Hi there — I'm OJ.
I love security, and this site is where I learn in public. Breaking down incidents, building forensics workflows, dabbling in some malware analysis. This is mostly notes I wish I had and notes I will continue to refer to.
New here? My best work →
Analyzing A Recent Agent Tesla Sample
Breaking down a January 2026 Agent Tesla sample that hides its payload until runtime. Covers credential harvesting across 15+ applications, Startup folder persistence, and FTP exfil to attacker infrastructure. Includes ready to use KQL queries for hunting.
PCAP Analysis Using tshark For Some Malware
Email Threat Analysis: Rapid .eml Triage Commands for Analysts
Short updates while things are still fresh.
Browser-based phishing email analysis: import .eml or raw source, parse headers/body, extract URLs, and export a clean summary. Mostly for my own use, but it's handy.
Some things stay as notes. Some turn into deep dives. Want to explore more?
Notes
Personal security notes. How I reason through problems, break down incidents, and connect ideas as I learn.
→Analysis
Deep dives into malware, phishing campaigns, and attacker tradecraft. Focused on how things behave at runtime and what defenders can actually detect.
→Playbooks
Repeatable scripts and workflows I actually use, with the reasoning behind when to run them.
→Say hi: me@heyosj.com •
LinkedIn•X•GitHub