🛡️

Security R&D Toolkit

Interactive tools for threat research, exploit development, red team operations, and AI threat hunting. Built for practical security research workflows — most run entirely in-browser; some call Gemini for AI assistance.

🤖

AI Threat Hunt Field Lab — new

Companion apps for the book: AI asset inventory, hypothesis-driven hunt planning, and AI-agent evidence reconstruction. All Gemini-powered.

Enter the Field Lab →
Research & Analysis
🤖 AI
🗂️
MITRE ATT&CK Explorer
Interactive matrix with 14 tactics, 50+ techniques, searchable database, attack chain builder, quiz mode, and AI behavior-to-technique lookup.
ATT&CKInteractiveQuiz
 🤖 AI
🏗️
Threat Modeling Workbench
STRIDE analysis, DREAD scoring, attack tree builder, kill chain mapping, risk matrix — with AI threat suggestion, AI DREAD scoring, and AI attack-tree drafting.
STRIDEDREADKill Chain
 🤖 AI
🤖
AI Security Research Toolkit
LLM attacks, adversarial ML, MITRE ATLAS, OWASP Top 10 for LLMs, AI red team methodology — plus a live attack playground that runs real prompt-injection & jailbreak attempts against Gemini.
AI/MLATLASLLM Security
 🔒 Local
☁️
Cloud Attack Simulator
Azure, AWS, GCP, and hybrid attack paths with step-by-step walkthroughs, detection queries (KQL/CloudTrail), and cross-cloud comparison.
AzureAWSGCP
Offensive Security
🔒 Local
🔬
Reverse Engineering Workbench
PE/ELF format analysis, x86/x64 assembly patterns, malware taxonomy, shellcode analysis, C2 protocols, crypto identification, and YARA rules.
MalwareAssemblyYARA
 🔒 Local
🎯
Red Team Ops Planner
Engagement planning, recon workflows, C2 architecture comparison, payload engineering, evasion techniques, and purple team integration.
Red TeamC2OPSEC
 🔒 Local
💥
Exploit Development Reference
Memory layout, stack/heap exploitation, ROP chains, format strings, kernel exploits, modern mitigations (ASLR/DEP/CFG/CET), and bypass techniques.
ExploitsROPHeap
Threat Intelligence
🔒 Local
📡
APT Reference Database
Profiles of 13+ major APT groups, campaign timelines, vendor naming crosswalks, TTP trends, and threat intelligence workflow references.
APTIntelCrosswalk
 🤖 AI
🔎
APT Investigation Tracker
Active investigation workspace — IOCs, TTPs, infrastructure, Diamond Model, attribution scoring, STIX reports — plus AI IOC triage and AI attribution narrative drafting.
InteractiveDiamond ModelSTIX
Preparation
🤖 AI
🎓
Interview Prep Engine
Timed scenario practice across 6 categories — with AI adaptive scenario generation and AI grading against rubrics.
PracticeTimedRubrics
 🔒 Local
📚
Security Reference Library
Comprehensive cheat sheets — ATT&CK, STRIDE, Windows internals, Active Directory, Kerberos, cloud IAM, Kubernetes, LLM security, and detection engineering.
ReferenceCheat Sheets14 Topics

Privacy at a glance

🔒 Local No data leaves your browser. localStorage only. 🤖 AI Calls Gemini via Firebase AI Logic when you click an AI button. The text you pass in is what gets sent — nothing more.

Source: github.com/casarezaz/Reference-guides