About Cursed Tools

A cybersecurity investigation platform built to address the pain of "cursed" tooling and provide modern, secure, and fast analysis capabilities for security professionals, tech users and AI agents.

The Problem with "Cursed" Cybersecurity Tooling

Anyone who's opened up Windows Event viewer can tell you how quickly they want to close it. Our industry has evolved, but the same tools from 10+ years ago are being advertised as the "go to" way to do things. Way too often these tools offer you the "Garden of Eden", for as long as you download this antiquated Python 2.7 version, wrestle with dependencies and packages, recite daily their usage incantations (command flags) and have your fingers crossed that you don't trip the AV/EDR. That promise to solve complex problems often ends up creating more friction than value. These tools typically suffer from:

  • Poor User Experience (UX): Command-line pr GUI interfaces from the 90s, convoluted workflows, and unintuitive designs
  • Time Sink Phenomena: Hours spent in dependency hell wrestling with tool configurations instead of answering critical security questions
  • Data Format Hell: Incompatible formats, manual parsing, and endless data transformation requirements
  • Security Experience (SX) Degradation: The security experience becomes so cumbersome that analysts lose valuable time and focus

The name Cursed Tools reflects this reality - we've all worked with tools that feel cursed, where simple tasks become unnecessarily complex. Our platform exists to break this curse.

Our Mission

We built Cursed Tools to transform cybersecurity investigations from a time-consuming, frustrating experience into a streamlined, intuitive process. Our focus is on providing security professionals with modern tooling that respects their time and expertise while maintaining the highest standards of security and privacy. Cursed Tools is not a "silver bullet" and has not been designed to give you all the answers, but to get you started quicker and get insights faster so you can reduce the Mean-Time-To-Detection (MTTD) and Mean-Time-To-Response (MTTR).

Core Pillars: Security, Speed, Simplicity

🔒 Security

Automatic End-to-End Encryption for All Registered Users: Every registered user automatically receives full encryption protection. We implement:

  • Immediate Server-Side Encryption: Files are encrypted instantly upon upload receipt over secure TLS connections
  • In-Memory Only Operations: Files are never stored unencrypted on disk during processing
  • Per-User Key Derivation: A master key is derived from your credentials securely via Argon2id key derivation
  • Just-in-time encryption: Your master keys are generated only upon login and never stored in any of our systems
  • Per-File Encryption: Every uploaded file gets its own encryption key, providing maximum isolation
  • Private by default: Registered users have their data protected by strict access controls by default, with optional sharing that decrypts data for public access

Sharing and Privacy Control:

  • Private by default: All files and analysis jobs are private to your account
  • Optional sharing: You may choose to make investigations or files public to share findings
  • Security risk warning: Public investigations can be accessed by unauthorized third parties if the link is shared
  • User responsibility: Consider the sensitivity of your data before making investigations public

Authentication-Gated Access: Only authenticated users with valid file and job access AND a valid master encryption key can decrypt and access their data. Even our systems administrators cannot view your investigation files.

âš¡ Speed

Modern Technology Stack: Built for concurrent, high-performance processing:

  • Rust Backend: Memory-safe, concurrent processing of large datasets
  • Async Architecture: Non-blocking operations that handle thousands of concurrent requests
  • Streaming Processing: Real-time analysis of large files and log data
  • Optimized Parsers: Custom-built parsers for Windows Event Logs, Sigma rules, and other security formats

🎯 Simplicity

Modern Web UI: Intuitive interfaces built with modern web frameworks:

  • Single-Page Application: Seamless navigation without page reloads
  • Responsive Design: Works well on different device types
  • Interactive Visualizations: Dynamic charts, graphs, and timeline views
  • Smart Filtering: Intelligent search and filtering across complex datasets

Data Security & Privacy Architecture

Key Security Features

  • No Plain Text Storage: All investigation data is encrypted at rest and in transit
  • Forward Secrecy: Each session generates new encryption contexts per job and file
  • Separation of Keys: Encrypted per-file keys are stored separately from encrypted data
  • Audit Logging: All access attempts are logged for security monitoring
  • GDPR Compliance: Built-in privacy controls and data protection measures

Platform Capabilities

Windows Event Log Analysis

  • EVTX Parsing: Fast parsing of Windows Event Log files
  • Sigma Rule Integration: Automated detection using community Sigma rules
  • Timeline Visualization: Interactive timeline of security events
  • Process Tree Analysis: Hierarchical view of inferred process relationships

Security Investigation Support Tools

  • Event ID Lookup: Comprehensive Windows Event ID reference from all frequently used OS flavours, service packs and versions
  • Native Executable File Lookup: A curated list of all native windows executable (exe or dll) files from all OS flavours, service packs and versions that you can encounter and expect
  • Interactive Sigma Rule Playground: Test your Sigma rules before they reach your detection pipeline without the hassle of running commandline tools on your machine

Modern Analysis Experience

  • Real-Time Processing: Stream processing of large log files
  • Interactive Filtering: Dynamic filtering and search capabilities
  • Collaborative Features: Share findings with team members securely

The Team

Our team consists of cybersecurity professionals, threat hunters, and software engineers who have experienced the frustration of "cursed" tooling firsthand. We're committed to building the investigation platform we wish we had during our years in security operations centers and incident response teams.

Enterprise & Compliance

  • GDPR Compliant: Privacy-by-design architecture and hosting infrastructure in the EU
  • API Access: Programmatic access for enterprise integrations
  • On-Premise Deployment: Available for organizations with strict data residency requirements

Contact Us

For general inquiries, partnership opportunities, or technical support, please reach out to us at [email protected].

Ready to break the curse of poor cybersecurity tooling? Get started today with our free tier and experience the difference modern tooling can make in your investigations.

API Documentation

API reference for the Cursed Tools cybersecurity investigation platform.