Browser Lab

Security tools that run in your browser. Most of this started life inside my SOC Dashboard and got ported to JavaScript so you can try it without a Sentinel tenant. Some of it is polished, some of it is still rough. I keep building on it.

Interactive Tools you drive yourself.

Live data Auto-refreshing pages backed by current feeds.

KQL Tools

Query authoring, guided practice, and reusable hunts built around the same Sentinel-shaped sample data.

KQL Playground

Interactive

Hand-written KQL engine running against a WASM SQLite. Type a query, hit Run, and inspect the result set entirely client-side.

kqlsql.jswasmjavascript

KQL Practice

Interactive

Thirty graded KQL questions, easy to hard. Canonical answers are validated against the same query model used elsewhere in the lab.

kqlpracticegradedindexeddb

KQL Builder

Interactive

Visual query builder for table selection, filters, output columns, and summarize patterns, with save/load support in the browser.

kqlvisual-builderjavascript

KQL Templates

Interactive

Searchable browser shell for the public KQL hunt catalog. Search, expand, copy, and send templates into the rest of the lab.

kqlcataloghunting

Live Data

Pages backed by current threat telemetry that refresh without a full site rebuild.

Live Threat Feed

Live data

Real-time SSH honeypot data from a residential research network: top attackers, geo map, recent activity, credentials, and sharing metrics.

cowriehoneypotsshgeo

Data sharing

SSH honeypot observations powering the Live Threat Feed are reported to AbuseIPDB and AlienVault OTX so other defenders can pivot on the same indicators.

Source: github.com/brycemaxheimer/cybersecurity-portfolio