Frequently Asked Questions

Common questions about the Cursed Tools cybersecurity investigation platform, features, security, billing, and support.

Frequently Asked Questions

Getting Started

What is Cursed Tools?

Cursed Tools is a modern cybersecurity investigation platform designed to break the curse of poor tooling in security analysis. We provide fast, secure, and intuitive tools for analyzing event logs, running and testing detection rules, investigating security incidents, and performing threat hunting activities.

How do I get started?

  1. Sign up for a free account at cursed.tools
  2. Upload your first file - start with a small EVTX file to test the platform. You can use publicly available ones like EVTX-ATTACK-SAMPLES
  3. Explore the analysis results - use our interactive timelines, process trees, and filtering capabilities
  4. Upgrade when ready - move to a paid plan when you need to process larger files in volume and size or need additional support and features

What file types do you support?

Currently we support:

  • Windows Event Logs (EVTX): Full parsing and analysis with Sigma community rules integration
  • Sigma Rules: Custom and community rule testing and validation

Do I need to install any software?

No! Cursed Tools is entirely web-based. You only need a modern browser (Chrome, Firefox, Safari, or Edge) and an internet connection.

Account & Billing

What subscription plans are available?

We offer several tiers:

  • Free: Perfect for testing and small investigations (limited daily processing quota)
  • Pro: For security analysts and investigators that want to remove the daily quota limitations, need higher quota usage and want higher priority in their investigation being processed first
  • Business: For teams and organizations with high-volume processing and integration needs

Visit our pricing page for current plan details and pricing or contact us for any business-related inquiries at [email protected].

How do I manage my subscription?

You can manage your subscription through our Stripe Managed Customer Portal:

  1. Go to Settings → Billing in your account
  2. Click "Open Billing Portal"
  3. This will take you to Stripe's secure portal where you can update payment methods, change plans, view invoices, and manage your account billing

What payment methods do you accept?

We accept Apple and Google Pay, as well as all major credit cards (Visa, MasterCard, American Express) through our secure Stripe integration. Enterprise customers can also arrange for invoice-based billing.

Can I cancel my subscription?

Yes, you can cancel anytime through the Stripe Customer Portal (Settings → Billing → Open Billing Portal). You'll continue to have access to paid features until the end of your current billing period, then your account will revert to the free tier.

Platform Features

How fast is the analysis?

Our backend is designed for speed:

  • Small EVTX files (< 1MB): Usually processed in under 1 second
  • Medium files (10-20MB): Typically under or around 10 seconds
  • Large files (100MB+): Generally under 3-4 minutes, depending on complexity and current system load

Can I share my analysis results?

Yes (but be careful)! All authenticated users can control sharing settings for their investigations:

  • Private (default): Only you can access the results - recommended for sensitive data
  • Public: Anyone with the link can view (but not download) the results
  • ⚠️ Security Warning: Public investigations can be accessed by unauthorized third parties if the link is shared
  • User responsibility: Carefully consider the sensitivity of your data before making investigations public
  • Team Sharing: Not available right now, contact us if you would like to have this feature (only for Business customers)

How do I submit feedback or feature requests?

We love hearing from our users! Visit our Feedback page to:

  • Report bugs or issues
  • Request new features
  • Share suggestions for improvements
  • Provide general feedback about your experience

Security & Privacy

How is my data protected?

Cursed Tools provides automatic end-to-end encryption for all authenticated users:

  • Immediate server-side encryption: Your files are encrypted instantly upon upload receipt over secure TLS connections
  • In-memory only operations: Files are never stored unencrypted on disk during processing
  • Per-file encryption: Each file gets its own unique encryption key
  • Per-user key derivation: When you log in a master key is securely derived from your credentials and never stored
  • Zero-knowledge architecture: The platform cannot access your encrypted investigation data

Can Cursed Tools staff see my investigation files?

No. Our zero-knowledge design means that even our system administrators cannot decrypt and view your files. Only you, with your authentication credentials, can decrypt and access your data.

Where is my data stored?

Your encrypted data is stored in secure, GDPR-compliant cloud infrastructure with providers that meet enterprise security standards. Data centers are located in regions with strong privacy laws.

Do you comply with data protection regulations?

Yes, we are fully compliant with:

  • GDPR (General Data Protection Regulation)
  • CCPA (California Consumer Privacy Act)
  • Industry security best practices

How long do you keep my data?

  • Active accounts: Data is retained as long as your account is active
  • Inactive accounts: Data may be deleted after extended periods of inactivity (you'll be notified in advance)
  • Deleted accounts: All data on the platform is permanently deleted immediately when you delete your account via the web UI's account settings panel
  • Job results & Files: You can delete individual analysis jobs and files at any time through your dashboard

Is my data backed up?

Yes, encrypted data is automatically backed up across multiple secure locations to ensure availability and disaster recovery. However, since we use per-user encryption, you are responsible for maintaining access to your account credentials and data.

WARNING - Recovery of account access immediately deletes all encrypted data under your account.

Technical Support

How do I report a bug or technical issue?

  1. Use the Feedback page (/feedback) to report the issue with as much detail as possible
  2. Email us directly at [email protected] for urgent issues
  3. Include details like browser type, file size, error messages, and steps to reproduce

What browsers are supported?

We support all modern browsers:

  • Chrome (recommended for best performance)
  • Firefox
  • Safari
  • Microsoft Edge

We recommend using the latest version of your browser for the best experience.

Why is my analysis taking longer than expected?

Several factors can affect processing time:

  • File size: Larger files take more time to process
  • File complexity: Files with many events or complex structures take longer
  • System load: During peak usage times, jobs may queue
  • Sigma rules: Running comprehensive Sigma rule sets adds processing time

Can I use Cursed Tools programmatically?

Yes! We provide a comprehensive REST API for enterprise customers. Check out our API Documentation for details on endpoints, authentication, and usage examples.

Billing & Refunds

Do you offer refunds?

We do not offer refunds, as we provide a robust free tier that allows you to:

  • Test all platform features
  • Process small files
  • Evaluate the platform before committing to a paid plan

We encourage all users to thoroughly test the platform using the free tier before upgrading to ensure it meets their needs.

Business users that require extra quota to test integration of the platform within their environment can contact us by email at [email protected] and we will do everything we can to support them.

How does the quota system work?

Each plan includes a monthly processing quota:

  • Unauthenticated usage: Very restricted usage with minimal daily quota allowance for those that don't feel like subscribing, but still want the results
  • Free tier: Limited daily quota for testing and small tasks
  • Pro tier: Higher quota that resets monthly
  • Business/API tier: Very high quotas for power users that want more integration and automation
  • Overage handling: Additional usage is blocked until the reset window. Business accounts are not blocked for further usage but an overage is calculated and included in their final invoice when they go over the limit

You can monitor your quota usage in your account dashboard.

Can I upgrade or downgrade my plan anytime?

Yes, you can change your plan at any time through the Stripe Customer Portal. Changes take effect at the start of your next billing cycle, though upgrades may be prorated.

Still Have Questions?

If you can't find the answer you're looking for, please don't hesitate to reach out:

We're here to help you break the curse of poor cybersecurity tooling!

Changelog

Yara-X Playground

Interactive Yara-X detection rule development, testing, and validation platform for malware analysis and file forensics.