BRCagla AydinBlack Rabbit Security
/arcadeRabbit Run
BUILD MODE / BLACK RABBIT LAB
Yapım aşamasındayızBlack Rabbit lab is tuning the signal. Some sections are still getting sharper.
UI 82%
IDS VIEW OK

SOC analyst / purple team mindset / Ankara - Istanbul

I trace signals through the dark.

Junior Cyber Security Analyst and Computer Engineer focused on alert analysis, detection validation, incident follow-up, and threat-informed defense.

View OperationsOpen Profile
SIEM
Splunk / QRadar / ArcSight
Mode
SOC + Purple Team
Project
LynxGate Web IDS

THREAT HUNT

IoC correlation
0x4F
TTP
YARA

Live security architecture

Built like a command center, written like a personal signal.

black-rabbit@soc:~online
SOC stack

Alert triage and rule tuning

Enterprise monitoring with SIEM/SOAR, EDR/XDR, threat intelligence, IoC analysis, and false positive reduction.

Attack awareness

Offense-informed defense

Penetration testing labs, AD attack simulations, privilege escalation, web exploitation, and Burp-driven traffic review.

Experience log

Signals collected from real operations.

2025 - Present

Cyber Security Analyst, Turkcell

SOC monitoring, security alert analysis, malware and log investigations, customer communication, detection validation, and Purple Team support.

2026 - Present

Campus Ambassador, Hackviser

Cybersecurity webinars, community communication, practical knowledge sharing, and technical content facilitation.

2025

Network and Information Security Intern

Firewall configuration, network segmentation, secure infrastructure deployment, routers, switches, and access points.

2022 - 2026

B.Sc. Computer Engineering

Ostim Technical University, English program, with a cybersecurity-focused engineering path.

Featured build

LynxGate Web IDS Platform

End-to-end web intrusion detection platform using Snort 3, Docker Compose, FastAPI, Redis, PostgreSQL, and a live React dashboard for real-time alert monitoring.

  • 7,300+ official Snort web rules
  • SQLi, XSS, path traversal, command injection, file exploit detection
  • Raw HTTP payload enrichment, PCAP evidence, rule metadata, and notifications
TrafficSnort 3FastAPIRedisPostgreSQLReact SOC

Embedded product screens

LynxGate, shown from the real IDS interface.

A read-only product showcase based on the actual dashboard pages: Overview, Intrusions, Detection Rules, and Threat Intelligence. Visitors see the IDS experience without getting access to the running system.

Core_Secure // AdminCommand Center
read-only product preview
OverviewThreat Mode Active
critical stream
!
Incident in Progress

Critical anomalies detected in protected traffic. Prioritize intrusion events and review evidence packets.

live
128Today's alerts
17Active threats
4Critical alerts
3Secured segments
86%Resolution rate
+42Daily delta
Daily Alert Rhythmlast 24 hours / web gateway
spike 00:18 UTC
Severity Splitcurrent incident window
Critical 24%High 38%Medium 29%
Attack Mixtop detections
SQLi42%
Path Traversal27%
XSS18%
File Exposure13%
Neural Streamlatest IDS events
Password file disclosure185.22.91.44
Union select probe203.0.113.51
Environment file request198.51.100.23
Reflected XSS payload91.208.43.17
IntrusionsIntrusion Events
triage table
Search by Source IP or Attack Type...CriticalFlagged
TimestampAlert TitleSeverityStatus
Selected alert evidencenew
Source
185.22.91.44
Rule
SID 4201001
Protocol
HTTP / TCP
GET /etc/passwd HTTP/1.1 | Host: app.example.com | source: 185.22.91.44

Gateway access log and Snort JSON were correlated, then retained for analyst review.

SecurityDETECTION_RULES
Snort profile
Active profileweb-officialengine in sync
alert tcp any any -> any 80 ( msg:"LOCAL LynxGate custom admin probe"; http_uri; content:"/lg-custom-trigger"; classtype:web-application-attack; sid:1000001; rev:1;
)
IntelligenceThreat Intelligence
7 days
126Period Volume
18Unique Attackers
42%SQLi Ratio
91%Triage Completion

Attack type distribution, protocol mix, severity split, and daily trend analysis from retained IDS telemetry.

DefenseIntrusion Defense
response layer
Blacklist checksactive
Gateway policymonitoring
Email notificationarmed

The Defense screen shows the response layer that turns IDS alerts into operational follow-up: blacklist checks, notification flow, and response state.

ManagementProtected Origins
workspace
app.example.comprotected
demo-origin:8081upstream
ids-gateway:8080edge

The Management screen summarizes how protected web origins connect through the gateway into Snort and backend telemetry.

Black Rabbit arcade

Pixel rabbit carrot run.

A tiny offline-runner inspired arcade mode: jump over packets, collect pixel carrots, and keep the signal alive.

/usr/games/rabbit-runFollow the carrot trail
Score 0Carrots 0
Space / click / tap to jump

Tooling and tactics

Cybersecurity arsenal

SplunkIBM QRadarArcSightSOARCarbon BlackNetWitnessRecorded FutureMalware AnalysisIoC AnalysisRule TuningBurp SuiteNmapMetasploitSQLmapActive DirectoryPythonDockerFortinet

Contact

Send a signal.

Available for cybersecurity collaboration, SOC analysis, defensive research, and security-focused engineering work.

linkedin.com/in/justcaglaagithub.com/BlacxRabbit