codeworld
For CI cyber, TSCM, and forensics work. Built because I kept re-Googling the same things.
Hashes, subnets, timestamps, JWT, certs, regex, packet decode — plus a push-token identifier. All local. Several have a single-file Python version you can download.
Live Python, JavaScript, Go, Ruby, and Bash execution. Pre-loaded with cyber-relevant snippets.
Search operators, username and email enum, image / social / infra workflows — plus a sock-puppet OPSEC playbook and 5 investigation workflows that tie tools together.
Recon → AD → reporting. Metasploit, web-app testing, password attacks, post-exploit, AD attack chains.
PE structure, static analysis workflow, packer signatures, YARA, C2 beacon patterns, evasion techniques, family reference.
Ports with security notes, Wireshark display filters, Nmap reference, protocol quick-ref (DNS, HTTP, TLS, ICMP, ARP, SMB), attack signatures.
Windows · Linux · macOS artifact paths, registry hives, execution evidence, memory workflow, tool cheat sheets.
AWS · Azure · GCP services, audit-log events, IAM attack paths, K8s chains, storage misconfigs. The cloud-IR runbook is the part I actually reach for.
iOS + Android paths, acquisition, SQLite, ADB. Plus the artifacts AXIOM / Cellebrite extract but don't identify — push tokens, app groups, install attribution, notification cache.
Frequency reference, path-loss math, sweep methodology — written around the TSCM workflow I use, not generic SDR tutorial stuff.