Projects
Things I've built that are big enough to need their own page. For shorter
scripts and one-offs, see the scripts index.
SOC Dashboard
PowerShell · SQLite · KQL · Microsoft Sentinel patterns
Why it exists: Practicing SOC workflows shouldn't require
burning ingest budget against a production Sentinel tenant. The SOC
Dashboard is a self-contained lab environment that mirrors the table
shapes an analyst sees daily.
A PowerShell-based SOC analyst toolkit built around a local SQLite
database loaded with realistic sample logs (DeviceLogonEvents,
DeviceProcessEvents, SecurityAlert, SigninLogs, etc.). Includes a KQL
translator (Invoke-KqlPS), threat-intel enrichment
wrappers (AbuseIPDB, urlscan.io, NIST NVD, Team Cymru, NSRL), MITRE
ATT&CK lookup, and a daily-brief generator.
Browser Lab
JavaScript · SQLite (WASM) · In-browser
Why it exists: Demonstrating that the SOC Dashboard
tools work requires running them. The lab is the set ported to JavaScript
with sample data loaded into in-browser SQLite - no backend needed.
Includes the working KQL playground,
MITRE ATT&CK explorer,
CVE/KEV/EPSS browser, and
visual KQL Builder. All static, no API
calls, no rate-limit risk.
National Cyber League - Fall 2025
CTF · Cyber Skyline platform
Why it's here: Competition outcomes are signal - they
put your skills against a leaderboard with thousands of other analysts
on the same problems.
Diamond 1 Medal (top 97th percentile) in the Fall 2025 Individual Game.
Categories spanned OSINT, cryptography, password cracking, log
analysis, network traffic, scanning, web exploitation, and forensics.
More projects in flight. Check back, or follow the blog
for writeups as they ship.