Mathematics & Computer Science student applying statistics to threat detection.
I work on the blue-team side of security — detection engineering, threat hunting and threat intelligence — and I like problems where math actually earns its keep: separating malicious network behavior from noise, scoring risk, correlating weak signals into campaigns.
- 🎓 3rd-year Mathematics & Computer Science @ Eskişehir Osmangazi University
- 🛡️ CTI Academy PRISM certified (Cyber Threat Intelligence) · Siber Vatan cybersecurity program trainee
- 🤝 General Coordinator @ ESOGÜ MACS — organized technical events with speakers from Picus Security, Trendyol, Unico Studio and more
- 📫 LinkedIn · yigit.yucel.official@gmail.com
heartbeat-hunter — Statistical C2 Beacon Detection Engine
Detects jittered command-and-control beaconing in network flow data using pure statistics — no signatures, no ML black box. Robust time-series analysis (dominant-cluster CV, MAD, Schuster periodogram), Bayesian composite scoring and graph-based campaign correlation, mapped to MITRE ATT&CK T1071 / T1573.
Evaluated on the CTU-13 botnet dataset: composite scoring improved the first-true-C2 rank in every scenario, and campaign correlation surfaced the real C2 server as rank #1 among 94 candidates in a 10-bot scenario. Ships with CI, tests, a JSON-output CLI for SIEM integration and a Streamlit dashboard.
Python pandas networkx SciPy Streamlit Zeek/NetFlow
sentinel_ai — Local-AI-Assisted Security Testing Tool (2-person team)
Desktop app that turns natural-language prompts into pentest commands via a local LLM (Qwen 2.5 3B / Ollama) and a two-stage intent-resolution pipeline, with a Dockerized backend orchestrating Nmap, Gobuster, Nikto and Hydra. My side: PyQt6 UI, process manager, and the security/privilege layer (pkexec, gated structured command execution, defusedxml).
Python PyQt6 Docker Ollama
Guvenlik-Yardimcisi — Desktop Security Analysis & PII Detection
4-module Windows security suite: cross-view rootkit/hidden-process detection, memory analysis, ADS detection, PII scanning (TCKN, Luhn-validated cards, IBAN) across office documents, and URL reputation via VirusTotal / URLhaus / urlscan.io — behind a weighted risk-scoring and correlation engine.
Python CustomTkinter VirusTotal API
- wazuh-siem-docs — Multi-VM Wazuh SIEM lab (Manager/Indexer/Dashboard, Windows + Linux agents); SSH brute-force simulated with Hydra and detected through Wazuh alerts. Reproducible bilingual guide.
- snort-ubuntu-setup — Snort IDS compiled from source + ClamAV; custom ICMP rules validated, EICAR signature detection confirmed.
- Cryptosteganography — LSB image steganography combined with XOR and AES encryption.
Detection & monitoring: Wazuh · Snort · Zeek · Wireshark · NetFlow analysis · MITRE ATT&CK Analysis: statistical & behavioral detection · C2/beacon hunting · threat intelligence Code: Python (pandas, networkx, PyQt6, Streamlit) · Bash · MATLAB Infra: Linux (Ubuntu, Kali) · Windows · Docker · Git · CI/CD
Currently looking for a cybersecurity internship — SOC, threat hunting, detection engineering or threat intelligence.
