Vulnerability-Based Enrichment of Türkiye-Specific Cyber Threat Intelligence: Proactive Threat Hunting and Critical Vulnerability Analysis with TR-CERT and Exploit-DB Integration

This study introduces a framework for cyber threat intelligence aimed at enhancing Türkiye’s proactive cybersecurity capabilities, specifically addressing security vulnerabilities. A geographic analysis involving 11,911 malicious IP addresses and 6,927 malicious URLs from the National Cyber Incident Response Center (TR-CERT) facilitated the formation of intelligence-driven geographic blocking firewall policies, thus reinforcing proactive network defense strategies. The research correlated threat indicators from TR-CERT with exploit intelligence from the open-source Exploit-DB platform, establishing connections between Indicators of Compromise (IoCs) and security vulnerabilities. Risk calibration maps were developed to match these vulnerabilities with the Open Web Application Security Project (OWASP) Top 10 risk categories and validated against the National Vulnerability Database (NVD). This prioritization took into account vulnerability prevalence, Common Vulnerability Scoring System (CVSS) scores, exploitability levels, and potential impact. In addition, a dynamic risk scoring model based on Monte Carlo simulation was also used to estimate vulnerability risks, with exploitability serving as the probability parameter and CVSS scores as the impact parameter. The findings underscore that integrating exploit-focused vulnerability intelligence into national cyber threat intelligence processes can significantly enhance the development of more effective and intelligence-driven cyber defense architectures in rapidly evolving threat environments.