skip to content
Caglar Sayin

Caglar's CV

Education

  • M.S, Information Security
    Norwegian Information Security Lab, Norwegian University of Science and Technology, Gjovik, Norway

  • B.S, Computer Science (Erasmus Programme)
    Malardalens University, Vasterous, Sweden

  • B.S, Computer Engineering
    Isik University, Istanbul, Turkey

Master’s Thesis

  • Title: Obfuscating Malware through Cache Memory Architecture Features
  • Supervisor: Prof. Dr. Stephen Wolthusen
  • Description: Developed theoretical methods for obfuscating malware in multi-processor systems using caches as a private memory to evade main memory observer systems and other conventional static data analysis. Explored cache behaviors and efficiency optimization and discussed implementation issues arising from interactions between cache coherence mechanisms and Harvard architecture implementations.

Bachelor’s Thesis

  • Title: Bypassing Firewalls with Covered Channel Techniques
  • Supervisor: Prof. Dr. Ercan Solak
  • Description: Surveyed firewall bypassing techniques and proposed a practical and distributed DNS tunneling method to enhance communication anonymity.

  • Staff Security Engineer, Delivery Hero SE, Berlin

    • Conduct penetration testing to identify vulnerabilities and improve security posture.
    • Develop automated SAST tool(with Semgrep) to scan all the Git “Pull Requests” with Kubernetes and SAST and report over Github UI and interract with developers.
    • Develop automated web scanner(with Nuclei) for the all the public instance on Cloudflare, AWS, GCloud etc with Kubernetes.
    • Lead the security tooling development and build lots of gadgets in the project called InspectorGadget.
    • Design and implement security architecture that aligned with industry best practices.
    • Responsible for the entire application security function until the team was created.
    • Established the Application Security Guild and organized bi-weekly “Hack and Pizza” events.
    • Led the design of secure services and provided technical leadership for the implementation of PCI/DSS projects.
    • Gained extensive experience in Delivery Hero, which is one of the fastest-growing and innovative technology companies in the food delivery industry.

  • Senior Application Security Engineer, ResearchGate GmbH, Berlin
    Responsible for application security, identifying emerging vulnerabilities, risks, and threats during design iterations and providing appropriate countermeasures, reviewing and testing open source and proprietary code, building custom tools, scripts, libraries, and platforms to test security and improve security, and delivering relevant application security training and mentorship to development teams.

  • Security Engineer, Fyber GmbH, Berlin
    Built up a security department from scratch, assessed all application security assessments, and tried to build Security Information and Event Management process.

  • Application Security Architect, Sony Int., Istanbul
    Involved in the design of main and critical Sony applications.

  • Application Security Analyst, Sony Int., Istanbul
    Led external penetration test teams, analyzed and took actions to mitigate or prevent application level risks, and was part of “Advanced Testing Services” in “Global Application Security” Department.

  • Security Researcher, NISLab, Gjovik
    Conducted research on information security and wrote several theoretical and applied papers in the field.

  • Security Researcher, Netsparker, London
    Worked on Netsparker core project, a web application security scanner to automatically find security flaws in websites, web applications, and web services.

  • Penetration Tester, Faraday Security, Istanbul
    Conducted security auditing, penetration testing, and black-box analysis of closed systems.

  • Python, PHP, C, Rust, GoLANG, Forth, JS, Assembly (x86, ARM, MIPS)
  • Web development frameworks like Django, Web2py, Flask, Rails, and PHPSynfony

Personal Projects

  • Chrome extension malware - JS
  • Linux kernel mode malware - Rust
  • PoC hybridmorphic(Poly/Metamorphic) obfuscation engine - Assembly x86
  • Several Burp Extension
  • BooFuzz(Suley) Contribution
  • PoC Multi-dimensional covert channel tunneling - Python