Ömür Uğur

Penetration Tester / Ethical Hacker

Ömür Uğur

Penetration Tester / Research Engineer / Computer Engineer / CEH / MBA

Send email

Hi I Ömür!

Penetration Tester / Researcher / Computer Engineer / CEH / MBA

Now, I have been working as a Security Test Specialist ( Penetration Tester ) at Turk Telecom Group. My working area is SSDLC , Application Security and Testing , Red Teaming , Penetration Tests , PCI DSS Compliance . etc. on this position. , Besides I am actively attending on Bug Bounty & Responsible Disclosure programs. I have published some vulnerabilities for products of globally known companies , I have taken part of getting actions to fix those vulnerabilities.

PROFILE

Full Name

ÖMÜR UĞUR

Email

omurugur12@gmail.com / omurugur@omurugur.com

BIRTH

İstanbul

EDUCATION

Master of Business Administration

Yıldız Technical University Master of Business Administration - 2016-2017

Accounting management, Strategic marketing, Modern Business, Organizational behavior, Statistical Analysis Techniques for Operators ,Electronic Commerce and Internet Marketing,Business Law,Intellectual Capital Management,Financial Decision Making,Principles of Production Management.

I am a graduate with a diploma of 3.40

COMPUTER ENGINEERING LICENSE

Beykent University Computer Engineering - 2011-2016

I got English Success at Intermediate level by taking Preparatory Training for 1 year before departure. I am a graduate with a diploma of 2.60 from my undergraduate studies by taking courses that constitute the bases of computer science and software technologies such as Algorithms, operating systems, data structures and discrete mathematics.

BUSINESS LICENSE

Anadolu University - Business Administration - 2011-2019

I am a graduate with a diploma of 2.33

GENERAL TRAININGS

  • Presentation Skills
  • Turk Telecom Start Development Program Participation Certificate
  • Agile Project Management
  • Basic Project Management
  • Communication and relationship management
  • Innovation Training
  • Know yourself Training
  • Online Coaching Education
  • Professional Image Management
  • Emotional intelligence
  • Self Diagnosis Training
  • Positive Psycholog
  • Skills Education
  • Conflict Managementy
  • Diction-Effective Speech
  • YADEM Fire and Earthquake Training Seminar

TECHNICAL TRAININGS

Software Trainings

  • Microsoft Certified Expertise In Web Software Programming
  • Microsoft Certified Systems Developer
  • Java/Android Programming
  • Python Programming
  • Network Trainings

  • CCNA(Cisco Certified Network Associate)
  • Cyber Security Trainings

    • Linux / Unix Foundation Training
    • Mobile Application Pentest Training
    • Applied Network Security
    • Certified Ethical Hacker (CEH)v10 Online Training
    • Penetration Testing with Kali Linux
    • Wifi Pentest Training
    • Malware Analysis Training
    • Thales HSM Hardware Security Module
    • PCI Process
    • White Hat Hacker Training
    • Blackhat USA 2019

    JOB EXPERIENCE

    Turk Telecom

    Security Test Specialist January 2019 --

    Security Planning Assistant Specialist October 2016 - December 2018

    All projects developed under SSDLC for AVEA / TTNET / Turk Telecom security requirements were provided and penetration tests were conducted. Vendor company employees are managed within this scope. Critical systems, tests of applications on the internet are planned and implemented. Coordination with the project owners was ensured and findings were followed. I also implemented Application Security Testing , Network Security , Communication Security , Punctuation Security , Data Security .

    • Application Penetration Testing
    • Web / Mobile / Web Service / Wireless / Network Application Security
    • Penetration Testing
    • Red Teaming
    • Source Code Review
    • Secure SDLC & Threat Modeling
    • Vulnerability Assesment Management
    • Server Vulnerability And Exploit
    • PCI-DSS Penetration Testing
    • Device Security Tests
    • ALM Error
    • Reporting And Presentation Of Findings
    • Providing Assistance to Internal Customers
    • Developing applications for both internal and external development teams and third-party agencies, and co-ordinating safety-related testing

    Saha Agency

    Field Coordinator / PI. July 2013 - January 2015

    When I am in the Saha agency; Saha Activity Supervisor , Human Resources Pool Development Project Officer and Site Data Collection Officer , Field Activity Backoffice I work in departments. What I did during the time I worked:

    • Control of field personnel
    • Product submission
    • Personnel Procurement
    • Personality trail
    • Business Education
    • Interview
    • Field Training
    • Reporting
    • Control of field personnel

    Kafein Consulting & Solution

    Intern - Software Developer- June 2015 - July 2015

    I worked as an internship intern at Caffeine Consulting & Solution. During my one-month internship:

    • Mo-Mt Definitions
    • PIMS Avea Integrations
    • Soap Applications

    Tekfen Construction and Installation AŞ.

    Intern - Software Developer- July 2014 - August 2014

    I worked in Tekfen Construction and Engineering department in Oracle department. During my one-month internship:

    • Server move operations
    • Server active / passive states
    • Administering and creating users
    • Data entry to Oracle DataBase

    WHAT DID I DO?

    • 2013 : I got the job security training attendance document at the Saha Agency.
    • 2012-2014 : As a model in BG Agency, I took part in the cast team.
    • 2013- :In organization work; Events, Holiday tours, Cultural tours organized by University Coordinator.
    • 2013- :Tekfen Construction and Installation of a vocational qualification certificate for Azerbaijan and Installation Company
    • 2013 : IT Education Center E-Commerce Site Course Completion Project - www.omurugur.com
    • 2016 : Beykent University Graduation Project - Smart Office Automation with Arduino and Android
    • 2016 : Turk Telecom Start Project
    • 2017 : Turk Telecom Start Inovason Project Presentations and Best Project Presentation
    • 2017 : Turk Telecom, Avea, TTNET PCI Audits
    • 2017 : Ethics Presentation in Business and Financial Institutions (Yıldız Technical University-MBA)
    • 2017 : Turk Telecom, Avea, TTNET Internal Wired and Wifi security tests
    • 2017 : Effect of Executive Problems on Business Environment Case Study (Yıldız Technical University-MBA)
    • 2018 : Yildiz Technical University Graduate (MBA) E-Commerce Security Completion Project
    • 2018 : STM CTF'18 I joined on behalf of Turk Telecom Group as captain of TT.
    • 2018 : E-Commerce Security April 2018 issue e-commerce security article on CyberMag
    • 2018-2019 : BEDAS Security Tests Web, Network, Mobile penetration tests are reported to the company
    • 2019 : Want to be a penetration tester? July 2019 issue "Want to be a penetration tester?" article
    • 2019 : Black HAT 2019 USA I joined on behalf of Turk Telecom Group
    • 2019 : Certified Ethical Hacker (CEH v10) - EC-Council ECC6940358712

    TECHNICAL SKILLS

    PROGRAMMING LANGUAGES

    • 80% Complete
      Java 80%
      • Datatypes and Variables
      • Operators and Expressions
      • Control Flow
      • Methods
      • Using Java Objects
    • 50% Complete
      C++ 50%
      • Small Projects for Hobby
    • 50% Complete
      Python 50%
      • Small Projects for Hobby
    • 100% Complete
      C#.Net 100%
      • ADO.NET Connected Access / Non-Connected Access
      • Desktop applications with Windows Forms,
      • TCP/IP, Socket applications,
      • Preparing automation systems using Entity Framework and web services.
    • 80% Complete
      ANDROID Programming 80%
      • Activities
      • Resources
      • View and Event Handlers
      • Layouts , Dialogs , Menus , Intent and Broadcast Receıvers

    WEB TECHNOLOGIES / SCRIPTING LANGUAGES

    • 75% Complete
      HTML / CSS 75%
      • Div-based responsive designs,
      • Current vehicle experience such as Bootstrap, LESS,
      • User experience knowledge.
    • 60% Complete
      JavaScript 60%
      • Scope concept domination, object oriented designs,
      • DOM management with jQuery, dynamic designs,
      • Use of AngularJS MVW library,
      • Together with Node JS.
    • 70% Complete
      PHP 70%
      • OO Php applications,
      • Wordpress, Drupal, Joomla and CMSs like PhpBB, SMF, vBulletin and forum applications such as the ability to develop knowledge about the possession of the plugin.
      • Development of Admin panel applications,
      • Scripts for collecting data.

    DATABASE MANAGEMENT / USE

    • 80% Complete
      MS SQL SERVER 80%
      • Designing the data layer,
      • Experiences on data structures, limitations,
      • SQL language control (package structure, procedure calls, transaction management),
      • Experience in creating and using tables.
      • Information about schema and user authorizations,
      • Information about database link,
    • 80% Complete
      JAVA SQL DEVELOPER (ORACLE) 80%
      • JDBC SQL Programming
      • Using Conversion Functions and Conditional Expressions
      • Using Single-Row Functions to Customize Output
      • Displaying Data from Multiple Tables

    OPERATING SYSTEMS / APPLICATION SERVER

    • 90% Complete
      Windows (Server 2008, Server 2012, Server 2013) 90%
      • Information about IIS service ownership,
      • Mastering MS DOS commands,
      • Basic Active Directory knowledge.

    PENETRATION TEST PROGRAMS / TOOLS

    • 100% Complete
      Burp-Kali-Nmap-Sqlmap-Netcat-Fuzzer-Skipfish-WireShark 100%
      • Mobile Android-IOS/Web interface/Web Service/Wifi/Java Desktop App./Network/IOT test
      • Application Penetration Testing,Application Security,Source Code Review,Secure SDLC & Threat Modeling,Vulnerability Assesment Management
      • According to the owasp top list, I do leak testing on projects.(XSS , Sql İnj , BruteForce , CSRF , Security Misconfiguration ,Broken Authentication and Session Management etc.)
    • 100% Complete
      Genymotion,AndroBug,MobSF 100%
      • Mobile App Penetration Tests.
    • 100% Complete
      WebInspect,Nessus,JADX,JDGui,OWASP Zap,SOAP ui 100%

      HALL OF FAME

      Hackerone:https://hackerone.com/slife

      Open Bug Bounty :https://www.openbugbounty.org/researchers/omurugurrr/

      Bug Crowd : https://bugcrowd.com/omur

      Bug Bounty / Hall Of Fame / CVE I have published some vulnerabilities for products of globally known companies like Apple ,SAP , Oracle , Lenovo, Toyota ,Samsung , LG , SOAP.ui ,Nokia, Comcast Telekom , T-Mobile , Atlassiam , Ford , GM , Europa Cert , Pinterest , Dell , Toyota , Cisco , HSBC Bank , HP , Panasonic , Huawei , Alcatel Lucent , Alibaba , Epson , Canon ,etc.. I have taken part of getting actions to fix those vulnerabilities.

      For more details; https://www.justsecnow.com

      Thank you!