Precision in Offensive Security

Offensive
Security Professional.

Cyber Security Engineer with 3+ years of hands-on experience in enterprise penetration testing. Specializing in external & internal network assessments, Active Directory exploitation, and full-scope offensive security engagements.

View Skills Certifications
$ Active Directory
$ Network Pentest
$ Web App Testing
$ Social Engineering
$ Wireless Testing
$ Red Team Ops
$ Active Directory
$ Network Pentest
$ Web App Testing
$ Social Engineering
$ Wireless Testing
$ Red Team Ops
// Frameworks
OWASP
NIST
CREST
PTES
ISO 27001
TS 13638
Irfan Can Bogac
Pentest · Red Team · Cyber Security
About Me

Irfan Can Bogac

Penetration Tester and Offensive Security Professional with 3+ years of hands-on experience in enterprise penetration testing, specializing in external and internal network assessments, Active Directory security assessments, and attack path analysis.

Experienced in full-scope penetration testing engagements covering reconnaissance, vulnerability assessment, exploitation, privilege escalation, post-exploitation, and security validation across enterprise environments.

Skilled in web application penetration testing, mobile security testing, API security testing, and wireless security assessments, with hands-on experience in social engineering simulations and adversary emulation.

Proficient in identifying critical security weaknesses, validating security controls, and delivering remediation guidance to strengthen organizational security posture. Also contributed to Cyber Threat Intelligence (CTI) and threat analysis initiatives.

Location
Istanbul, Turkey
Languages
Turkish · English
Focus
Offensive Security
Certifications

Credentials & Recognition

Industry-recognized certifications validating hands-on offensive security expertise.

CRTP
Certified Red Team Professional
Altered Security
Advanced Active Directory-focused cert covering enterprise domain exploitation, Kerberos attacks, privilege escalation, and lateral movement.
View Credential ↗
CPTS
Certified Penetration Testing Specialist
Hack The Box
Full-scope penetration testing lifecycle covering AD exploitation, pivoting, service/web attacks, and professional reporting.
View Credential ↗
CNPen
Certified Network Pentester
PentestingExams — Mar 2026
Practical skills in network penetration testing, vulnerability assessment, exploitation techniques, and attack surface analysis. Passed with Merit.
View Credential ↗
TSE
Licensed Penetration Tester
Turkish Standards Institution
Turkey-based penetration testing qualification focusing on internal and external network security assessments.
View Credential ↗
EHE
Hacking Essentials
EC-Council
Foundational cybersecurity certification covering core offensive security concepts and ethical hacking principles.
View Credential ↗
Technical Skills

Areas of Expertise

Hands-on skills across the full offensive security spectrum.

// External Network
Attack Surface Mapping Service Enumeration Vulnerability Assessment Exploitation Asset Discovery Web Security Testing Remote Access Testing
// Internal Network
Internal Reconnaissance Credential Attacks Password Reuse Privilege Escalation Lateral Movement Post-Exploitation
// Active Directory
Domain Enumeration Kerberoasting AS-REP Roasting Pass-the-Hash Pass-the-Ticket ACL Abuse DCSync BloodHound ADCS Attacks
// Web Application
OWASP Top 10 Burp Suite SQL Injection XSS Auth Testing Business Logic API Security File Upload Attacks Command Injection
// Mobile & Wireless
Android Testing iOS Testing Traffic Interception Insecure Data Storage Mobile API Security WPA2/WPA3 Packet Analysis Client Isolation
// Social Engineering
Phishing Simulation GoPhish User Awareness Testing Security Awareness Assessment Adversary Emulation
// Tools & Languages
Impacket Netexec CrackMapExec Ligolo-ng Nessus Nmap Python Bash PowerShell
Certification Path

Professional Transcript

Verified training path and module completions from multiple certification platforms.

Certification Transcript — irfan can bogac
// Certification Obtained
HTB Certified Penetration Testing Specialist
28 Modules · Medium · Penetration Testing
HTB Academy
28 Modules — 100% Path Completed
Penetration Testing ProcessGeneral
Getting StartedOffensive
Network Enumeration with NmapOffensive
FootprintingOffensive
Information Gathering — WebOffensive
Vulnerability AssessmentOffensive
File TransfersOffensive
Shells & PayloadsOffensive
Using the Metasploit FrameworkOffensive
Password AttacksOffensive
Attacking Common ServicesOffensive
Pivoting, Tunneling & Port ForwardingOffensive
Active Directory Enum & AttacksOffensive
Using Web ProxiesOffensive
Attacking Web Apps with FfufOffensive
Login Brute ForcingOffensive
SQL Injection FundamentalsOffensive
SQLMap EssentialsOffensive
Cross-Site Scripting (XSS)Offensive
File InclusionOffensive
File Upload AttacksOffensive
Command InjectionsOffensive
Web AttacksOffensive
Attacking Common ApplicationsOffensive
Linux Privilege EscalationOffensive
Windows Privilege EscalationOffensive
Documentation & ReportingGeneral
Attacking Enterprise NetworksOffensive
Certified Red Team Professional (CRTP)
13 Modules · Medium Penetration Testing
Altered Security
Red Team Lab — Active Directory Course Outline
I. Active Directory EnumerationOffensive
II. Offensive PowerShell TradecraftOffensive
III. Offensive .NET TradecraftOffensive
IV. Local Privilege EscalationOffensive
V. Domain Privilege EscalationOffensive
VI. Domain Persistence and DominanceOffensive
VII. Cross Trust AttacksOffensive
VIII. Abusing AD CSOffensive
IX. Defenses and bypass – MDE EDRDefense
X. Defenses and bypass – MDIDefense
XI. Defenses and bypass – Architecture and Work Culture ChangesDefense
XII. Defenses – MonitoringDefense
XIII. Defenses and Bypass – DeceptionDefense
Writing

CTF Writeups & Research

Documented attack chains, CTF solutions, and offensive security research — published on Medium.

Methodology

How I work

A strategic, human-led approach — looking for what automated tools miss.

01
Analysis & Recon
Understanding business logic and mapping the attack surface before touching a single tool.
02
Strategic Planning
Custom attack strategy tailored to the specific technology stack and requirements.
03
Manual Exploitation
Deep-dive manual testing to uncover complex logic flaws and critical vulnerabilities.
04
Remediation
Clear, actionable reports with guidance to help teams fix issues effectively.
Find Me

Get in touch

For information exchange on penetration testing methodologies, application security analyses, or technical topics, feel free to contact me.

// location
Istanbul, Turkey
// linkedin
linkedin.com/in/hackyman
// Profiles & Platforms
Hack The Box
Public Profile · Lab & Academy
LinkedIn
linkedin.com/in/hackyman
Medium
CTF Writeups & Security Research