Projects
Things I've built that are big enough to need their own page. For shorter
scripts and one-offs, see the scripts index.
SOC Dashboard
PowerShell · SQLite · KQL · Microsoft Sentinel patterns
Why it exists: Practicing SOC workflows shouldn't require
burning ingest budget against a production Sentinel tenant. The SOC
Dashboard is a self-contained lab environment that mirrors the table
shapes an analyst sees daily, so you can drill on hunting queries and
triage flow without touching real data.
A PowerShell-based SOC analyst toolkit built around a local SQLite
database loaded with realistic sample logs (DeviceLogonEvents,
DeviceProcessEvents, SecurityAlert, SigninLogs, etc.). Includes a KQL
translator (Invoke-KqlPS), threat-intel enrichment
wrappers (AbuseIPDB, urlscan.io, NIST NVD, Team Cymru, NSRL), MITRE
ATT&CK lookup, and a daily-brief generator that synthesizes
CVE/KEV/EPSS movement.
Browser-based KQL engine
JavaScript · SQLite (WASM) · In-browser
Why it exists: Demonstrating that the SOC Dashboard's
KQL translator works requires running it. This is the engine ported to
JavaScript with sample tables loaded into an in-browser SQLite — no
backend needed.
Visitors can type KQL queries against canned sample log tables and see
results immediately. Same translation logic as the PowerShell
Invoke-KqlPS module, just running entirely client-side.
Useful for showcasing the engine without asking visitors to download
and run anything.
Status: shell published; engine porting in progress.
National Cyber League — Fall 2025
CTF · Cyber Skyline platform
Why it's here: Competition outcomes are signal — they
put your skills against a leaderboard with thousands of other analysts
on the same problems.
Diamond 1 Medal (top 97th percentile) in the Fall 2025 Individual Game.
Categories spanned OSINT, cryptography, password cracking, log
analysis, network traffic, scanning, web exploitation, and forensics.
More projects in flight. Check back, or follow the blog
for writeups as they ship.