BDDK sızma testi nedir?

BDDK sızma testi, Bankacılık Düzenleme ve Denetleme Kurumu'nun bankalara ve finansal kuruluşlara yönelik zorunlu kıldığı periyodik güvenlik denetimidir. Bu testler, bankacılık sistemlerinin siber saldırılara karşı direncini ölçer ve regülasyon uyumunu belgeler.

EPDK sızma testi ne sıklıkla yapılır?

EPDK düzenlemelerine göre enerji sektöründeki kritik altyapı işletmecileri yılda en az bir kez sızma testi yaptırmakla yükümlüdür. OT/SCADA sistemlerini kapsayan testler özel metodoloji gerektirir.

SPK sızma testi kim için zorunludur?

SPK düzenlemeleri kapsamında aracı kurumlar, portföy yönetim şirketleri ve diğer sermaye piyasası kuruluşları düzenli sızma testi yaptırmakla yükümlüdür.

TSE 13638 sertifikalı firma olmanın avantajı nedir?

TSE 13638 standardı, sızma testi hizmeti sunan firmaların akredite edilmesi için Türkiye'de uygulanan ulusal standarttır. TSE 13638 sertifikalı firmalarla çalışmak, yasal yükümlülüklerin karşılanmasını ve denetim süreçlerinde belgesel güvence elde edilmesini sağlar.

Sızma testi fiyatı nasıl belirlenir?

Sızma testi fiyatı; testin kapsamına, hedef sistem sayısına, test süresine, regülasyon gereksinimlerine (BDDK, EPDK, SPK, TSE, PCI-DSS) ve raporlama derinliğine göre değişir. Netlore Security ücretsiz ön görüşme ile kurumunuza özel fiyatlandırma sunar.

Services / Offensive Security / Red Team Operations

Service · Red Team Operations

We test your organization like a real adversary.

Through MITRE ATT&CK-based APT simulations, social engineering and advanced attack scenarios, we test your cyber defense capabilities end to end.

MITRE ATT&CKAPT SimulationSocial EngineeringOSEP / OSCP / CRTOPurple Team

Request a Free Consultation See the Process

Operation ConsoleATT&CK

ATT&CK techniques

Critical access

Detections evaded

Hosts compromised

Attack Chain

Initial AccessSucceeded

Privilege EscalationPartial

Lateral MovementSucceeded

C2 / PersistencePartial

Exfiltration (sim)Detected

01 — Overview

What Is Red Teaming?

Red Team operations are objective-driven security assessments that test your organization's physical and digital defenses against real-world attack scenarios. Unlike traditional penetration testing, red team operations use every available attack vector to reach defined objectives.

Aligned with the MITRE ATT&CK framework, we simulate the tactics, techniques and procedures (TTPs) of APT groups and measure your security teams' detection and response capabilities.

02 — Capabilities

Our Red Team Capabilities

Advanced Attack Simulations

We build realistic attack scenarios using the tactics, techniques and procedures (TTPs) of APT (Advanced Persistent Threat) groups.

Social Engineering

We assess the human factor and measure awareness levels through phishing, vishing and physical security testing.

Zero-Day Research

We conduct vulnerability research tailored to your systems to test the ability to bypass known security solutions.

Purple Team Operations

Through red and blue team collaboration we strengthen your defense mechanisms and optimize detection and response processes.

03 — Operation Process

5-Phase Red Team Operation Process

We run objective-driven attack simulations aligned with the MITRE ATT&CK framework and the Cyber Kill Chain model.

Reconnaissance & Target Analysis

Comprehensive target analysis through OSINT techniques, network discovery, employee profiling and technology fingerprinting. The attack surface is mapped.

Weaponization & Exploit Development

Custom exploits are developed, payloads are prepared and attack tooling is tailored to the target environment. C2 (Command & Control) infrastructure is set up.

Initial Access & Persistence

Initial access is gained through various vectors. Backdoors and persistence mechanisms are established to guarantee long-term access.

Lateral Movement & Privilege Escalation

Lateral movement is performed across the network, privileges are escalated and access to critical systems is achieved.

Objective Completion & Reporting

Defined objectives such as Domain Admin or data-exfiltration simulation are achieved. Detailed TTPs, IoCs and remediation recommendations are reported.

04 — Red Team vs Pentest

Red Team vs Penetration Testing

Red Team operations are far more comprehensive than traditional penetration testing and assess the organization as a whole.

Traditional Pentest

Focuses on specific systems
Short engagements (1-2 weeks)
Known-vulnerability scanning
Technical reporting
System-level assessment

Red Team Operation

Targets the entire organization
Long operations (4-8+ weeks)
APT simulation and custom exploits
Tactical-strategic reporting
People, process and technology assessment

05 — Benefits

Why Run a Red Team Operation?

Measure your organization's cyber maturity, develop your security teams' capabilities and stay prepared for real attacks.

Test your resilience against the advanced techniques real attackers use

Measure and improve your security teams' detection and response capabilities

Evaluate the effectiveness of security solutions such as SIEM, EDR and IDS/IPS

Identify human-factor risks and optimize awareness training

Discover the attack chains that can reach your critical assets

Test your incident response plans against realistic scenarios

06 — Deliverables

Deliverables

Executive Summary: strategic overview for C-level

Tactical Report: TTPs used (MITRE ATT&CK mapping)

IoC List: Indicators of Compromise

Detection Analysis: detection gaps for SOC/Blue Team

Video PoCs: recordings of critical attack steps

Purple Team Recommendations: defense improvement plan

Service · Red Team Operations

Ready to Launch a Red Team Operation?

Run real adversary simulations with our certified OSEP, OSCP and CRTO expert team. Put your security teams and infrastructure to the test.

Request a Free Consultation

Offensive Services

Defensive Services

Training & Consultancy

Security & Compliance

Intelligence & Consulting

Products

Critical Infrastructure

Commercial Sectors