Building FoilSuite: A Privacy-First Security Toolkit for Browser and IoT Security

Nikola Pavlović, PhD — Sat, 27 Jun 2026 22:45:03 +0000

Most phishing tools still rely on sending your data to the cloud.

That means your “security solution” is often just another data collection point.

So I built one that doesn’t do that at all.

Building FoilSuite: A Privacy-First Security Toolkit for the Browser and IoT

As developers, we constantly trade security for convenience.

We trust browsers to auto-fill credentials.
We rely on centralized APIs to detect threats.
We assume IoT devices will “just work” securely.

But most of these assumptions break at the edge — where devices are constrained, attackers are creative, and privacy is usually an afterthought.

That’s what led me to build FoilSuite.

🧠 Background

My PhD research at Singidunum University focused on secure communication models for constrained IoT devices using blockchain-based trust mechanisms.

The core idea was:

How do we enable tamper-resistant, decentralized communication between constrained devices without relying on a central authority?

That research naturally expanded into a broader question:

What does security look like when you remove trust in external infrastructure entirely?

🧩 The idea behind FoilSuite

FoilSuite is a set of open-source, privacy-first security tools designed around three principles:

Everything runs locally when possible
No external dependency for core security decisions
Cryptographic guarantees over heuristic trust

It currently consists of three tools:

🛡️ FoilGuard — On-device phishing detection

FoilGuard is a Chrome extension that detects:

phishing domains
typosquatting
homoglyph / Unicode impersonation attacks
newly registered suspicious domains

Key design decision:

All detection logic runs entirely inside the browser.

No API calls. No telemetry. No accounts.

The goal is simple:

Your browsing data should never leave your device just to keep you safe.

🔐 FoilVault — Zero-knowledge password manager with risk-aware autofill

FoilVault is a password manager built on a zero-knowledge architecture.

But it adds something most password managers don’t:

Before autofill, it evaluates the current domain risk using FoilGuard’s detection engine.

If the domain is suspicious:

autofill is blocked
credentials are never exposed to the page

Most credential theft doesn’t happen through brute force — it happens through UI deception.

FoilVault is designed specifically to counter that.

🧪 FoilLab — Hands-on security lab

FoilLab is a weekly security challenge platform focused on real-world attack scenarios:

pcap network analysis
IoT firmware reverse engineering
log forensics
incident reconstruction

Each challenge is based on realistic attack patterns, followed by full walkthroughs.

The goal:

Move from theoretical security knowledge → actual attacker/defender thinking.

🔗 What connects all of this?

All three tools share the same philosophy:

local-first execution
privacy-preserving design
cryptographic primitives (AES-GCM-256, Argon2id, WebAuthn)
open-source by default

But more importantly:

They assume the browser and endpoint are part of the attack surface — not a trusted environment.

🚀 Why I built it

Most security tools today fall into two extremes:

enterprise platforms that are powerful but opaque
lightweight extensions that are simple but shallow

FoilSuite is an attempt to sit in the middle:

developer-friendly, privacy-first, and grounded in real security engineering.

🌐 Project

🔗 https://foilsuite.netlify.app/

Open-source feedback and contributions are welcome.

🧭 Final thoughts

Security is not just about detection.

It’s about where decisions are made.

If your security model depends on sending sensitive data to a server, you’ve already expanded your attack surface.

That assumption is what FoilSuite tries to challenge.

DEV Community: Nikola Pavlović, PhD