyer hayatının başlangıcı, lisans eğitimini tamamladığı üniversite olan Yeditepe Üniversitesi, Bilişim Sistemleri ve Teknolojileri Bölümü‘nde olmuştur.

SARICA, lisans eğitimine devam ettiği yıllarda Yeditepe Üniversitesi’nin elektronik ders seçme uygulaması üzerinde keşfetmiş olduğu kritik güvenlik zafiyetini üniversite yönetimi ile paylaşmış; bu paylaşım üzerine üniversite yönetimi tarafından başarı bursu ile ödüllendirilmiş ve “Etik Hacker” olarak işe alınmıştır.

2011 yılından bu yana 30’dan fazla siber güvenlik etkinliğine konuşmacı olarak davet edilmiş, Türkiye genelinde 40’a yakın üniversite etkinliğinde ise öğrencilere “Etik Hacker” mesleğini tanıtmaya yönelik sunumlar gerçekleştirmiştir.

Sertifikalar
2020 – CCISO (Certified Chief Information Security Officer)
2013 – CEREA (Certified Expert Reverse Engineering Analyst)
2010 – CREA (Certified Reverse Engineering Analyst)
2009 – OPST (OSSTMM Professional Security Tester)
2009 – OSCP (Offensive Security Certified Professional)
2007 – CISSP (Certified Information Systems Security Professional)
2006 – SSCP (Systems Security Certified Practitioner)

Eğitimler
2021 – Cyber Threat Intelligence (SANS – FOR 578)
2020 – Certified Chief Information Security Officer (EC-Council)
2020 – Risk Management Approach & Practices (EC-Council)
2020 – Certifed Project Manager (EC-Council)
2020 – SIEM with Tactical Analytics (SANS – SEC 555)
2020 – Blue Team Fundamentals: Security Operations and Analysis (SANS – SEC 450)
2019 – Security Strategic Planning, Policy, and Leadership (SANS – MGT 514)
2018 – The Security Automation Lab (Black Hat USA 2018)
2017 – Advanced Digital Forensics, Incident Response, and Threat Hunting (SANS – FOR 508)
2016 – Hardware Hacking With Hardsploit Framework (Black Hat USA 2016)
2015 – Exploit Laboratory: Black Belt (Black Hat USA 2015)
2014 – Advanced Penetration Testing, Exploits, and Ethical Hacking (SANS – SEC 660)
2013 – Advanced Reverse Engineering Malware (InfoSec Institute)
2012 – Reverse-Engineering Malware (SANS – FOR 610)
2011 – Computer Forensic Investigations – Windows In-Depth (SANS – FOR 408)
2010 – Reverse Engineering: Malware, Binary Analysis and Software Vulnerabilities (InfoSec Institute)
2009 – OSSTMM Professional Security Tester (ISECOM – OPST)
2009 – Pentesting with BackTrack (Offensive Security – OSCP)
2008 – Oracle Anti Hacker Training (Red-Database-Security)
2007 – ISO 27001 Lead Auditor (BSI)
2006 – ISO 27001 Implementation of Information Security Management (BSI)
2005 – Certified Ethical Hacker (EC-Council)

Sunumlar
2019 – Sandbox Detection (NOPcon Hacker Conference)
2019 – Backdoor Hunt (IstSec Information Security Conference)
2016 – 2017 Hunting Hackers with Custom Deception System – (Bilisim Zirvesi, Istanbul & Cyprus Cyber Security Conferences)
2016 – Malicious JavaScript Analysis – (Netsec)
2016 – Being a Penetration Tester and Career – (Cyber Security Winter Camp)
2015 – Homemade Cryptolocker Prevention Tool (CryptoKiller) – (IstSec Information Security Conference)
2015 – Cyber Attacks & Defence (International Internal Audit Conference (TIDE))
2015 – Firmware Analysis – (Hacktrick Information Security Conference)
2014 – Firmware Analysis – (IstSec Information Security Conference)
2013 – Anti Malware Analysis – (IstSec Information Security Conference)
2013 – Offensive Malware Analysis – (Euroforensics, Cyprus, IstSec Information Security Conference)
2012 – Importance Of Penetration Testing – (Netsec)
2012 – Android Mobile App Pentest – (NOPcon)
2012 – Android Malware Analysis – (Euroforensics)
2011 – 2019 How to Become an Ethical Hacker / Penetration Tester – (Universities)