My Story: From Ordinary Software Developer to Offensive Security Enthusiast
I’m Onurcan, Bilkent University Information Systems and Technologies student with a passion for ethical hacking, also known as penetration testing. My journey in this field wasn’t always ethical, though. Let me share my story.
Early Exploration (2010–2015):
As a curious teenager between 2010 and 2015, I found myself drawn to the world of “hacking.” Back then, my understanding was limited, and I primarily focused on finding valid accounts through methods like Google Dorks and leaked databases because I have to find a way to compromise or get accounts have in-game resources. Even if they do not affect my game experience, I had lack of knowledge about tools like Metasploit or Network Mapper. I was relying solely on manual techniques. While I didn’t possess programming skills like C or Python, I spent countless hours searching for tools to automate the valid account harvesting process.
One such tool I discovered was Havij, designed for identifying SQL injection vulnerabilities. However, my understanding remained limited to its functionality, lacking the technical knowledge behind its workings. My primary focus at the time was on hacking online and offline games, manipulating resources like in-game currency or character abilities. While I never developed my own tools, I occasionally purchased them from third-party vendors. I bought them just to understand the logic behind them.
For offline games, I used tools like Cheat Engine to manipulate memory address values, granting myself advantages like speed hacks. However, I soon realized the limitations of these methods, as they only affected my local game data and couldn’t impact online servers. This realization sparked my interest in database technology, understanding its role in maintaining real-time game data.
Shifted Perspective On Hacking Approach:
As a child, my family did not allow me to buy in-game purchases, it was prompting me to explore alternative methods. This led me to discover “cracking,” which involved using leaked databases and brute-force attacks to obtain account credentials. However, I had lack of the technical knowledge to delve deeper into these methods.
Throughout high school, my academic focus wasn’t on traditional subjects like math or science. My passion lay in exploring network traffic using tools like Wireshark and attempting to hack devices. This lack of interest in academics led me to retake the YKS university entrance exam two times. While I eventually find a similar spot in my desired field at Bilkent University, my initial attempts reflected my focus on hacking over traditional studies.
Embracing Ethical Hacking:
During my university years, I actively participated in Capture the Flag (CTF) platforms to gain practical experience. Initially, I struggled to grasp the concept, believing it solely involved using automated tools. However, I gradually realized the true purpose: developing a “pentester” mindset, thinking like an attacker to identify and exploit vulnerabilities ethically. This revelation marked a turning point, introducing me to the world of ethical hacking and penetration testing.
My Passion Today:
While I enjoy developing web applications and interactive technologies using various frameworks, my true passion lies in the realm of offensive security. I find myself more drawn to the challenge of identifying vulnerabilities in web applications, binary exploits, APIs, and container technologies like LXD/LXC, and responsibly reporting them to the relevant organizations.
This passion sets me apart from many of my peers, who often prioritize building and interacting with fullstack systems for huge salaries. My focus is on exploring vulnerabilities and reporting them to related organizations. While I recognize the importance of both aspects for academic success, I believe personal fulfillment lies in pursuing one’s true passion.
This is my story — a journey from curious exploration to embracing ethical hacking as my calling. I believe in continuous learning and collaboration, and I’m excited to share my knowledge and contribute to the ever-evolving field of offensive security.
