Browser Lab

Interactive security tools running entirely in your browser. Pieces of my SOC Dashboard project ported to client-side JavaScript so visitors can poke at them without touching a real Sentinel tenant or burning my API quotas.

How this works. Where possible, tools run fully in your browser — data is bundled with the page or fetched once on load. For tools that ordinarily depend on rate-limited third-party APIs (threat intel lookups), I ship a recorded walkthrough instead of live calls. The CVE/KEV/EPSS browser is backed by a snapshot of the public feeds, refreshed on a schedule.

Live tools

KQL Playground

Live

Hand-written KQL engine running against a WASM SQLite. Sixteen Sentinel-shaped sample tables baked in. Type a query, hit Run, see results. Supports the most common ~80% of operators — where, summarize, extend, top, join-free for now.

kqlsql.jswasmjavascript

MITRE ATT&CK Explorer

Live

Browse Enterprise ATT&CK techniques, sub-techniques, threat groups, software, and mitigations. Search by ID / name / detection text, filter by tactic and platform, jump between cross-references. STIX bundle slimmed at build time.

mitreattackstixjavascript

CVE / KEV / EPSS Browser

Live

Browse the CISA Known Exploited Vulnerabilities catalog with FIRST EPSS scores attached. Filter by vendor, ransomware-linkage, EPSS minimum, recency. Snapshot shipped with the page; refresh manually via refresh-feeds.ps1.

cvecisa-kevepsskev

KQL Builder

Live

Visual query builder — pick a table, time range, filters, output columns; emit live KQL. Save & load named queries via local browser storage. "Send to playground" passes the query straight to the engine.

kqlvisual-builderjavascript

KQL Templates

Empty catalog

Browser shell for a curated catalog of pre-built KQL hunts. Search, click to expand, copy or send to the playground. Shape is wired up; entries land in /lab/templates/data.json later.

kqlcataloghunting

Coming next

Threat Intel Walkthrough

Recording pending

Mocked-up UI of the threat-intel module (AbuseIPDB, urlscan.io, NIST NVD, Team Cymru, NSRL) backed by a recorded walkthrough rather than live API calls. Lets visitors see the workflow end-to-end without hitting any rate limits.

abuseipdburlscannvdrecording

Why a "lab"?

Most security portfolios show screenshots of dashboards. Screenshots prove nothing — anyone can take a screenshot. The lab is here so you can actually use the tooling. Type real KQL against real data. Click into a MITRE technique and see the data sources, mitigations, and threat groups that use it. Try to break things.

Every tool is fully static (no backend, no analytics, no telemetry). Where a tool would ordinarily need a server, I either bake the data in at build time or show you a recording — both are honest about what's happening.

Source: github.com/brycemaxheimer/cybersecurity-portfolio