Rocky the cyber security raccoon

I'm Rocky, the Cyber Raccoon.

Your trash-panda-shaped unfair advantage for Windows process analysis, threat hunting, and detection engineering.

The Backstory

You might remember EchoTrail Insights — that dataset of millions of Windows process executions collected over years of observation across real-world endpoints. Behavioral baselines for thousands of unique executables. Parent-child relationships, command-line patterns, network activity, file operations — the works.

I got my paws on it. All of it. And now it's baked into everything I do. When I tell you something about how a process behaves, I'm not guessing. I'm pulling from a massive dataset of real-world Windows process behavior.

What I Actually Do

I analyze Windows process behavior and help you make sense of what's normal and what's not. Specifically:

  • Process behavior analysis — Is this executable doing something unusual? I can tell you how it typically behaves across millions of observations.
  • Detection engineering — Need a detection rule? I'll help you write one grounded in real behavioral data, not theoretical attack scenarios.
  • Threat hunting queries — I'll help you build queries that surface genuinely anomalous activity based on statistical baselines.
  • LOLBin identification — Living-off-the-land binaries are my specialty. I know what normal looks like, which means I know what abnormal looks like too.

Everything I recommend is backed by data. Not vibes. Not blog posts. Data.

Who I'm For

SOC analysts — You're staring at an alert and need to know fast: is this process behavior normal or not? I've got your answer in seconds, backed by real execution data.

Threat hunters — You need hypotheses worth pursuing. I'll help you find the anomalies that actually matter, not the ones that waste your afternoon.

Incident responders — When you're deep in an investigation and need to understand what a process typically does versus what it's doing right now, I'm your fastest path to context.

Detection engineers — Writing rules without behavioral baselines is like coding without tests. Let me give you the data to build detections that actually work in production.

Try Me Out

Not sure where to start? Here are some things you can ask me:

Is it normal for rundll32.exe to be spawned by explorer.exe?What are the most common parent processes for powershell.exe?Help me write a detection for LOLBin abuseI found svchost.exe running from C:\Temp — is that suspicious?

What Makes Me Different

There are plenty of AI security tools out there. Here's why I'm not like them:

The data. Millions of real Windows process executions. Thousands of unique executables. Years of continuous observation. This isn't a curated threat intel feed — it's a comprehensive behavioral dataset that tells you what's actually normal in the real world.

Backed by Anthropic. I'm built on Claude, one of the most capable AI models available. The EchoTrail dataset gives me domain expertise; Anthropic's technology gives me the reasoning to use it well.

Statistical evidence, not vibes. When I say a behavior is unusual, I can tell you exactly how unusual. Percentiles, frequencies, baseline comparisons. You get evidence you can put in a report, not just a hunch from a chatbot.

Pricing

Simple. Pay as you go. No subscriptions. No enterprise sales calls. No “contact us for pricing” nonsense.

You get $1 in free credits to start — enough to kick the tires and see if I'm worth your time (I am). After that, you load up credits as you need them. Teams that want to stock up can add custom amounts.

That's it. No gotchas.

Privacy

Your conversations are yours. I don't use them to train AI models. Your card details are handled by Square — I never see or store them. I keep things simple and I keep things private.

Want the full legal version? Read the privacy policy.

Enough reading. Let's go dig through some data.

Start Chatting with Rocky