What's New

Version history and updates for SUDOSOC Toolbox.

v1.21.0 July 11, 2026 Latest
  • NEWInterview Prep flashcard mode — toggle button flips the Q&A list into a single-card study view with Reveal Answer, Prev/Next navigation, Shuffle, Restart, and a progress bar. Answer resets on every card advance.
  • IMPROVESidebar Recents & Favorites pinned sections — last 5 used tools appear under a "Recent" section; favorited tools appear under a "Favorites" section above the category list. Fav star added to each tool header; all persisted in localStorage.
  • IMPROVESidebar category count badges — each category button now shows the number of tools it contains.
  • IMPROVECopy-output button added to every tool panel header — one click copies the tool's rendered output to clipboard.
  • IMPROVEHomepage hero updated: tightened headline copy, micro-tags trimmed to 3 essentials (141 Tools · Zero Telemetry · Offline-First), third CTA now links to Glossary.
  • IMPROVETheme init respects OS dark/light preference on first visit — no longer defaults to dark if the OS prefers light.
  • IMPROVEGlossary A-Z jump nav — alphabet strip renders above the terms list; letters with no entries are disabled. Nav hides automatically when a search query is active.
  • IMPROVECareer roadmap progress tracking — checkbox per step, progress bar per roadmap, crProgress persisted to localStorage, per-roadmap Reset button, completed steps shown with strikethrough + green number.
  • IMPROVEQuiz personal best — qzBestScore persisted to localStorage; shown in results as "Personal best: X%" with "New record!" tag when beaten.
  • IMPROVENav: Info dropdown removed — About and Changelog promoted to standalone links, decluttering the top nav. Mobile menu updated to match with standalone links replacing the accordion section.
  • IMPROVEMobile nav section icons replaced with inline SVGs — removed emoji fallbacks for consistent rendering across OSes.
  • IMPROVEProse line-length capped at 72ch on glossary definitions, interview Q&A answers, and career step descriptions for better readability.
  • IMPROVEPrint stylesheet added — nav/UI chrome hides, collapsed sections expand, page-break-inside avoided on cards.
  • FIXCategory color collision: data (JSON & Data) was sharing #3b82f6 with soc. Data category updated to indigo #6366f1.
  • IMPROVESW update toast — when a new Service Worker takes control, a non-blocking toast notifies the user to reload for the latest version.
  • IMPROVEURL search passthrough — ?q= query param opens the Command Palette pre-filled with the search term on page load.
  • INFRAService Worker bumped to sudosoc-v1.21.0.
v1.20.0 July 11, 2026
  • IMPROVESkip-to-content accessibility link added to every page via nav.js — visible on keyboard focus, links to the first main content region. Skip-link CSS added to style.css.
  • IMPROVE404 page completely rebuilt — branded page with nav, theme toggle, 6-link quick-navigation grid, and Back to Home / Open Tools actions. Replaces the previous bare meta-refresh redirect.
  • FIXSEO: attack-path.html, c2-architect.html, redteam-log.html, rf.html — added missing canonical, Open Graph, and Twitter Card meta tags. rf.html also got theme-color.
  • FIXSEO: theme-color meta added to 8 pages that were missing it: career, certs, glossary, interview, quiz, shortcuts, threats, attack-chain.
  • IMPROVENav dropdown descriptions updated with accurate counts — Interview Prep (200+ Q&A), Security Quiz (60+ questions), Glossary (300+ terms).
  • INFRAService Worker bumped to sudosoc-v1.20.0.
v1.18.0 June 24, 2026
  • NEWRF & SDR Vault (rf.html) — offline reference for Software Defined Radio. Covers HackRF One, BladeRF, RTL-SDR, Flipper Zero, Proxmark 3, ALFA AWUS036ACH. Includes 24+ frequencies table, GNU Radio/GQRX/URH/Aircrack-ng software reference, full HackRF command cheat sheet, ALFA Wi-Fi attack commands, 13 protocol security breakdowns, and 10 attack techniques with step-by-step guides.
  • NEWSigma Builder AQL output — QRadar Ariel Query Language tab added to the Sigma rule builder. Converts Sigma detection fields to LOGSOURCETYPENAME(devicetype), LOWER() pattern matching, and LAST 24 HOURS scoping. First offline Sigma→QRadar converter.
  • NEWMITRE Log Simulator (soc.js) — select any of 11 ATT&CK techniques (T1059.001 through T1071.004), generate randomized realistic Windows Event Logs or Linux syslog entries to test SIEM detection rules. Every click produces unique PIDs, hosts, users, IPs.
  • NEWLinux Artifact Reference (forensics.js) — 55+ artifacts across 8 categories (Logs, Shell & History, Cron, SSH, Network, Process/Memory, Users & Auth, Config). Same UX as the Windows Forensic Artifacts reference — click any path to copy.
  • NEWOffline Mode Indicator — fixed badge at bottom-right shows green ONLINE (auto-hides after 2.8s) or persistent red OFFLINE. Driven by navigator.onLine + browser online/offline events in app.js.
  • IMPROVEGlobal Command Palette (Ctrl+K) now searches all 19 pages in addition to tools. Pages appear under a "Pages" section label when a query matches — navigate the entire platform from the keyboard.
  • INFRAService Worker bumped to v1.18.0. rf.html added to offline cache.
v1.17.0 June 24, 2026
  • FIXGlobal navbar overlap: added padding-top: var(--nav-h) to body so all page content starts below the fixed 56px nav on every page — no more hidden headings.
  • IMPROVENav restructured: replaced single "More" mega-dropdown with 3 independent top-level dropdowns — 🛡 Blue Team (ATT&CK Navigator, Sigma Builder, Threat Intel, Shortcuts), ⚔️ Red Team (Attack Chain, Attack Path, C2 Architect, Red Team Log), 📚 Learn (Career, Certs, Interview, Quiz, Glossary). Clicking one closes the others.
  • IMPROVEMobile menu replaced with collapsible accordion: Blue Team, Red Team, and Learn sections collapse/expand independently — no more scrolling through 19 flat links.
  • INFRAService Worker bumped to v1.17.0. All 19 HTML pages updated with new accordion mobile menu.
v1.16.0 June 24, 2026
  • NEWPage: Attack Path Mapper (attack-path.html) — interactive canvas for mapping AD lateral movement. 6 node types (Workstation, Server, DC, User, Admin, Service Account), 6 edge types (Pass-the-Hash, Kerberoasting, RDP, WMI/PSExec, AS-REP, Custom). Drag nodes, click edges to cycle type, export Markdown/Mermaid/CSV. LocalStorage persistence.
  • NEWPage: C2 Infrastructure Architect (c2-architect.html) — visual pipeline builder. Add components (Victim, CDN, Nginx, HAProxy, Team Server, Phishing), configure each, and generate ready-to-paste Nginx config, HAProxy config, CDN setup guide, and OPSEC checklist (14 items, risk-rated High/Med/Low).
  • NEWPage: Red Team Operations Log (redteam-log.html) — real-time engagement logger. Log steps with timestamp, MITRE ATT&CK technique (autocomplete from 80+ techniques), phase, target, outcome, tool, notes, and evidence. Filter, edit, and generate a full professional report as Markdown or styled HTML. LocalStorage persistence.
  • IMPROVENav "More" dropdown reorganized into 3 labeled sections: Offensive (6 tools, red), Learning (5 pages, amber), Reference (2 pages, blue) — replaces the old Study / Lab split.
  • INFRAService Worker bumped to v1.16.0. Mobile menu updated across all 19 pages to include Attack Path Mapper, C2 Architect, and Red Team Log.
v1.15.0 June 24, 2026
  • NEWPage: MITRE ATT&CK Navigator (mitre-nav.html) — full offline Enterprise v14 matrix with 14 tactics and 101 techniques. Click cells to cycle coverage state (Detected / Blocked / N/A), search by name or ID, view detection hints and linked playbooks in a detail panel, export coverage as Markdown or JSON. State persists in localStorage.
  • NEWPage: Sigma Rule Builder (sigma-builder.html) — visual form editor that generates Sigma YAML and converts it live to Splunk SPL, Elastic KQL, and Microsoft Sentinel KQL. Includes 8 pre-built detection templates (failed logon, PowerShell obfuscation, process injection, lateral RDP, scheduled task, DNS tunneling, shadow copy deletion, LOLBin execution).
  • INFRAService Worker bumped to v1.15.0 — forces cache invalidation for all returning users and adds mitre-nav.html and sigma-builder.html to the offline asset list.
v1.14.2 June 24, 2026
  • FIXNav: Security Quiz, Cert Guides, and Attack Chain now appear in the desktop "Learn" dropdown and in the mobile hamburger menu on every page.
v1.14.1 June 23, 2026
  • NEWPage: Attack Chain Visualizer (attack-chain.html) — interactive MITRE ATT&CK kill chain builder with canvas drag-and-drop nodes across all 14 tactics, 4 scenario templates (ransomware, APT, insider threat, web shell pivot), and SVG/Markdown export.
  • NEWPage: Cert Study Guides (certs.html) — structured offline study content for Security+, CEH, OSCP, CISSP, CySA+, and eJPT. Domain breakdowns with weights, exam tips, resource lists, and interactive study checklists with localStorage progress tracking.
  • NEWTool: CTF Writeup Archive (ctf.js) — template generator for 6 CTF categories and 25+ subtypes. Includes technique tips library, challenge detail form, and one-click Markdown export with download.
  • NEWTool: BLAKE2b Hash (hashing.js) — pure-JS RFC 7693 implementation. Supports BLAKE2b-256 and BLAKE2b-512 with optional key for MAC mode.
  • FIXTool: YAML Viewer → upgraded to YAML ↔ JSON Converter (bidirectional). Added pure-JS JSON→YAML serializer supporting nested objects, arrays, and all primitive types. Tool id changed from yaml-viewer to yaml-json.
  • FIXTool: QR Code Generator — replaced non-functional simplified visual with a complete spec-compliant implementation: GF(256) Reed-Solomon ECC, all 8 mask patterns with penalty scoring, ISO/IEC 18004 format info table, alignment patterns for v2+, and proper zigzag data placement. QR codes now scan correctly.
  • IMPROVEDownload Output — wired up download buttons on Pentest Report, Bug Bounty Report, Incident Timeline export, and CSV/JSON output. Click to save as .md or .csv.
  • INFRAService Worker cache updated to include attack-chain.html and certs.html.
v1.14.0 June 23, 2026
  • NEWCategory: Cloud Security (cloud.js) — 5 tools: AWS ARN Parser/Builder, IAM Policy Analyzer (wildcard/privilege-escalation detection), Cloud Metadata SSRF Reference, Kubernetes RBAC Reference, CIS Cloud Security Checklist
  • NEWCategory: OSINT Toolkit (osint.js) — 6 tools: Username Format Generator (30+ variations), Domain Variation Generator (typosquatting/homoglyphs), Email Pattern Builder, OSINT Framework Reference, Google Dork Builder, Phone Number Normalizer
  • NEWCategory: Mobile Security (mobile.js) — 5 tools: Android Permission Reference (risk-rated), ADB Command Builder, Frida Script Templates (SSL bypass/root detection/crypto logging), SSL Pinning Bypass Techniques, OWASP MASVS Checklist
  • NEWCategory: Reporting Templates (reporting.js) — 5 tools: Pentest Report Generator, Bug Bounty Write-up Generator, Vulnerability Advisory Generator, Incident Post-Mortem Report, 5×5 Risk Matrix with CSV export
  • NEWCategory: AI / LLM Security (aillm.js) — 5 tools: Prompt Injection Payloads (14 techniques), OWASP LLM Top 10 2025 Reference, AI Security Checklist (31 controls), RAG Attack Techniques (8 methods), LLM Red Team Prompt Builder
  • NEWTool: CVSS v4.0 Calculator — full base + threat metrics, EQ macrovector lookup scoring, severity badge, vector string generator and copy. Implements FIRST CVSS v4.0 spec.
  • NEWTool: KQL / SPL Query Library — 16 ready-to-use queries (10 KQL, 6 SPL) across Authentication, Execution, Persistence, Network, and Threat Intel categories. Filterable by type and category with search.
  • NEWTool: Incident Timeline Builder — add timestamped events with severity/category/source, color-coded timeline view, delete events, export as Markdown table or CSV.
  • NEWTool: JWT Builder/Signer — HS256/HS384/HS512 signing via SubtleCrypto, editable header/payload JSON, base64url-encoded output with one-click copy.
  • NEWTool: SAML Assertion Decoder — decodes Base64-encoded SAML or raw XML, extracts Issuer, Subject, Audience, Conditions, and Attributes into a structured view.
  • NEWTool: CSV ↔ JSON Converter — bidirectional conversion, handles quoted fields with embedded commas, first-row-as-header toggle.
  • NEWTool: Hash Cracker (Offline) — dictionary attack against MD5/SHA-1/SHA-256/SHA-512 using built-in ~500-word list + variants + custom words. Pure JS, zero network requests.
  • NEWTool: Wireshark Filter Cheatsheet — searchable display filter reference across Protocol, Application, Anomaly, Filtering, and Timing categories with one-click copy.
  • NEWTool: SHA-3 / CRC32 — pure-JS Keccak implementation for SHA3-256 and SHA3-512, plus CRC32 with polynomial lookup table; supports text and hex input.
  • NEWTool: SSRF / XXE / File Upload Bypass / Open Redirect / Deserialization Payload Libraries — 5 new payload reference tools in the Web Security category.
  • NEWTool: Docker Command Builder — visual builder for run/build/exec/network/volume/compose commands with live preview and copy.
  • NEWTool: HTTP Request Builder — build requests visually, generates curl / Python requests / JavaScript fetch snippets with custom headers, auth presets, and body types.
  • NEWTool: QR Code Generator — offline Canvas-based QR generation for Text/URL, Wi-Fi credentials (WIFI: format), and vCard contacts. Download PNG or copy image.
  • IMPROVEUX: Share Tool State — "Share State" button on every tool header encodes all input values into the URL hash; paste the link to restore exact state.
  • IMPROVEUX: Tool Tabs — up to 6 recently opened tools appear as a tab bar above the workspace; click to switch, × to close, "Clear tabs" to reset.
  • INFRAService Worker bumped to sudosoc-v1.14.0; cloud.js, osint.js, mobile.js, reporting.js, aillm.js, and quiz.html added to offline cache ASSETS.
  • IMPROVEHomepage stats updated: 150+ tools across 16 categories.
v1.12.0 June 23, 2026
  • NEWTool: URL Analyzer — full URL parsing with component breakdown, 30+ tracking parameter detection (utm_*, fbclid, gclid), 10 suspicious pattern checks (XSS, SQLi, path traversal, Punycode, homograph), clean URL generator
  • NEWTool: Email Header Analyzer — multi-line folded header parser, relay hop timeline, SPF/DKIM/DMARC authentication results, 7 spoofing indicators, Reply-To domain mismatch detection
  • NEWTool: CVE Lookup (Offline) — 40+ high-impact CVEs (2017–2025) with CVSS scores, EPSS %, KEV badges, vendor/product/severity filters, expandable detail cards with patch guidance
  • NEWTool: Shellcode Encoder — parses \xNN/0xNN/space-hex formats, XOR obfuscation with 0x00–0xFF key, 8 output formats (C array, Python, PowerShell, Rust, Go, C#, raw hex, bash echo), language-specific XOR decoder stubs
  • NEWPage: Career Roadmaps (career.html) — 4 interactive roadmaps (SOC Analyst, Penetration Tester, DFIR Analyst, Cloud Security Engineer) with phased steps, certifications, tools, and practice platforms
  • NEWPage: Security Glossary (glossary.html) — 100+ cybersecurity terms with searchable definitions, category filters (SOC, Malware, Network, Pentest, Forensics, Cloud, Crypto), expandable accordion entries
  • NEWPage: Interview Prep (interview.html) — 35+ Q&A entries across General, SOC, Pentest, DFIR, and Cloud roles with detailed answers and interviewer tips, filterable by role and difficulty
  • NEWPage: Threat Intelligence (threats.html) — curated reference of 50+ TI feeds/sandboxes/OSINT/malware repos/frameworks with descriptions and APT group table (12 major groups)
  • NEWPage: Keyboard Shortcuts (shortcuts.html) — complete shortcut reference with platform detection (Mac/Windows), G+key navigation shortcuts, tool-page and playbook shortcuts
  • NEWPlaybooks: 4 new runbooks — Cloud IR (AWS/Azure), Supply Chain Compromise, Zero-Day Response, Mass Phishing Campaign — bringing total to 19 runbooks across 5 categories
  • INFRAService Worker bumped to sudosoc-v1.12.0; 5 new HTML pages added to offline cache ASSETS array — all new content works fully offline
  • IMPROVEHomepage stats updated: 90+ tools, 19 incident runbooks — reflecting all new additions
v1.11.0 June 22, 2026
  • NEWPlaybooks complete rebuild: 15 runbooks across 5 categories — Incident Response (7), Threat Hunting (3), SOC Operations (3), DFIR (2), Penetration Testing (2)
  • NEWPlaybooks slide-in detail drawer: click any card to open a full-height panel from the right with smooth cubic-bezier animation, backdrop blur, and keyboard Escape to close
  • NEWPlaybooks step timeline: numbered circle nodes with connecting vertical line, per-step action icons (🔍🔌💾🔬📊🚫🛡️📋🔒🌐💻📢✅) indicating the type of action each step requires
  • NEWPlaybooks NIST phase flow in drawer header: Detection → Analysis → Containment → Eradication → Recovery → Post-Incident breadcrumb per playbook
  • NEWPlaybooks: category filter tabs (All / IR / Threat Hunting / SOC Ops / DFIR / Pentest), color-coded per category (IR=red, Hunt=purple, SOC=blue, DFIR=violet, Pen=orange)
  • NEWNew playbooks: DNS Anomaly Hunt, Lateral Movement Hunt, LOLBins Hunt, Alert Triage Workflow, SIEM Rule Tuning, SOC Shift Handover, Memory Forensics Workflow, Log Timeline Reconstruction, External Recon, Active Directory Enumeration
  • IMPROVEAbout page projects section updated: 6 real GitHub repos (portman, SUDOSOC-ENV, SHF, SUDOSOC-C2, CharityHub, sudosoc) — each card links directly to the GitHub repository
  • IMPROVEAbout page profile photo: click to open full-size lightbox with backdrop blur, scale-in animation, Escape key and backdrop click to close
  • IMPROVETools workspace empty state: Browse by Category grid auto-populates with category cards showing icon, name, and live tool count from ToolRegistry
v1.10.2 June 22, 2026
  • IMPROVEAbout page full redesign: real profile photo with animated gradient ring + scan line, hero layout with open-to-work status badge, 4 experience pillars (IT Infrastructure, SOC Operations, Security Automation, Academic), complete professional bio
  • IMPROVEAbout page tech stack section: 5 color-coded groups (Security Operations/blue, Tools & SIEM/cyan, IT & Systems/orange, Languages/green, Methodologies/purple) with accent chip tags
  • IMPROVEAbout page projects section: SUDOSOC Toolbox (Live), Sudosoc-ENV Pro (Archived), SUDOSOC-HUB (In Progress) with status badges and role-color accents
  • IMPROVETools page workspace empty state redesigned: terminal window UI with macOS-style dots, tool stats bar, 17 quick-access pills color-coded by category (cyan/amber/sky/blue/purple/orange/green), keyboard shortcut hints
  • IMPROVEPlaybooks page full visual identity redesign: per-incident color system (phishing=amber, ransomware=red, brute force=orange, exfil=purple, malware=dark-red, insider=blue, DDoS=cyan) — colored left border, icon background, step numbers
  • NEWPlaybooks: NIST 800-61 phase banners (Detect → Contain → Eradicate → Recover → Post-Incident) and per-step phase tags on all 6 playbooks
  • NEWPlaybooks: filter bar (All / Critical / High / Medium / Sensitive) + Expand All / Collapse All toggle
  • IMPROVEPlaybooks: severity badges redesigned with pulsing dot indicator for CRITICAL, step count per card, command blocks now show colored left border matching incident type
v1.10.1 June 22, 2026
  • NEWTool: HTTP Status Code Reference — searchable table of all 1xx–5xx HTTP status codes with descriptions, security context, and per-class color filter buttons (developer category)
  • NEW6 new YouTube channels: OALabs (malware RE), MalwareTech (Windows internals), SANS Institute (DFIR webcasts), Seytonic (news/privacy), IntelTechniques (OSINT/FBI), Red Team Notes (AD ops) — new Malware Analysis & Threat Research section
  • NEW6 new CTF/lab platforms: Google CTF, DreamHack, NahamCon CTF, ASIS CTF, pwn.gg (writeup aggregator), Crackmes.one (binary books section)
  • NEWCareer Roadmaps redesigned: 6 flat cards → full roadmap-card layout with colored top bar, emoji, numbered steps, cert tags (SEC+/PNPT/OSCP/GCFA/GREM/BTL1/eJPT), footer goals. Added 7th path: Cloud Security Engineer
  • IMPROVEVisual identity system applied site-wide: all category headers color-coded by role (blue=SOC, red=Red Team, purple=DFIR, green=CTF, orange=Web, cyan=OSINT, amber=certs) with matching left-border accents on every resource card
  • IMPROVEHomepage cat-cards now show role-appropriate left-border colors (encoding=cyan, crypto=purple, hashing=amber, networking=sky, web=orange, SOC=blue, forensics=purple, IR=red) with icon color inheritance
  • IMPROVEUse-case cards now have colored top borders + role-tinted labels and arrow indicators per security role (SOC=blue, Red Team=red, DFIR=purple, Bug Bounty=orange, CTF=green, Learning=amber)
v1.10.0 June 22, 2026
  • NEWTool: Base Converter — convert numbers between Binary, Hexadecimal, Decimal, and Octal instantly with live bidirectional sync across all four fields (encoding category)
  • NEWTool: Unix Timestamp Converter — convert Unix timestamps (seconds or ms) to UTC, local time, ISO 8601, and relative time; also accepts datetime-local input and a "Now" button (developer category)
  • NEWTool: OSINT Dork Builder — generate targeted search dorks for Google, Shodan, GitHub, Censys, Wayback Machine, AbuseIPDB, and more; supports 6 target types: domain, IP, email, username, person, organization (SOC category)
  • NEWResources — 12 additional YouTube channels: Mental Outlaw, zSecurity, VbScrub, Alh4zr3d, IppSec LIVE, Guided Hacking, Security Now, Darknet Diaries, OWASP Foundation + new OSINT & Privacy category section
  • NEWResources — 12 additional free lab platforms: Nightmare (pwn book), Exploit.Education, Reversing.kr, Crackmes.one, Malware Traffic Analysis, VirusTotal, ANY.RUN, Shodan, CTFlearn, HTB Starting Point + new OSINT & Binary Exploitation book categories
  • IMPROVEHomepage enterprise redesign — new Trust Bar, Platform Overview (3-pillar cards), Use Cases section (6 role cards: SOC/Pentest/DFIR/BugBounty/CTF/Student), expanded Features grid (6 cards), CTA banner, and enhanced footer with 6-column links
  • IMPROVEStats updated to 85+ tools, 35+ YouTube channels, 30+ free lab platforms — all resource cards now fully clickable (channels, labs, courses) with direct links to each platform
  • IMPROVECourse table: all certification names now link directly to official provider pages (ISC2, CompTIA, Coursera, INE, TCM Security, Offensive Security, GIAC, ISACA, HackTheBox, PortSwigger, EC-Council, Altered Security)
v1.9.0 June 21, 2026
  • NEWResources — YouTube Channels section: 17 curated cybersecurity channels grouped by specialization (Blue Team & Defensive, Red Team & Pentest, CTF & Binary Exploitation, Certifications & Beginner, Conferences & Research)
  • NEWResources — Courses & Certs section: 20+ certifications and courses with level (Beginner→Advanced→Management), provider, cost, duration, and what you learn — plus 6 career roadmaps (SOC, Pentest, DFIR, Bug Bounty, CTF, Malware RE)
  • NEWResources — Free Labs & CTF section: 20+ platforms grouped by category (All-Around, Blue Team, Web Security, Binary Exploitation, Cryptography, CTF Competition) with free tier details and difficulty indicators
  • IMPROVEResources — complete platform redesign with section switcher navigation (Cheat Sheets | YouTube Channels | Courses & Certs | Free Labs & CTF), URL hash routing for each section, and search bar scoped to active section
  • IMPROVEResources — hero description and SEO meta tags updated to reflect the expanded reference library scope (channels, courses, labs in addition to cheat sheets)
v1.8.0 June 21, 2026
  • IMPROVELinux — added Privilege Escalation Checklist (SUID/sudo/capabilities/cron), SSH tunneling & key management, Package Management reference, and Bash IR one-liners section
  • IMPROVENmap — added Practical Pentest Scan Workflow (7-step methodology) and Service-Specific NSE Scripts (SMB, RDP, MySQL, MSSQL, SSH, HTTP, SMTP, SNMP, LDAP, VNC)
  • IMPROVEWireshark — added Malware Traffic Patterns (C2 beaconing, DNS tunneling, web shells), Credential & Data Extraction filters, and Analysis Shortcuts reference
  • IMPROVEWeb Security — added XXE Injection payloads, SSRF Payloads & Bypass (AWS/GCP/Azure metadata), JWT Attacks (alg:none, RS256→HS256, kid injection), and Command Injection cheatsheet
  • IMPROVEActive Directory — added BloodHound/SharpHound collection commands, Lateral Movement (PsExec/WMI/WinRM/RDP), and Domain Trust Attacks (SID history, Kerberos cross-realm, printer bug)
  • IMPROVEMetasploit — added Post-Exploitation Modules, Pivoting & Tunneling via routes/SOCKS, and Database & Workspace Management
  • IMPROVEIncident Response — added Ransomware Response Playbook, Memory Acquisition (Windows/Linux tools), and Cloud IR — AWS Quick Response commands
  • IMPROVEDFIR — added Disk Imaging & Acquisition (dd/dcfldd/ewf/Autopsy), Email Header Analysis, and Log Analysis commands (Plaso, wevtutil, journalctl)
  • IMPROVEShells & Payloads — added Bind Shells, Socat & Chisel Tunneling (full TTY, SSL, SOCKS reverse tunnels), and Windows Privilege Escalation (Potato attacks, winPEAS, service misconfigs)
  • IMPROVESOC Notes — added Threat Hunting Hypotheses (10 hunt scenarios), Email Phishing Analysis (headers, attachments, social engineering), and Sysmon Event IDs Reference (Event 1-22)
  • IMPROVECTF — added Buffer Overflow / PWN section (pwntools, checksec, ROPgadget, GDB plugins), Password Cracking reference (hashcat modes + rules), and Network Forensics PCAP analysis
  • IMPROVEMITRE ATT&CK — added Notable Threat Actor Profiles (APT28/29, Lazarus, Sandworm, Scattered Spider, Cl0p), Defense Evasion Sub-Techniques, and SIGMA Rule Structure reference
  • IMPROVEInterview Prep — added Malware Analysis Questions (static/dynamic, packing, DGA, tools), Cloud Security Questions (IAM, S3, IMDS, GDPR, shared responsibility), and Compliance & Frameworks (NIST CSF, ISO 27001, PCI DSS, GDPR, HIPAA, SOC 2, CIS Controls)
  • IMPROVEThreat Intel — added Passive Reconnaissance Techniques (WHOIS, cert transparency, Shodan, theHarvester), Malware Family Reference (Cobalt Strike, Emotet, QBot, WannaCry, BlackCat, Sliver), and CTI Report Writing guide
v1.7.0 June 21, 2026
  • NEWWindows Event Log Parser — paste JSON (PowerShell) or XML (Event Viewer), auto-maps 35+ Event IDs to MITRE ATT&CK tactics, color-coded severity, filterable table with top-ID stats
  • NEWYARA Rule Builder — form-based editor with string types (text/hex/regex), modifier flags, condition presets, 5 one-click templates (PE Dropper, Web Shell, PS Loader, Ransomware, C2 Beacon), syntax-highlighted preview, download .yar
  • IMPROVEPayload Unwrapper — added "Export Timeline SVG" button: downloads a report-ready black-on-black flowchart showing each decode layer with decoder labels and previews
  • INFRAPWA / Offline Mode — site is now installable as a Progressive Web App. Service worker caches all assets for offline use — ideal for air-gapped environments and sensitive analysis
v1.6.0 June 21, 2026
  • NEWPayload Unwrapper — auto-detect and peel Base64, URL, HTML entity, hex, Unicode escape, ROT13 and PowerShell UTF-16LE encoding layers with step-by-step visualization
  • NEWCommand Palette (Ctrl+K) — fuzzy search across all tools with keyboard navigation, recent tool memory, and category filtering
  • NEWPivot Links — click any IP, domain, hash, URL or CVE in tool output to instantly open it in the relevant analysis tool
  • NEWInvestigation Notepad (Alt+N) — persistent floating scratchpad available on all pages with auto-save, copy, and export to .txt
  • NEWSOC Pattern Library — 65+ curated regex patterns for threat hunting (Network, Auth, Malware, Windows Events, Web, Exfil, Forensics) with one-click load into Regex Tester
v1.5.0 June 21, 2026
  • NEW3 new tool categories: Cryptography, Web Security, Forensics / DFIR
  • NEWCryptography — XOR Cipher, Vigenère Cipher (with IC brute force), Morse Code, Frequency Analysis
  • NEWForensics / DFIR — Strings Extractor, Magic Bytes Detector (60+ signatures), Windows Event ID Lookup (100+ IDs), Hex Viewer, Data Entropy Analyzer
  • NEWWeb Security — CSP Analyzer, Cookie Parser, HTTP Status Reference, User-Agent Parser
  • NEWSOC — Sigma Rule Builder (YAML output), MITRE ATT&CK Lookup (100+ techniques, offline)
  • NEWHashing — NTLM Hash Calculator (pure-JS MD4), HMAC Generator (SHA-1/256/512 via Web Crypto)
  • NEWNetworking — IP ↔ Integer Converter, MAC Address Analyzer (150+ OUI vendors)
  • FIXRemoved duplicate Timestamp Converter from soc.js — kept the richer version in misc.js
  • IMPROVESOC category renamed to "SOC & Threat Intel"; Password icon updated for consistent rendering
  • IMPROVEStats updated: 80+ tools, 10 categories
v1.4.0 June 21, 2026
  • NEWTimestamp Converter — live Unix clock, bidirectional conversion, quick offset buttons
  • NEWFile Hash Verifier — drag & drop SHA-1/256/512 entirely in-browser with hash comparison
  • NEWURL Parser — decompose URL into components, query param table, encode/decode
  • NEWRegex Tester — real-time matching, highlighted results, capture group details
  • NEWCertificate Parser — full X.509 PEM parser: subject, issuer, SANs, validity, fingerprints
  • NEWDiff Tool — LCS-based line-by-line text comparison with line numbers
  • NEWAbout page — developer profile with GitHub and portfolio links
  • NEWResources: MITRE ATT&CK tab — 14 tactics, top techniques, detection queries, Navigator tips
  • NEWResources: Interview Prep tab — SOC/IR Q&A covering concepts, IR process, technical & scenario questions
  • NEWResources: Threat Intel tab — IOC types, TLP levels, Pyramid of Pain, frameworks, free feeds
  • IMPROVENavigation — About link added across all pages
  • IMPROVEStats updated: 60+ tools, 13 cheat sheets
v1.3.0 June 21, 2026
  • NEWColor Converter — HEX ↔ RGB ↔ HSL with live preview and color picker
  • NEWNumber Base Converter — Binary / Octal / Decimal / Hex with ASCII lookup
  • NEWROT13 / Caesar Cipher — all 26 shifts brute force for CTF
  • NEWHTTP Headers Analyzer — security score, missing headers, known header descriptions
  • NEWCron Expression Parser — plain English description + next 10 execution times
  • NEWDNS Lookup — query A/AAAA/MX/TXT/CNAME/NS/SOA/PTR via Cloudflare DoH
  • NEWIP Info & Analysis — RFC classification, binary representation, known provider ID
  • NEWJWT Secret Brute Force — test HS256/384/512 signed JWTs against wordlists
  • NEWPlaybooks page — 6 incident response runbooks (Phishing, Ransomware, Brute Force, Exfil, Malware, DDoS)
  • NEWCTF Cheatsheet tab in Resources — encodings, stego, crypto, common CTF tools
  • IMPROVEDResources expanded from 5 to 10 tabs with 60+ sections and 500+ references
  • IMPROVEDResources tab bar now horizontally scrollable on mobile
  • IMPROVEDSOC Notes: added Splunk and Elastic/KQL query examples
  • IMPROVEDIOC confidence badges (High / Medium / Low) in SOC Notes
  • INFRACSP updated to allow Cloudflare DoH (connect-src) for DNS Lookup tool
v1.2.0 June 21, 2026
  • NEWResources page expanded from 5 to 10 tabs: Web Security, Active Directory, Metasploit, DFIR, Shells & Payloads
  • IMPROVEDLinux cheatsheet — added Log Files Reference, Text Processing one-liners, Bash forensics
  • IMPROVEDIR cheatsheet — added Linux Live Response section, more Windows Event IDs
  • NEWWeb Security — OWASP Top 10 (2021), SQLi payloads, XSS payloads, LFI/traversal, Burp Suite tips
  • NEWActive Directory — Kerberoasting, AS-REP Roasting, Pass-the-Hash, DCSync, Golden Ticket
  • NEWMetasploit — msfconsole, msfvenom, Meterpreter commands, common exploits
  • NEWDFIR — Volatility 3, Windows artifacts, registry forensics, browser artifacts
  • NEWShells & Payloads — reverse shells, PowerShell payloads, TTY upgrade, web shells, file transfer
v1.1.0 June 21, 2026
  • INFRAMigrated hosting from GitHub Pages to Cloudflare Pages
  • INFRAConnected custom domain sudosoc.com via Cloudflare DNS
  • INFRARemoved GitHub Actions deploy workflow (Cloudflare Pages handles CI/CD)
  • FIXRemoved Vercel DNS records causing DEPLOYMENT_NOT_FOUND on production domain
v1.0.0 June 21, 2026
  • NEWInitial release — 42 tools across 7 categories
  • NEWEncoding: Base64, URL Encode, HTML Encode, JWT Decoder, Unicode Converter
  • NEWHashing: MD5 (pure-JS), SHA-1, SHA-256, SHA-512 (Web Crypto)
  • NEWPassword: Generator, Strength Checker, Entropy Calculator
  • NEWJSON & Data: JSON Formatter, Validator, Minifier, XML Formatter, YAML Viewer
  • NEWNetworking: CIDR Calculator, IPv4 Calculator, IPv6 Calculator, Port Reference, Subnet Calculator
  • NEWSOC & DFIR: IOC Extractor, IOC Defanger, Timestamp Converter, CVSS 3.1 Calculator, Log Analyzer
  • NEWDeveloper: UUID Generator, Regex Tester, Text Diff, Word Counter, Case Converter
  • NEWResources: Linux, Nmap, Wireshark, Incident Response, SOC Notes cheat sheets
  • INFRADark/light theme with localStorage persistence, Cmd+K global search, hash-based routing
  • INFRAZero dependencies — 100% vanilla HTML/CSS/JS, no frameworks, no CDN, no backend
  • INFRACSP headers, no eval(), textContent for user output — security-first implementation