Raw notes in. Professional investigation reports out.
Paste your lab notes, CTF solves, or incident observations. Get a structured report mapped to 9 industry frameworks in under 60 seconds.
How it works
Paste your raw notes
Drop in your unpolished notes from a lab, CTF solve, or live incident — timestamps, IOCs, half-sentences, all of it.
AI maps to 9 frameworks
Your notes become a structured investigation report mapped to ATT&CK, NIST, Kill Chain, D3FEND and five more — in under 60 seconds.
Share your portfolio
Publish reports to your public analyst portfolio and link it from your CV. Proof of work, not just certs.
Example report
Generated from 4 lines of raw notes in 28 seconds
# Investigation Report
Phishing Email with Credential Harvesting Link
Severity: HIGH · Scenario: Phishing/BEC · Status: Contained
## Executive Summary
A spear-phishing email impersonating the IT helpdesk was delivered to 14 users, linking to a credential-harvesting page hosted on a look-alike domain. One user submitted credentials; the account was locked and rotated within 22 minutes of detection. No lateral movement was observed.
## MITRE ATT&CK Mapping
T1566.002 — Phishing: Spearphishing Link
T1078 — Valid Accounts (attempted)
T1056.003 — Web Portal Capture
## Indicators of Compromise
domain · helpdesk-portal-secure[.]com
url · hxxps://helpdesk-portal-secure[.]com/sso/login
email · it-support@helpdesk-portal-secure[.]com
## Containment & Recommendations (NIST 800-61r3)
1. Credentials rotated, sessions revoked, MFA re-enrolled
2. Domain blocked at proxy and added to email gateway denylist
3. D3FEND D3-UAL: user account locking applied org-wide…
— condensed preview · full report includes CVSS scoring, Kill Chain phases, STRIDE and Diamond Model analysis —