Hi there — I'm OJ.
I love security, and this site is where I learn in public.
I analyze real-world incidents and build repeatable detection workflows from them.
Mostly notes I wish I had, and ones I will keep coming back to.
New here? My best work →
Phishing PDFs in the Wild - Patterns Across Three Campaigns
Three low-complexity PDF phishing samples with different lure styles but the same objective: drive urgent clicks into credential or payload delivery paths.
PDF Phishing Triage
Email Threat Analysis: Reviewing Attachments Safely
Short updates while things are still fresh.
PRVIEW
Browser-based phishing email analysis: import .eml or raw source, parse headers/body, extract URLs, and export a clean summary. Mostly for my own use, but it's handy.
Detection Library
Reusable KQL and scoping queries I use to take one incident and expand it into org-wide visibility.
View threat-detections →Some things stay as notes. Some turn into deep dives. Want to explore more?
Notes
Personal security notes. How I reason through problems, break down incidents, and connect ideas as I learn.
→Analysis
Deep dives into malware, phishing campaigns, and attacker tradecraft. Focused on how things behave at runtime and what defenders can actually detect.
→Playbooks
Repeatable scripts and workflows I actually use, with the reasoning behind when to run them.
→Say hi:me@heyosj.com·LinkedIn·X·GitHub