BDDK sızma testi nedir?

BDDK sızma testi, Bankacılık Düzenleme ve Denetleme Kurumu'nun bankalara ve finansal kuruluşlara yönelik zorunlu kıldığı periyodik güvenlik denetimidir. Bu testler, bankacılık sistemlerinin siber saldırılara karşı direncini ölçer ve regülasyon uyumunu belgeler.

EPDK sızma testi ne sıklıkla yapılır?

EPDK düzenlemelerine göre enerji sektöründeki kritik altyapı işletmecileri yılda en az bir kez sızma testi yaptırmakla yükümlüdür. OT/SCADA sistemlerini kapsayan testler özel metodoloji gerektirir.

SPK sızma testi kim için zorunludur?

SPK düzenlemeleri kapsamında aracı kurumlar, portföy yönetim şirketleri ve diğer sermaye piyasası kuruluşları düzenli sızma testi yaptırmakla yükümlüdür.

TSE 13638 sertifikalı firma olmanın avantajı nedir?

TSE 13638 standardı, sızma testi hizmeti sunan firmaların akredite edilmesi için Türkiye'de uygulanan ulusal standarttır. TSE 13638 sertifikalı firmalarla çalışmak, yasal yükümlülüklerin karşılanmasını ve denetim süreçlerinde belgesel güvence elde edilmesini sağlar.

Sızma testi fiyatı nasıl belirlenir?

Sızma testi fiyatı; testin kapsamına, hedef sistem sayısına, test süresine, regülasyon gereksinimlerine (BDDK, EPDK, SPK, TSE, PCI-DSS) ve raporlama derinliğine göre değişir. Netlore Security ücretsiz ön görüşme ile kurumunuza özel fiyatlandırma sunar.

Blog & Insights

Field-tested technical analyses, vulnerability research and threat intelligence

Real operation analyses, CVE discoveries and defense recommendations from the Netlore Security research and red team.

★ Featured · Red Team

From a Meeting Room to Domain Admin: An End-to-End Attack Chain on a Production Network

An end-to-end technical analysis of a real red team engagement conducted under written authorization: from anonymous access to a meeting room and copying the door booking tablet's MAC to bypass NAC (802.1X/MAB), through an unauthenticated MongoDB, a clear-text domain password, a Trend Micro Apex One pre-auth deserialization RCE (CVE-2025-49219), SYSTEM via PrintSpoofer, and Domain Admin through a shared local admin. The fall of an entire forest without a single 0-day, with blue-team defenses for each stage.

June 6, 2026 20 minRead More

// tags

Red Team → NAC Bypass → Active Directory → CVE-2025-49219 → Deserialization → Pass-the-Hash

Case Study8 min

Three Years, Three Decisions, One Breach: The Silent Story of an API Vulnerability

A vulnerability closed in 2024 led to the exposure of 3,000 corporate customers' data in 2026.

May 2026Read

Vulnerability Research10 min

CVE-2025-69848: Reflected XSS in NetBox ProtectedError Handling

Technical analysis of a Reflected XSS vulnerability discovered by the Netlore Security research team in the NetBox platform. Caused by improper use of Django's mark_safe(), this flaw affects all versions from 2.11.0 through 3.7.x.

February 3, 2026Read

Red Team20 min

PSRansom Readiness Assessment: Bypassing MDE on a Hardened Windows 11 Endpoint

A full-scope ransomware readiness engagement using PSRansom against a Windows 11 enterprise endpoint protected by Microsoft Defender for Endpoint. Step-by-step walkthrough of AMSI bypass, ETW tampering, obfuscation chains, and C2 key-exchange redesign — with operational code masked.

September 18, 2025Read

Threat Intelligence15 min

NTLM Coercion Attacks: Technical Analysis and Mitigation Strategies

A comprehensive examination of NTLM Coercion techniques, attack vectors, and the critical security measure of disabling NTLM authentication.

May 15, 2025Read

Red Team20 min

Kerberoasting to Domain Admin: A Complete Active Directory Attack Chain

A detailed technical walkthrough of a real-world red team engagement where Kerberoasting was used as the pivotal technique to escalate from a low-privileged domain user to Domain Admin. Covers SPN enumeration, offline hash cracking, pass-the-ticket lateral movement, and full MITRE ATT&CK mapping with blue team detection recommendations.

March 10, 2026Read

Red Team25 min

Red Team Operation: LockBit Ransomware Simulation - Technical Case Study

Detailed technical analysis of a Red Team operation simulating LockBit ransomware group tactics in a corporate environment. Attack chain with compromised VPN, Cobalt Strike C2 infrastructure, and custom evasion techniques, mapped to MITRE ATT&CK framework with comprehensive findings and recommendations.

January 2, 2025Read

Be the first to know about new posts

Get technical analyses, CVE discoveries and red team case studies straight to your inbox.

Offensive Services

Defensive Services

Training & Consultancy

Security & Compliance

Intelligence & Consulting

Products

Critical Infrastructure

Commercial Sectors