C2 server fingerprinter — Cobalt Strike, Sliver, Mythic, Havoc, Brute Ratel

Scan firmware blobs and filesystem dumps for hardcoded private keys, API tokens, default creds, and weak RSA/ECC material.

Audit UEFI firmware dumps for missing Secure Boot keys, unsigned modules, S3 boot-script vulns, and known SMM threats.

DISA STIG-aligned osquery configs + RMF mapper

Generate a CycloneDX SBOM directly from an unpacked firmware root filesystem and flag components with known CVEs and EOL kernels.

Re-identification risk assessment that computes k-anonymity, l-diversity, and HIPAA Safe Harbor compliance on a dataset.

DISA STIG checker + NIST 800-53 RMF mapper + POAM emitter

MCP server hardening linter — capability declarations, transport, tool descriptions

Replay, fuzz, and assert on CAN bus traffic from a .pcap or SocketCAN interface with a tiny YAML DSL.

AIS vessel tracking & sanctions-evasion anomaly detection

Validate OTA update packages end-to-end: signature chains, rollback protection, anti-downgrade counters, and delta-patch integrity.

Diff two firmware images and surface exactly what changed: new binaries, flipped config flags, added certs, and shifted entropy regions.

Sniff and decode BLE GATT traffic, fingerprint device profiles, and assert on insecure pairing/characteristics in CI against a capture.

Spin up a high-interaction Modbus/DNP3 ICS honeypot that logs attacker register reads/writes as structured JSON.

Model your sales pipeline as a YAML state machine and compute conversion rates, stage velocity, and weighted forecast straight from CRM exports.

Summarize flows/talkers/protocols from a pcap text export

Self-hosted password cracking queue — multi-user hashcat with audit log

Validate FHIR R4/R5 resources and bundles against profiles (US Core, etc.) with precise, line-level error reporting.

Breaking-change detector for OpenAPI / GraphQL across commits

Replays a tx or address history to attribute sandwich, frontrun, and backrun MEV extraction with per-trade loss accounting.