Çağla AydınSelam :)Çağla AydınBurrowPwner
/arcadeRabbit Run
BUILD MODE / BURROWPWNER LAB
Yapım aşamasındayızBurrowPwner lab is tuning the signal. Some sections are still getting sharper.
UI 82%
IDS VIEW OK

SOC analyst / purple team mindset / Ankara - Istanbul

I trace signals through the dark.

Junior Cyber Security Analyst and Computer Engineer focused on alert analysis, detection validation, incident follow-up, and threat-informed defense.

View OperationsOpen Profile
SIEM
Splunk / QRadar / ArcSight
Mode
SOC + Purple Team
Project
LynxGate Web IDS

everything is logged

I (0000) telemetry: interface armed0/20 EVENTS

THREAT HUNT

IoC correlation
0x4F
TTP
YARA

Live security architecture

Built like a command center, written like a personal signal.

black-rabbit@soc:~online
SOC stack

Alert triage and rule tuning

Enterprise monitoring with SIEM/SOAR, EDR/XDR, threat intelligence, IoC analysis, and false positive reduction.

Attack awareness

Offense-informed defense

Penetration testing labs, AD attack simulations, privilege escalation, web exploitation, and Burp-driven traffic review.

Experience log

Signals collected from real operations.

A cleaner experience board from my CV. Turkcell carries the main SOC story; the other roles stay compact and open into detail panels.

2025 - Present / İstanbul

Cyber Security Analyst, Turkcell

SOC monitoring, alert analysis, malware and log investigations, customer communication, detection validation, rule tuning, false positive reduction, and Purple Team support.

SIEM/SOAREDR/XDRIoC AnalysisPurple TeamCustomer Follow-up

Embedded product screens

LynxGate, shown from the real IDS interface.

LynxGate is my end-to-end Web IDS platform: Snort 3 detection, Docker Compose, FastAPI, Redis, PostgreSQL, and a React SOC dashboard for real-time alert monitoring. This read-only showcase presents the actual product screens without exposing the running system.

  • 7,300+ official Snort web rules
  • SQLi, XSS, path traversal, command injection, and web exploit detection
  • Raw HTTP payloads, PCAP evidence, rule metadata, blacklist checks, and notifications
Core_Secure // AdminCommand Center
read-only product preview
OverviewThreat Mode Active
critical stream
!
Incident in Progress

Critical anomalies detected in protected traffic. Prioritize intrusion events and review evidence packets.

live
128Today's alerts
17Active threats
4Critical alerts
3Secured segments
86%Resolution rate
+42Daily delta
Daily Alert Rhythmlast 24 hours / web gateway
spike 00:18 UTC
Severity Splitcurrent incident window
Critical 24%High 38%Medium 29%
Attack Mixtop detections
SQLi42%
Path Traversal27%
XSS18%
File Exposure13%
Neural Streamlatest IDS events
Password file disclosure185.22.91.44
Union select probe203.0.113.51
Environment file request198.51.100.23
Reflected XSS payload91.208.43.17
IntrusionsIntrusion Events
triage table
Search by Source IP or Attack Type...CriticalFlagged
TimestampAlert TitleSeverityStatus
Selected alert evidencenew
Source
185.22.91.44
Rule
SID 4201001
Protocol
HTTP / TCP
GET /etc/passwd HTTP/1.1 | Host: app.example.com | source: 185.22.91.44

Gateway access log and Snort JSON were correlated, then retained for analyst review.

SecurityDETECTION_RULES
Snort profile
Active profileweb-officialengine in sync
alert tcp any any -> any 80 ( msg:"LOCAL LynxGate custom admin probe"; http_uri; content:"/lg-custom-trigger"; classtype:web-application-attack; sid:1000001; rev:1;
)
IntelligenceThreat Intelligence
7 days
126Period Volume
18Unique Attackers
42%SQLi Ratio
91%Triage Completion

Attack type distribution, protocol mix, severity split, and daily trend analysis from retained IDS telemetry.

DefenseIntrusion Defense
response layer
Blacklist checksactive
Gateway policymonitoring
Email notificationarmed

The Defense screen shows the response layer that turns IDS alerts into operational follow-up: blacklist checks, notification flow, and response state.

ManagementProtected Origins
workspace
app.example.comprotected
demo-origin:8081upstream
ids-gateway:8080edge

The Management screen summarizes how protected web origins connect through the gateway into Snort and backend telemetry.

Black Rabbit arcade

Pixel rabbit carrot run.

A tiny offline-runner inspired arcade mode: jump over packets, collect pixel carrots, and keep the signal alive.

/usr/games/rabbit-runFollow the carrot trail
Score 0Carrots 0
/scoreboardTop Rabbit Signals
  1. Scoreboard loading...

Space / click / tap to jump

Tooling and tactics

Cybersecurity arsenal

SplunkIBM QRadarArcSightSOARCarbon BlackNetWitnessRecorded FutureMalware AnalysisIoC AnalysisRule TuningBurp SuiteNmapMetasploitSQLmapActive DirectoryPythonDockerFortinet

Contact

Send a signal.

Available for cybersecurity collaboration, SOC analysis, defensive research, and security-focused engineering work.

linkedin.com/in/justcaglaagithub.com/BlacxRabbit
waiting_for_signal()