osj
Security engineer. Cloud focused. Still mostly just curious.
I work in cloud security during the day. Outside work, I usually end up pulling apart phishing kits, tracing delivery chains, mapping infrastructure, and writing down what the thread turns into.
This is where I keep the stuff I’m digging into: investigations, small tools, notes, and the occasional sample that’s too interesting to leave alone.
The short version
Investigations
Full archive →★ Pinned research
4 Firebase Projects, 410 Reply Addresses
What started as a pile of weird reply addresses turned into a pretty clear infrastructure story that kept leading back to one VPS
ClickFix: A Delivery Method to the Cookie Monster
How a fake CAPTCHA led me 8 layers deep into encrypted shellcode and obfuscated .
The Prince of Nigeria is Dead: AI Phishing Ops
I spent one morning with a free local model.
Phishing PDFs in the Wild - Patterns Across Three Campaigns
Different lures, same endgame. The pattern was the interesting part.
LinaStealer Unity NSIS Electron Loader: Multi-Stage Infostealer Campaign Analysis
Unity + NSIS + Electron duct-taped together. Creative, honestly.
Analyzing A Recent Agent Tesla Sample
Runtime payload, 15+ app credential harvest, FTP exfil. Noisy but useful.
Windows Loader/Stager Crash Case
Environment checks, re-execution, then a BSOD. No payload delivered.
Tools
Phishing email analyzer. Drop an .eml, get parsed headers, URLs, and a clean export.
Open source detections. Every query from a real investigation. Take them, use them.
Map an npm package and see what it actually drags in. Dependencies, publishers, maintainers, sprawl.
Want to trade notes or work on something?
I'm always down to talk shop.