Do you have a CEH or similar certificate or do you have a training in this job?

I was sent to the Certified Ethical Hacker training by the university administration in 2005, the year I first started work, but unfortunately I did not see the added value of education because the information I got from the books and articles I had read so far was far more advanced than the content of education.

I read most pertinent security-related books, mostly for training purposes, to certify the information I have and to use it in my CV.

The security certificates I have are CISSP, OSCP, OPST, CREA, SSCP. I received OSCP (Offensive Security Certified Professional) certification in 2009, based on training and exam practice (you can pass the exam by hacking the target systems) instead of the CEH certificate because CEH training and certification is based on recourse.

They always have to be curious to be a hacker. Is your curiosity enough?

If you are 2-3 years old, your father is taking a toy for you to play master and you are looking ahead and you are getting up and doing what you want to do in this game, you are looking at it and you are 31 years old. how is it hacked, how does this malware work? If yes, perhaps, curiosity is one of the most important factors that enable you to succeed in this business. Of course, curiosity alone is not enough to succeed. Especially in the universities where you are presenting, as I said to your friends who are interested in this work, it is indispensable for you to read and practice abundantly after curiosity.

Whether you are "hacker" or "security expertI "? Or is there a different definition?

The only thing that has not changed since 2000 in the written and visual media is that the title of hırlıya, thırsıza, bilene, do not know hacker is admitted. In the real world of security, hacker is not the person who downloaded, compiled and leaked the exploit code from PacketStorm. The hacker, the parrot, is also called the device that used to copy the bank card and the person who copied the bank card.

Hacker, I'm not a hacker. For me, the hacker is short and roughly a person with programming skills and knowledge, who can write exploit code and exploit security vulnerability. If there was a hacker who could infiltrate the system with a program, today farmers in Farmville should be supermen who wear farmers, tights and cloaks, computer engineers who can use mice and keyboards, and writers of chocolate bananas should be artists.

How can I be a foreigner, a hacker, who can not remember my thirteen-and-thirty-year-old nickname but who is directing me? I asked the question, the answer to me was to know the C programming language, network programming, and use the Linux operating system. When I am able to learn these things and then discover my own weakness of security and write my own exploit code, and if I can learn and share my knowledge with people, I can be a hacker myself with peace of mind. However, the bad luck of the hacker in the written and visual media has led to the emergence of the concept of Ethical Hacker at the point where we come today.

In short, I sometimes use ethical hackers, sometimes ethical hackers, sometimes penetration testers, and sometimes information security experts, because of my awareness.

In one instance, a "security expert" never told me to praise another hacker to another hacker. But anyway, do you have a hacker that you admire and admire?

VUPEN I can say that the team and Charlie Miller's researches are very similar to their work.

Hackers often use the words "lamer" and "expert". What is the true definition of lamer?

In my opinion, lamer is a person who does not have the same technical knowledge and skill as a hacker, but who is attached to programs produced by others, and every microphone is extended, I say hackerim but can not put anything concrete into it.
Now, with the improvement in the law, hacking news, credit card information etc. we were more sensitive than social media. Is it necessary for you to take other measures besides the security protocols of the service used in Social Media?

Perhaps it will be very cliche, but man is the weakest link in safety, so the most basic rule is to be careful and cautious about the service, independently, and not to open messages and attachments from people we do not know.

With the development of Mobilin, security experts were more concerned with the exploits in mobile systems. I think the effect of the operating system here is quite large. Which is the safest mobile operating system in you?

Mobile operating systems are the operating systems that are still in their infancy, so I am not surprised that we often encounter security weaknesses. If you are looking at jailbreaking the iPhone today when it is being exploited to exploit a security vulnerability and if it can be done through a website, it will not be so safe if it works for the Android operating system. But if we take the risk of harmful software infections, if Apple keeps the business tight and controls every code review before uploading it to the App Store, but if Google does not keep it that tight, iPhone (iOS) I can say it's safe. In the meantime, I would also like to point out that every device that you jailbreak or gain root privileges has disabled various security controls, making it vulnerable to security threats.

In recent times, it has often been mentioned that telephone calls can be heard. Is there a non-listening phone or an untrackable messaging app?

The rhetoric of "you may be resting if your smartphone's charge is quickly over" sounds more like rational games of those who want to get wet from this work.

The help of applications on smartphones / devices can be prevented by using various ciphers to track calls, illegal tracing of messaging, but technically all calls can be listened and messaging can be monitored with spyware residing on smartphones / devices and having the highest authority.
I do not think it can be a device that can not be heard from the legal roads

DDoS attacks are the most unattractive and easiest possible attack for many sites. How can small sites counter what to do with this attack?

I believe that blocking DDOS attack with CloudFlare service at the size of 300 GB that occurred and reflected in the last month is the most reasonable solution for small businesses and sites. see

Which antivirus and firewall software do you recommend on Mobilde and Desktop?

It is not realistic to expect mobile operating systems to provide full protection on your system from a software that does not have the highest level of privilege, as applications are run on sandboxes with restricted access and authorization, so you should first rely on Antivirus software used in mobile operating systems It will not be very accurate to hold expectations too high. It will be enough to use any antivirus software from the name.

Desktop antivirus software can be bypassed when you look at a serious cyber attack, can be disabled again by name, such as Symantec, Mcafee, Kaspersky, Eset and so on. it will be useful to use one of the known, well-known manufacturers' antivirus software.

Clickjacking, Fake Application etc. in social networks. what suggestions can you have for end users against attack?

As I mentioned earlier, I would like to be cautious and careful not to open suspicious messages, to click on links (click link), clickjacking, etc., to attack against social networks and social media. use internet browser extensions like application Noscript against application attacks, check permissions that you want against fake applications (permission to send messages, permission to pull buddy list, etc.).

Could you tell us a little bit of hacker groups in Turkey? What are the active groups that everyone should follow?

According to the Turkish Penal Code and international law, I am not aware of a group of hackers who do not commit crime, so I will not be able to find a recommendation.

Turkey so far has been very large exposure to a cyber attack?

I have not yet encountered a sting attack like Stuxnet, Flame and so on which I have heard and / or printed, but I have not been able to detect it with the existing infrastructure and the technologies we use if we encounter it because when you look at APT (advanced persistent threat) We are aware of this kind of cyber attacks after a long time from the attack of nature.

For example, thanks to Kaspersky after the Stuxnet cyber weapon uncovered and used as the Flame malware have learned that there is a command and control center in Turkey. I would like to be able to make such analyzes and determinations with our own domestic resources and be informed of our domestic news sources.

how state institutions in Turkey ready to cyber attacks?

It is not fair to say that if government agencies are hacked by various groups in spite of the bombardment / awareness of cyber security through media and media, especially when we think that these attacks are not cyber attacks carried out with cyber weapons internationally. I hope that with the Cyber ​​Security Institute established in Tübitak, serious steps will be taken to prevent, detect and take actions.

Which country is the most prepared against the cyber attacks in the world?

It is difficult to say anything clear from the outside, but as far as I can see, South Korea has been quite prepared for this. On March 20, with the cyber attack on South Korea, 3 banks and 3 media organizations became inoperable. It is important to note that both the police and the army are alarmed and initiated an investigation within 1 hour of the time you look at, and the preparation of two of the 3 banks to become operational again within 2 hours.

Mert Sarıca

My career life started with sharing with college management the critical security weakness I had discovered on the university's elective course selection in 2003 when I was educated. I was awarded this scholarship by the university administration on this sharing and I was hired as an Ethical Hacker. In 2006 I graduated from Yeditepe University, Information Systems and Technologies department. In 2009, I completed Yeditepe University, English Business Administration (MBA) program.

Since 2007 I have been working as a Senior Penetration Tester / Ethical Hacker in IBTech firm of Finansbank's Information Technologies company. In addition to penetration testing, I specialize in many areas such as malware analysis, reverse engineering and forensic analysis.

I am spending my spare time researching security vulnerabilities, performing malware analysis, developing security tools, and publishing articles on Information Security in my personal webpage to increase the public's awareness of information security.