BR Cagla Aydin Black Rabbit Security
BUILD MODE / BLACK RABBIT LAB
Yapım aşamasındayız Black Rabbit lab is tuning the signal. Some sections are still getting sharper.
UI 82%
IDS VIEW OK

SOC analyst / purple team mindset / Ankara - Istanbul

I trace signals through the dark.

Junior Cyber Security Analyst and Computer Engineer focused on alert analysis, detection validation, incident follow-up, and threat-informed defense.

View Operations Open Profile
SIEM
Splunk / QRadar / ArcSight
Mode
SOC + Purple Team
Project
LynxGate Web IDS

THREAT HUNT

IoC correlation
0x4F
TTP
YARA

Live security architecture

Built like a command center, written like a personal signal.

black-rabbit@soc:~ online
SOC stack

Alert triage and rule tuning

Enterprise monitoring with SIEM/SOAR, EDR/XDR, threat intelligence, IoC analysis, and false positive reduction.

Attack awareness

Offense-informed defense

Penetration testing labs, AD attack simulations, privilege escalation, web exploitation, and Burp-driven traffic review.

Experience log

Signals collected from real operations.

2025 - Present

Cyber Security Analyst, Turkcell

SOC monitoring, security alert analysis, malware and log investigations, customer communication, detection validation, and Purple Team support.

2026 - Present

Campus Ambassador, Hackviser

Cybersecurity webinars, community communication, practical knowledge sharing, and technical content facilitation.

2025

Network and Information Security Intern

Firewall configuration, network segmentation, secure infrastructure deployment, routers, switches, and access points.

2022 - 2026

B.Sc. Computer Engineering

Ostim Technical University, English program, with a cybersecurity-focused engineering path.

Featured build

LynxGate Web IDS Platform

End-to-end web intrusion detection platform using Snort 3, Docker Compose, FastAPI, Redis, PostgreSQL, and a live React dashboard for real-time alert monitoring.

  • 7,300+ official Snort web rules
  • SQLi, XSS, path traversal, command injection, file exploit detection
  • Raw HTTP payload enrichment, PCAP evidence, rule metadata, and notifications
Traffic Snort 3 FastAPI Redis PostgreSQL React SOC

Embedded product screens

LynxGate, shown from the real IDS interface.

A read-only product showcase based on the actual dashboard pages: Overview, Intrusions, Detection Rules, and Threat Intelligence. Visitors see the IDS experience without getting access to the running system.

Core_Secure // Admin Command Center
read-only product preview
Overview Threat Mode Active
critical stream
!
Incident in Progress

Critical anomalies detected in protected traffic. Prioritize intrusion events and review evidence packets.

live
128Today's alerts
17Active threats
4Critical alerts
3Secured segments
86%Resolution rate
+42Daily delta
Daily Alert Rhythm last 24 hours / web gateway
spike 00:18 UTC
Severity Split current incident window
Critical 24% High 38% Medium 29%
Attack Mix top detections
SQLi42%
Path Traversal27%
XSS18%
File Exposure13%
Neural Stream latest IDS events
Password file disclosure185.22.91.44
Union select probe203.0.113.51
Environment file request198.51.100.23
Reflected XSS payload91.208.43.17
Intrusions Intrusion Events
triage table
Search by Source IP or Attack Type... Critical Flagged
TimestampAlert TitleSeverityStatus
Selected alert evidence new
Source
185.22.91.44
Rule
SID 4201001
Protocol
HTTP / TCP
GET /etc/passwd HTTP/1.1 | Host: app.example.com | source: 185.22.91.44

Gateway access log and Snort JSON were correlated, then retained for analyst review.

Security DETECTION_RULES
Snort profile
Active profile web-official engine in sync 
alert tcp any any -> any 80 (
  msg:"LOCAL LynxGate custom admin probe";
  http_uri; content:"/lg-custom-trigger";
  classtype:web-application-attack;
  sid:1000001; rev:1;
)
Intelligence Threat Intelligence
7 days
126Period Volume
18Unique Attackers
42%SQLi Ratio
91%Triage Completion

Attack type distribution, protocol mix, severity split, and daily trend analysis from retained IDS telemetry.

Defense Intrusion Defense
response layer
Blacklist checksactive
Gateway policymonitoring
Email notificationarmed

The Defense screen shows the response layer that turns IDS alerts into operational follow-up: blacklist checks, notification flow, and response state.

Management Protected Origins
workspace
app.example.comprotected
demo-origin:8081upstream
ids-gateway:8080edge

The Management screen summarizes how protected web origins connect through the gateway into Snort and backend telemetry.

Tooling and tactics

Cybersecurity arsenal

SplunkIBM QRadarArcSightSOAR Carbon BlackNetWitnessRecorded Future Malware AnalysisIoC AnalysisRule Tuning Burp SuiteNmapMetasploitSQLmap Active DirectoryPythonDockerFortinet

Contact

Send a signal.

Available for cybersecurity collaboration, SOC analysis, defensive research, and security-focused engineering work.

linkedin.com/in/justcaglaa github.com/BlacxRabbit