Ömür Uğur

Penetration Tester / Ethical Hacker

Ömür Uğur

Penetration Tester / Research Engineer / Computer Engineer

Send email

Hi I Ömür!

Penetration Tester / Researcher / Computer Engineer

Now, I have been working as a Security Test Specialist at Turk Telekom Group. My working area is sdlc, application security, penetration tests.. etc. on this position., Besides I am actively attending on Bug Bounty & Responsible Disclosure programs. I have published some vulnerabilities for products of globally known companies like Oracle ,Samsung , LG , SOAP.ui ,Nokia, Comcast Telekom , T-Mobile , Ford , Pinterest , Dell , Toyota , Cisco , HSBC Bank , HP , Panasonic etc.. , I have taken part of getting actions to fix those vulnerabilities.

PROFILE

Full Name

ÖMÜR UĞUR

Email

omurugur12@gmail.com / omurugur@omurugur.com

BIRTH

İstanbul

Social

EDUCATION

Master of Business Administration

Yıldız Technical University Master of Business Administration - 2016-2017

Accounting management, Strategic marketing, Modern Business, Organizational behavior, Statistical Analysis Techniques for Operators ,Electronic Commerce and Internet Marketing,Business Law,Intellectual Capital Management,Financial Decision Making,Principles of Production Management.

I am a graduate with a diploma of 3.40

COMPUTER ENGINEERING LICENSE

Beykent University Computer Engineering - 2011-2016

I got English Success at Intermediate level by taking Preparatory Training for 1 year before departure. I am a graduate with a diploma of 2.60 from my undergraduate studies by taking courses that constitute the bases of computer science and software technologies such as Algorithms, operating systems, data structures and discrete mathematics.

BUSINESS LICENSE

Anadolu University - Business Administration - 2011-2016

BİLİŞİM EDUCATION CENTER

Web Software Expertise (150 Hours) - MSCD (250 Hours) 2013-2015

I have received C # .Net, Asp.Net, MVC and MS-SQL trainings in these trainings I have received Certificate of Achievement and Certificate of Attendance. A simple automation after C # training, At the end of the SQL lessons, I created the DataBase part of the foodservice and developed an e-commerce site application after the Asp.Net and Mvc classes.

BİLGE ADAM EDUCATION CENTER

Software Expert Java - Android Teaching (300 Hours) 2015-2016

In these courses I have received the Certificate of Excellence and the Certificate of Attendance, I have been involved in JAVA 7 Programming, Oracle Database Design and Programming, JDBC, Hibernate, NoSQL, Web Programming, Android Programming, Project Management.

BİLİŞİM EDUCATION CENTER

CCNA (100 Hours) 2016

Routing-Switching-NAT-Rip-OSPF-EIGRP-VLAN-ACL-IPv6-OSİ Layers -Cisco Network Model-PPP-Frame Relay

BAŞKENT COMMUNICATION SCIENCES ACADEMY

Diction-Effective Speech (30 Hours) 2016

I have attended the diction and effective speech training.

JOB EXPERIENCE

Saha Agency

Field Coordinator / PI. July 2013 - January 2015

When I am in the Saha agency; Saha Activity Supervisor , Human Resources Pool Development Project Officer and Site Data Collection Officer , Field Activity Backoffice I work in departments. What I did during the time I worked:

  • Control of field personnel
  • Product submission
  • Personnel Procurement
  • Personality trail
  • Business Education
  • Interview
  • Field Training
  • Reporting
  • Control of field personnel

Tekfen Construction and Installation AŞ.

Intern - Software Developer- July 2014 - August 2014

I worked in Tekfen Construction and Engineering department in Oracle department. During my one-month internship:

  • Server move operations
  • Server active / passive states
  • Administering and creating users
  • Data entry to Oracle DataBase

Kafein Consulting & Solution

Intern - Software Developer- June 2015 - July 2015

I worked as an internship intern at Caffeine Consulting & Solution. During my one-month internship:

  • Mo-Mt Definitions
  • PİMS Avea Integrations
  • Soap Applications

Türk Telekom

Security Test Specialist January 2019 --

Security Planning Assistant Specialist October 2016 - December 2018

All projects developed under SDLC for AVEA / TTNET / Türk Telekom security requirements were provided and penetration tests were conducted. Vendor company employees are managed within this scope.

  • Application Penetration Testing
  • Web / Mobile / Web Service / Wireless / Network Application Security / MPLS
  • Penetration Testing, Secure SDLC & Threat Modeling,Source Code Review,Secure SDLC & Threat Modeling
  • Vulnerability Assesment Management,PCI DSS Testing,Server vulnerability,Device Security Tests ,Punctuation tests, DNS, Exchange Server tests.
  • Reporting and presentation of findings,Providing assistance to internal customers,To co-ordinate security-related testing of the application development process for both internal and external development teams and third-party agencies,IOT practice tests

Trainings :
  • Presentation Skills , Türk Telekom Start Development Program Participation Certificate
  • Agile Project Management , Basic Project Management
  • Linux / Unix Foundation Training , Applied Network Security
  • Certificate Ethical Hacking ( CEH ),Penetration Testing with Kali Linux , Wifi Training
  • Communication and relationship management , Innovation Training
  • Know yourself Training , Online Coaching Education
  • Professional Image Management , Emotional intelligence , Self Diagnosis Training
  • Thales HSM Hardware Security Module , Positive Psycholog , Skills Educationy , PCI Process

WHAT DID I DO?

  • 2005 : YADEM I participated in the fire and earthquake training seminar and got the participation certificate.
  • 2013 : I got the job security training attendance document at the Saha Agency.
  • 2012-2014 : As a model in BG Agency, I took part in the cast team.
  • 2013- :In organization work; Events, Holiday tours, Cultural tours organized by University Coordinator.
  • 2013 : I trained 150 hours of web software expertise.
  • 2015 : I studied 250 hours of software and database expertise.
  • 2015-2016 : I trained 300 hours of java, android software expertise.
  • 2016 : I got 30 hours of diction and effective speaking.
  • 2016 : I trained for 100 hours of Cisco Certified Network Associate (CCNA) training.
  • 2017 : Türk Telekom Start Inovason Project Presentations and Best Project Presentation
  • 2017 : Türk Telekom, Avea, TTNET PCI Audits
  • 2018 : Yildiz Technical University Graduate (MBA) E-Commerce Security Completion Project
  • 2018 : STM CTF'18 I joined on behalf of Türk Telekom Group as captain of TT.
  • 2018 : E-Commerce Security April 2018 issue e-commerce security article on CyberMag
  • 2018-2019 : BEDAS Security Tests Web, Network, Mobile penetration tests are reported to the company

TECHNICAL SKILLS

PROGRAMMING LANGUAGES

  • 80% Complete
    Java 80%
    • Datatypes and Variables
    • Operators and Expressions
    • Control Flow
    • Methods
    • Using Java Objects
  • 50% Complete
    C++ 50%
    • Small Projects for Hobby
  • 100% Complete
    C#.Net 100%
    • ADO.NET Connected Access / Non-Connected Access
    • Desktop applications with Windows Forms,
    • TCP/IP, Socket applications,
    • Preparing automation systems using Entity Framework and web services.
  • 80% Complete
    ANDROID Programming 80%
    • Activities
    • Resources
    • View and Event Handlers
    • Layouts , Dialogs , Menus , Intent and Broadcast Receıvers

WEB TECHNOLOGIES / SCRIPTING LANGUAGES

  • 75% Complete
    HTML / CSS 75%
    • Div-based responsive designs,
    • Current vehicle experience such as Bootstrap, LESS,
    • User experience knowledge.
  • 60% Complete
    JavaScript 60%
    • Scope concept domination, object oriented designs,
    • DOM management with jQuery, dynamic designs,
    • Use of AngularJS MVW library,
    • Together with Node JS.
  • 70% Complete
    PHP 70%
    • OO Php applications,
    • Wordpress, Drupal, Joomla and CMSs like PhpBB, SMF, vBulletin and forum applications such as the ability to develop knowledge about the possession of the plugin.
    • Development of Admin panel applications,
    • Scripts for collecting data.

DATABASE MANAGEMENT / USE

  • 80% Complete
    MS SQL SERVER 80%
    • Designing the data layer,
    • Experiences on data structures, limitations,
    • SQL language control (package structure, procedure calls, transaction management),
    • Experience in creating and using tables.
    • Information about schema and user authorizations,
    • Information about database link,
  • 80% Complete
    JAVA SQL DEVELOPER (ORACLE) 80%
    • JDBC SQL Programming
    • Using Conversion Functions and Conditional Expressions
    • Using Single-Row Functions to Customize Output
    • Displaying Data from Multiple Tables

OPERATING SYSTEMS / APPLICATION SERVER

  • 90% Complete
    Windows (Server 2008, Server 2012, Server 2013) 90%
    • Information about IIS service ownership,
    • Mastering MS DOS commands,
    • Basic Active Directory knowledge.

PENETRATION TEST PROGRAMS / TOOLS

  • 100% Complete
    Burp-Kali-Nmap-Sqlmap-Netcat-Fuzzer-Skipfish-WireShark 100%
    • Mobile Android-IOS/Web interface/Web Service/Wifi/Java Desktop App./Network/IOT test
    • Application Penetration Testing,Application Security,Source Code Review,Secure SDLC & Threat Modeling,Vulnerability Assesment Management
    • According to the owasp top list, I do leak testing on projects.(XSS , Sql İnj , BruteForce , CSRF , Security Misconfiguration ,Broken Authentication and Session Management etc.)
  • 100% Complete
    Genymotion,AndroBug,MobSF 100%
    • Mobile App Penetration Tests.
  • 90% Complete
    WebInspect,Nessus,JADX,JDGui,OWASP Zap,SOAP ui 90%

    HALL OF FAME

    Hackerone:https://hackerone.com/slife

    Open Bug Bounty :https://www.openbugbounty.org/researchers/omurugurrr/

    Bug Crowd : https://bugcrowd.com/omur

  • 2018 : Bug Bounty Toyota I received a thank you as a result of the unauthorized access I found on the site of toyota.

    https://www.openbugbounty.org/reports/685121/

  • 2018 : Bug Bounty Cabagenda.nl I received a thank you and reward as a result of the xss reflected I found on cabagenda site.
  • 2018 : Bug Bounty Artstation I received a thank you and reward as a result of the sms otp by-pass I found on artstation site.

    https://www.openbugbounty.org/reports/686811/

  • 2018 : Comcast Telecom Hall of Fame I received a thank you and reward as a result of the xss reflected I found on Comcast telecom site.

  • 2018 : Ford Hall of Fame I received a thank you and reward as a result of the xss reflected I found on Ford site.

    https://bugcrowd.com/ford/hall-of-fame

  • 2018 : Pinterest Hall of Fame I received a thank you and reward as a result of the Open Redirect I found on Pinterest site.

    https://bugcrowd.com/pinterest/hall-of-fame

  • 2018 : T-Mobile Hall of Fame I have identified and reported an XSS vulnerability on three different websites of T-mobile..

    https://hackerone.com/t-mobile_h1r_us/thanksa>

  • 2018 : Arkose Labs Hall of Fame I received a thank you and reward as a result of the Brute Force Attack I found on Arkose Labs site.

    https://bugcrowd.com/arkose-labs/hall-of-fame

  • 2018 : Mavenlink Hall of Fame I received a thank you and reward as a result of the xss reflected I found on Mavenlink site.

    https://hackerone.com/slife/thanks

  • 2018 : Dell Hall of Fame I received a thank you and reward as a result of the xss reflected I found on Dell site.

    https://bugcrowd.com/omur

  • 2018: Nokia Hall of Fame Due to the XSS (Stored and Reflected) vulnerability I found on the Nokia Network Analysis product, my step was written on the 'Hall of Fame' page.

    https://networks.nokia.com/responsible-disclosure

  • 2019: HP Bug I have detected XSS vulnerability on the Crm HP website and I've been thanked.
  • 2019: Samsung Bug I have detected XSS vulnerability on the samsung shop website and I've been thanked.
  • 2019: Aeroflot Airlines Bug I have identified and reported an XSS vulnerability on two different websites of Aeroflot
  • 2019: Deutsche Telecom Hall of Fame I discovered a Dom-based XSS vulnerability on Deutsche Telecom and I took my place in the hall of fame page

    https://www.telekom.com/en/corporate-responsibility/data-protection-data-security/security/details/acknowledgements-358300

  • 2019: SOAP UI Bug I received thanks from the XSS (Reflected) weakness I found on the soapUi website
  • Thank you!