C2 server fingerprinter — Cobalt Strike, Sliver, Mythic, Havoc, Brute Ratel

Analyze an ADS-B feed/CSV for anomalies: callsign spoofing, squawk 7500/7600/7700, and unusual loiter patterns.

Run simple YARA-style string/regex rules over a directory

Deploy a local multi-model LLM fleet (llama.cpp) with an agent harness, hermes memory, and a one-command CLI

Re-identification risk assessment that computes k-anonymity, l-diversity, and HIPAA Safe Harbor compliance on a dataset.

Model-agnostic, portable long-term memory framework for AI agents (MCP-native)

Scan firmware blobs and filesystem dumps for hardcoded private keys, API tokens, default creds, and weak RSA/ECC material.

Audit UEFI firmware dumps for missing Secure Boot keys, unsigned modules, S3 boot-script vulns, and known SMM threats.

MCP server hardening linter — capability declarations, transport, tool descriptions

DISA STIG checker + NIST 800-53 RMF mapper + POAM emitter

FedRAMP boundary visualizer & OSCAL-format SSP/POAM generator

Condensed, cross-walked reference for SOC2, ISO 27001, NIST CSF/800-53/800-171, CMMC, GDPR, CCPA, HIPAA, PCI DSS, EU AI Act

Token and cost counter / budgeter for LLM apps, CI-ready

DISA STIG-aligned osquery configs + RMF mapper

Validate OTA update packages end-to-end: signature chains, rollback protection, anti-downgrade counters, and delta-patch integrity.

AIS vessel tracking & sanctions-evasion anomaly detection

Generate a CycloneDX SBOM directly from an unpacked firmware root filesystem and flag components with known CVEs and EOL kernels.

Sniff and decode BLE GATT traffic, fingerprint device profiles, and assert on insecure pairing/characteristics in CI against a capture.

Diff two firmware images and surface exactly what changed: new binaries, flipped config flags, added certs, and shifted entropy regions.

Spin up a high-interaction Modbus/DNP3 ICS honeypot that logs attacker register reads/writes as structured JSON.