10 end-to-end security projects — each ships a Python CLI tool and a live browser dashboard. Covers the full spectrum from offensive recon to defensive AI, forensics, and enterprise simulation. All tools are hosted at tools.jasstej.tech.
TCP connect scanner with banner grabbing, subdomain enumeration against a 20-entry wordlist, OS fingerprinting, and high-risk port flagging. Generates JSON and HTML risk reports.
includes: ThreadPoolExecutor port scanner, 31-entry service map, subdomain brute-force, JSON + HTML report generator
7-phase Lockheed Martin Kill Chain simulator mapped to 20 MITRE ATT&CK techniques. OSINT module, credential spray dry-run, persistence and lateral movement references, defense gap analysis.
includes: MITRE ATT&CK mini-matrix (T1595–T1562), OSINT simulation, live detection counter, technique-to-tactic mapper
Host-based intrusion detection with SHA-256/SHA-512 file integrity baselines, a 12-rule detection engine mapped to MITRE ATT&CK techniques, and live process monitoring. Three operational modes: baseline, scan, and monitor.
includes: FIM baseline & diff, regex rule engine with severity levels, 24-hour alert trend chart, process anomaly flagging
SOC honeypot framework that deploys fake credentials, decoy files, and synthetic services as tripwires. Watchdog-monitored with real-time alert feed, threat actor profiling, and webhook integration.
includes: Fake credential generators, watchdog FileSystemEventHandler, 24-bar alert timeline, SOC demo dashboard
Security orchestration engine with JSON playbook execution, alert correlation by IP/asset/pattern, MD5-based deduplication, and 10 pre-built sample incidents. Includes ransomware and brute-force response playbooks.
includes: Playbook step runner (8 action handlers), MTTR metrics, correlation canvas graph, 7-day bar chart, SIEM event feed
AWS security auditor aligned to 20 CIS Foundations Benchmark controls. Audits IAM policies, S3 bucket exposure, and security group ingress rules for critical port exposure (SSH, RDP, databases).
includes: IAM auditor (7 checks), S3 auditor (6 checks), SG auditor, CIS scorecard grid, remediation accordion, canvas donut chart
Isolation Forest ML model trained on network traffic logs with engineered features: bytes_per_second, log_bytes, hour_of_day, business_hours flag, port category, and connection count per hour.
includes: 200-estimator Isolation Forest, Z-score baseline, anomaly scoring 0–100, CSV upload, canvas time-series chart, event feed
Static malware analysis framework with 8 YARA rules covering process injection, ransomware, keyloggers, C2 callbacks, and info stealers. Shannon entropy scoring, PE section parsing, and IOC extraction.
includes: MD5/SHA1/SHA256/SHA512 hashing, string categorization (8 categories), entropy-based packing detection, SubtleCrypto drag-and-drop UI
DFIR platform with evidence timeline construction, chain of custody documentation, volatile artifact collection (processes, network, users, scheduled tasks), auth log and bash history parsing.
includes: Order-of-volatility collector, SHA-256 evidence manifest, CEF-format SIEM events, interactive IR playbook with checkboxes
Purple team simulation built around the "FinCorp International" APT-41 scenario. Runs a 7-phase kill chain against 8 enterprise assets with 10 configurable security controls and maturity sliders.
includes: Ensemble detection model P = 1 − ∏(1 − Pᵢ), APT evasion (35%), risk scoring (likelihood × impact), SIEM CEF event feed, executive summary canvas ring, MITRE ATT&CK heatmap