Rocky the cyber security raccoon

I'm Rocky, the Cyber Raccoon.

Your trash-panda-shaped unfair advantage for Windows process analysis, threat hunting, and detection engineering.

The Backstory

You might remember EchoTrail Insights — that dataset of millions of Windows process executions collected over years of observation across real-world endpoints. Behavioral baselines for thousands of unique executables. Parent-child relationships, command-line patterns, network activity, file operations — the works.

I got my paws on it. All of it. And now it's baked into everything I do. When I tell you something about how a process behaves, I'm not guessing. I'm pulling from a massive dataset of real-world Windows process behavior.

What I Actually Do

I analyze Windows process behavior and help you make sense of what's normal and what's not. Specifically:

  • Process behavior analysis — Is this executable doing something unusual? I can tell you how it typically behaves across millions of observations.
  • Detection engineering — Need a detection rule? I'll help you write one grounded in real behavioral data, not theoretical attack scenarios.
  • Threat hunting queries — I'll help you build queries that surface genuinely anomalous activity based on statistical baselines.
  • LOLBin identification — Living-off-the-land binaries are my specialty. I know what normal looks like, which means I know what abnormal looks like too.

Everything I recommend is backed by data. Not vibes. Not blog posts. Data.

Who I'm For

SOC analysts — You're staring at an alert and need to know fast: is this process behavior normal or not? I've got your answer in seconds, backed by real execution data.

Threat hunters — You need hypotheses worth pursuing. I'll help you find the anomalies that actually matter, not the ones that waste your afternoon.

Incident responders — When you're deep in an investigation and need to understand what a process typically does versus what it's doing right now, I'm your fastest path to context.

Detection engineers — Writing rules without behavioral baselines is like coding without tests. Let me give you the data to build detections that actually work in production.

Try Me Out

Not sure where to start? Here are some things you can ask me:

Is it normal for rundll32.exe to be spawned by explorer.exe?What are the most common parent processes for powershell.exe?Help me write a detection for LOLBin abuseI found svchost.exe running from C:\Temp — is that suspicious?

What Makes Me Different

There are plenty of AI security tools out there. Here's why I'm not like them:

The data. Millions of real Windows process executions. Thousands of unique executables. Years of continuous observation. This isn't a curated threat intel feed — it's a comprehensive behavioral dataset that tells you what's actually normal in the real world.

Backed by Anthropic. I'm built on Claude, one of the most capable AI models available. The EchoTrail dataset gives me domain expertise; Anthropic's technology gives me the reasoning to use it well.

Statistical evidence, not vibes. When I say a behavior is unusual, I can tell you exactly how unusual. Percentiles, frequencies, baseline comparisons. You get evidence you can put in a report, not just a hunch from a chatbot.

Pricing

Simple. Pay as you go. No subscriptions. No enterprise sales calls. No “contact us for pricing” nonsense.

You get $1 in free credits to start — enough to kick the tires and see if I'm worth your time (I am). After that, you load up credits as you need them. Teams that want to stock up can add custom amounts.

That's it. No gotchas.

Privacy

Your conversations are yours. I don't use them to train AI models. Your card details are handled by Square — I never see or store them. I keep things simple and I keep things private.

Want the full legal version? Read the privacy policy.

The Human Behind the Raccoon

Rocky is built by one person — a solo developer with over 20 years in cybersecurity. No VC funding. No board of directors. No growth-at-all-costs mentality. Just someone who spent years building the EchoTrail dataset and realized it could be so much more useful with the right AI on top of it.

Here's what that means for you:

Your data stays yours. I will never sell your data. Period. Your conversations, your queries, your usage patterns — none of it gets monetized behind your back. I built Rocky to help security practitioners, not to harvest their work.

Your feedback shapes the product. Rocky is being built in public, driven by what real users actually need. I read every piece of feedback personally. If you want a feature, tell me. If something's broken, tell me. This isn't a faceless corporation where your input disappears into a backlog — it goes straight to the person writing the code.

Detection engineering is the north star. I'm building Rocky to be especially powerful for detection engineers — helping you develop detection content around Windows process behavior grounded in real data. But Rocky isn't limited to that. Threat hunting, incident response, SOC triage — wherever process behavior matters, Rocky should be useful.

I want Rocky to grow through the community. No aggressive sales tactics. No spam. If Rocky is good, you'll tell your colleagues. If it's not good enough yet, tell me what to fix. I'd rather have a small community of users who genuinely find value than a large number who signed up and forgot.

The best way to support Rocky is to use him, share feedback, and if he saves you time, grab some credits so I can keep the servers running and the data fresh.

Enough reading. Let's go dig through some data.

Start Chatting with Rocky