Independent Software Lab

We build tools
that actually work.

Precision-engineered software for developer productivity, passive network security, and performant consumer SaaS. No bloat. No dark patterns.

01
Client-Side WebAssembly SaaS
ZenConvert

Browser-based file conversion. HEIC, video, images. Files never leave your device. No uploads, no servers, no tracking. Privacy as architecture.

Launch Application →
02
SNF Labs Division Open Source Apache 2.0 Rust
SNF-Core

The open-source foundation of the full SNF engine. Complete and production-ready. Raw packet capture, flow reconstruction, deterministic protocol parsing (DNS, TLS, HTTP) with structured NDJSON output. Air-gap native. Memory-safe Rust.

03
SNF Labs Division Rust Air-Gapped Proprietary
Under Development
SNF Engine

The full proprietary SNF platform - 25-phase pipeline spanning protocol parsing, behavior detection, and forensic output. C2 beacons, 7-component DGA scoring, DNS tunneling, port scan, lateral movement, full ICS/SCADA (Modbus, S7comm, EtherNet/IP/CIP, PROFINET, DNP3), JA3/JA3S/JA4 TLS fingerprinting, passive OS fingerprinting, offline IOC matching, .rsaa sealed evidence bundles (Merkle chain + Ed25519), SIEM export (Splunk, Elastic, CEF, LEEF, STIX). Zero network calls. Deterministic by architecture.

Visit shadownf.com →
04
Zero-Knowledge AES-256-GCM SaaS
ScorchPad

Zero-knowledge encrypted paste service. Encrypted in your browser with AES-256-GCM before it leaves your device. The key lives only in the URL fragment - which browsers never transmit. We literally cannot read your data. Burn-after-reading, TTL expiry, password protection.

Open ScorchPad →

Our Products

RSAAT Labs / 04 Active

Locally executing, strongly typed, and fundamentally secure by architecture. Built to solve problems, not create them.

01
Client-Side WebAssembly SaaS Free + Pro
ZenConvert

A browser-based file conversion tool supporting images (HEIC, JPEG, PNG, WEBP, AVIF, GIF, BMP, TIFF), video compression, and format conversion. Everything runs client-side using WebAssembly. Your files never leave your device. No uploads, no cloud processing, no data retention. Available as a free tier with a Pro subscription for unlimited conversions and larger file sizes.

Launch zenconvert.rsaatlabs.com →
02
SNF Labs Division Open Source Apache 2.0 Rust
SNF-Core

The public open-core component of the full SNF engine. Complete, production-ready, and Apache 2.0 licensed. Handles full packet capture pipeline, TCP/UDP flow reconstruction, and deterministic protocol parsing across DNS (UDP/TCP), TLS 1.0–1.3, QUIC, HTTP/1.1, HTTP/2, ICMP, DHCP, and SMB - emitting structured NDJSON output. Builds with zero errors and zero warnings on Windows 11 and RHEL9. Tested against real-world PCAP datasets. No telemetry, no cloud dependencies, zero internet access required. The intelligence and forensics layers - C2 detection, ICS/SCADA coverage, evidence bundles, SIEM export, IOC matching, redaction - are proprietary and part of the full SNF Engine.

03
SNF Labs Division Rust Air-Gapped Proprietary
Under Development
SNF Engine

The full proprietary SNF platform, built on SNF-Core and extended across 25 phases of intelligence and forensic instrumentation. Protocol coverage (16+ analyzers): DNS (UDP/TCP/DoH/DoT/DoQ), mDNS, TLS 1.0–1.3, QUIC+SNI, HTTP/1.1, HTTP/2, ICMP, DHCP/DHCPv6, SMB, full ICS/SCADA (Modbus/TCP, S7comm, EtherNet/IP/CIP, PROFINET, DNP3), and enterprise auth (Kerberos, LDAP, RADIUS). Behavior engine: C2 beacon detection (sliding-window CV analysis), 7-component DGA domain scoring (entropy, n-gram, vowel ratio, digit ratio, TLD, length, subdomain depth), DNS tunnel tree profiling, port scan and SMB lateral movement, ICMP flood, TCP flag abuse, enterprise attack detection (Kerberoasting, LDAP recon), living-off-the-land, and data exfiltration detection. Intelligence: JA3/JA3S/JA4 TLS fingerprinting with offline threat matching across known malware families (Emotet, TrickBot, Cobalt Strike, Lazarus, Ryuk, Conti, Dridex, QakBot, AsyncRAT, IcedID, and more). Passive OS fingerprinting (TTL/window/MSS/options/DF signals). ASN, GeoIP, and reverse DNS attribution. Output: Signed .rsaa sealed evidence bundles - Merkle chain integrity (SHA-256 linked per event), Ed25519 session signing, and Bloom filter - verifiable with the standalone rsaa_verify binary. SIEM export: Splunk, Elastic ECS, CEF/ArcSight, LEEF/IBM QRadar, and STIX 2.1. Phase 23 structured query engine: SQL-like offline queries on session NDJSON, air-gap safe. Phase 20 PCAP redaction: IP anonymization, MAC randomization, payload scrubbing - GDPR/HIPAA safe output. Phase 22 multi-session correlation: cross-capture persistent actor tracking across N independent captures. Capture backends: libpcap, AF_XDP (Linux zero-copy), DPDK. Determinism guarantee: F(dataset, config, version) = SHA-256-identical NDJSON on any machine, any analyst, any time. Court-admissible evidence bundles with verifiable chain of custody. 40+ CLI flags. Hardware auto-scaling with NUMA-aware worker pool and RSS configuration.

Visit shadownf.com →
04
Zero-Knowledge AES-256-GCM SaaS Free + Pro
ScorchPad

A zero-knowledge encrypted paste service built on the principle that we should be architecturally incapable of reading your data - not just policy-committed to not reading it. Every paste is encrypted in your browser with AES-256-GCM (the same standard the NSA uses for TOP SECRET data) before any bytes leave your device. The 256-bit key is placed only in the URL fragment, which browsers never include in HTTP requests. The server receives an encrypted blob mathematically indistinguishable from random noise. Burn-after-reading with atomic Redis Lua scripts - race-condition proof. Password protection with PBKDF2-SHA256 at 310,000 iterations (2023 OWASP spec). URL fragment erasure after decryption. 30-second clipboard auto-clear. Sandboxed HTML rendering. No raw IPs stored - HMAC-SHA256 hashes only. Redis TTL auto-deletion, no cleanup cron jobs. Even a full database breach exposes zero plaintext content.

Open scorchpad.rsaatlabs.com →

About

RSAAT Labs • Est. 2026

What We Are

RSAAT Labs is an independent software lab. We build tools that solve real problems with precision and minimal overhead. No bloat, no dark patterns, no nonsense. Every product that ships from this lab is built to be genuinely useful, technically sound, and respectful of the people using it.

We operate at the intersection of developer tooling, consumer SaaS, and deep security engineering. The goal is simple: ship software that works, earns trust, and does not waste the user's time.

Structure

RSAAT Labs is the parent organization. Under it operates SNF Labs as an independent division focused exclusively on passive network security and forensics tooling. SNF Labs carries its own brand identity, maintains its own presence, and targets a distinct audience - security researchers, incident responders, and critical infrastructure operators. Both entities share the same founding values but operate independently in terms of product, brand, and go-to-market.

What We Build
  • Consumer SaaS with honest, transparent pricing
  • Developer and productivity tools with no dark patterns
  • Passive network security and forensics engines (via SNF Labs)
  • Tools where privacy is architecture, not a policy
Current Products
RSAAT Labs Product

ZenConvert

A browser-based file conversion tool supporting images (HEIC, JPEG, PNG, WEBP, AVIF, GIF, BMP, TIFF), video compression, and format conversion. Everything runs client-side using WebAssembly. Your files never leave your device. No uploads, no cloud processing, no data retention. Available as a free tier with a Pro subscription for unlimited conversions and larger file sizes.

RSAAT Labs Product

ScorchPad

A zero-knowledge encrypted paste service. Every paste is encrypted in your browser using AES-256-GCM before it ever reaches the server. The decryption key lives only in the URL fragment - which browsers never transmit. We are architecturally incapable of reading your content, not merely policy-committed to not reading it. Burn-after-reading (atomic, race-condition proof), TTL expiry, password protection with PBKDF2-SHA256 at 310,000 iterations, sandboxed HTML rendering, and HMAC-hashed IP rate limiting. No raw IPs stored. Zero plaintext exposure even in a full database breach.

SNF Labs Division - Open Source (Apache 2.0)

SNF-Core

The public open-core foundation of the full SNF engine. Complete and production-ready. Handles raw packet capture, TCP/UDP flow reconstruction, and deterministic protocol parsing across DNS, TLS 1.0–1.3, QUIC, HTTP/1.1, HTTP/2, ICMP, DHCP, and SMB - outputting structured NDJSON. Zero errors, zero warnings on Windows 11 and RHEL9. The intelligence and forensics layers are proprietary and part of the full SNF Engine.

SNF Labs Division - Proprietary - Under Development

SNF Engine

The full proprietary SNF platform, built on SNF-Core across 25 phases of intelligence and forensic instrumentation. Protocol coverage (16+ analyzers): DNS (UDP/TCP/DoH/DoT/DoQ), mDNS, TLS 1.0–1.3, QUIC+SNI, HTTP/1.1, HTTP/2, ICMP, DHCP/DHCPv6, SMB, ICS/SCADA (Modbus/TCP, S7comm, EtherNet/IP/CIP, PROFINET, DNP3), and enterprise auth (Kerberos, LDAP, RADIUS). Behavior engine: C2 beacon detection, 7-component DGA scoring, DNS tunnel profiling, port scan, lateral movement, TCP flag abuse, Kerberoasting/LDAP recon detection, living-off-the-land, and data exfiltration detection.

JA3/JA3S/JA4 TLS fingerprinting with offline threat matching across known malware families (Emotet, TrickBot, Cobalt Strike, Lazarus, Ryuk, Conti, QakBot, Dridex, and more). Passive OS fingerprinting (TTL/window/MSS/options/DF). Signed .rsaa sealed evidence bundles - Merkle chain + Ed25519 per-session signing, verifiable offline. SIEM export to Splunk, Elastic ECS, CEF/ArcSight, LEEF/IBM QRadar, and STIX 2.1. Phase 23 structured query engine, Phase 22 multi-session actor correlation, Phase 20 PCAP redaction (GDPR/HIPAA). Capture backends: libpcap, AF_XDP, DPDK. Determinism guarantee: F(dataset, config, version) = SHA-256-identical NDJSON on any machine, any analyst, any time. Court-admissible evidence with verifiable chain of custody. Developed and maintained by SNF Labs, a division of RSAAT Labs.

The Manifesto

RSAAT Labs operates on a simple principle: software should do what it says it does. Nothing more.

We do not collect data we do not need. We do not add features that do not serve the user. We do not hide costs or obscure pricing. Every architectural decision starts from a single question: does this genuinely help the person using it?

Privacy is not a checkbox. In ZenConvert, files never touch a server because we designed it that way. In ScorchPad, we are architecturally incapable of reading your paste content - not merely policy-committed to it. In SNF, zero network calls is not a feature - it is the foundation. Building with constraints produces better, faster software.

Author & Developer
Tejas Padigel
Founder & Lead Developer
Contact

For inquiries, support, or anything else, reach out via the individual product pages. General correspondence can be directed to the contact channels listed there.

Disclaimer: All products and tools provided by RSAAT Labs and its divisions are offered strictly as-is, with no warranties of any kind. RSAAT Labs and its operators accept no legal liability for any damages, data loss, or consequences arising from use of any product. Use at your own risk.