Projects

Most Entra ID tenants accumulate years of app registrations and enterprise applications that nobody owns, audits, or cleans up. Enterprise-Zapp scans your tenant read-only, scores each app for security risk, and produces an actionable report showing exactly where to start.

• Risk scores each app 0–100 with Critical / High / Medium / Low classification
• Outputs self-contained HTML reports, CSV exports, and optional PDF for audits
• Device code flow authentication with no stored credentials. Read-only by design.

AI-generated phishing partially standardizes linguistic quality, removing one of the most common detection signals. Threat Terminal tests whether humans can still detect phishing when the writing is always polished. Every card in the game, phishing and legitimate alike, is AI-generated. Players classify emails in a retro terminal interface, bet confidence on their answer, and receive forensic signal breakdowns after each session. Over 100 participants have contributed to a published study protocol (Zenodo, doi:10.5281/zenodo.19059296) and addendum (doi:10.5281/zenodo.19156047) examining which phishing techniques humans miss most.

• 1,000-card dataset: 690 phishing across 6 techniques (urgency, authority impersonation, credential harvest, hyper-personalization, pretexting, fluent prose) and 310 legitimate. Built with Next.js, Supabase, Upstash Redis, and Claude API for card generation.
• Forensic signals revealed after each session: SPF/DKIM/DMARC status, reply-to mismatches, send timing analysis, URL inspection, attachment name analysis
• Research Mode collects pseudonymous telemetry per answer (technique, correctness, confidence, timing, forensic tool interaction, scroll depth) and optional self-reported professional background. No PII stored in research tables.

Threat intelligence is dense, technical, and easy to ignore. Packaging it as a tarot deck does not change the data, it changes whether people actually engage with it. Every card is a real adversary group drawn from MITRE ATT&CK. The TTPs, targets, defensive controls, and kill-chain mappings are factual and sourced. The arcane aesthetic is just harder to scroll past.

• 78 cards mapped to tarot structure: Major Arcana (iconic APTs), Swords (espionage), Wands (destruction), Cups (social engineering), Pentacles (financial crime)
• 418 TTP entries across 97 unique technique IDs covering all 14 MITRE ATT&CK Enterprise tactics. ATT&CK Navigator layer export and markdown threat briefs included. Sourced from MITRE ATT&CK, CISA, Mandiant, CrowdStrike, Kaspersky, and Citizen Lab.
• Daily card, three-card spread, adversary comparison with shareable URL, technique explorer, defense index, and sector intelligence. Download portrait card images or share directly to X and LinkedIn. Procedural sound effects via Web Audio API.