Huseyin Gunay

As an accomplished cybersecurity consultant, I specialize in delivering advanced, end-to-end security solutions across diverse environments—including SMBs, enterprises, government agencies, and ASX-listed companies. With hands-on expertise in SIEM platforms (Splunk, ELK Stack), EDR solutions (Microsoft Defender for Endpoint, CrowdStrike Falcon), and cloud-native security tools (AWS Security Hub, Azure Defender), I help organizations strengthen their security posture through automation and actionable threat intelligence.

I possess in-depth experience in web and mobile application security, cloud infrastructure, and network-level defense, leveraging tools like Burp Suite, Nmap, Wireshark, Metasploit, and Nessus. My Red Team operations span advanced threat simulation, phishing campaigns, and physical security assessments—constantly adapting to evolving APT tactics.

With a strong foundation in Python scripting, API automation, and Linux-based environments, I build scalable solutions that streamline detection, response, and threat-hunting workflows. I have worked extensively with DevSecOps pipelines, integrating tools like Docker, Kubernetes, GitLab CI/CD, and infrastructure-as-code technologies such as Terraform to embed security throughout the development lifecycle.

Passionate about knowledge sharing and mentorship, I translate complex cybersecurity challenges into clear, strategic insights for executives and technical teams alike. I am committed to delivering security outcomes that not only protect critical assets but also align with business growth and operational resilience.

Jan 2024 - Mar 2024
CH4OS Malware
Utilized phishing tools that used SET and XSS attacks with BeEF, along with keyloggers, to obtain login details.
Implemented strong encryption algorithms like AES and RSA using libraries such as OpenSSL or Cryptography in Python to secure communication channels between infected hosts and C2 servers. Utilized keylogger software that used PyKeylogger to capture keystrokes and intercept login credentials as users type them. Utilized exploitation frameworks that used BlueRanger and BLE packet obfuscation to spread through Bluetooth while evading detection.

Oct 2023 - Oct 2023
Enumeration For Subdomains Using DNS
Enhanced the subdomain discovery process by identifying potentially missed subdomains.
Provided a more thorough exploration of the target domain's subdomain space, improving the overall reconnaissance process.
Utilized scripting or programming languages such as Python and Bash to automate the subdomain enumeration and connection attempts.
Utilized libraries or frameworks such as Requests (Python) and cURL (Bash) for making HTTP requests and handling responses.
Provided insights into the domain's subdomain structure and potentially overlooked entry points for security assessment or penetration testing purposes.

Aug 2023 - Sep 2023
Gathering .js and .html Files From Target Website
Examining critical website files, including JavaScript (JS) and HTML pages, to identify potential vulnerabilities.
Recognized the limitations of conventional tools such as Nessus, Burp Suite, and Nikto in providing in-depth analysis of these files.
Offered advanced features such as static code analysis, vulnerability scanning, and pattern recognition specific to web application security.
Utilized parsing libraries or frameworks such as BeautifulSoup (Python) and Cheerio (JavaScript) for extracting and analyzing HTML and JS content.

Mar 2023 - Apr 2023
Advanced Brute Forcing with SSH
Developed a script to perform a brute force attack on SSH servers, attempting to guess login credentials.
Programming languages such as Python and Bash were used to create the script.
Engaged in "quick and dirty" coding practices to rapidly prototype and deploy the attack script.
Validated the script's performance under different network conditions and against target servers with varying levels of security measures.

Mar 2023 - Mar 2023
Hash Cracker v2.0
Leveraged Python's built-in hashlib library for efficient and versatile hash cracking.
Provided access to various hash algorithms such as MD5, SHA-1, SHA-256, etc., allowing for comprehensive testing across different cryptographic hashing methods.
Exploited Python's multiprocessing capabilities to implement parallelized hash cracking, enhancing performance and scalability.
Optimized hash cracking algorithms for speed and efficiency, leveraging techniques such as precomputed hash tables (rainbow tables) or GPU acceleration for computationally intensive tasks.

Jun 2023 - Jun 2023
Advanced Keylogger (Banner of Services for Forced Open Ports Included)
Developed a Python-based keylogger to capture keystrokes and transmit them to a designated server.
Enhanced the keylogger's capabilities by incorporating port scanning and banner grabbing functionality.
Utilized Python libraries such as socket and nmap to scan for open ports on target systems and retrieve service banners to identify running services.
Stands out from traditional keyloggers by offering advanced features like port scanning and RCE capabilities.
Utilizes Python's low-level socket APIs for capturing keystrokes and establishing encrypted communication channels with the remote server.