osj

Security engineer. Cloud focused. Still mostly just curious.

I work in cloud security during the day. Outside work, I usually end up pulling apart phishing kits, tracing delivery chains, mapping infrastructure, and writing down what the thread turns into.

This is where I keep the stuff I’m digging into: investigations, small tools, notes, and the occasional sample that’s too interesting to leave alone.

The short version

RoleSecurity Engineer

FocusCloud security, automation, infrastructure-heavy security work

ResearchPhishing infrastructure and delivery chain analysis

PatternFollow the weird thread until the bigger picture makes sense

Side hobbyBJJ

Investigations

Full archive →

★ Pinned research

4 Firebase Projects, 410 Reply Addresses

What started as a pile of weird reply addresses turned into a pretty clear infrastructure story that kept leading back to one VPS

research

ClickFix: A Delivery Method to the Cookie Monster

How a fake CAPTCHA led me 8 layers deep into encrypted shellcode and obfuscated .

research

The Prince of Nigeria is Dead: AI Phishing Ops

I spent one morning with a free local model.

phishing

Phishing PDFs in the Wild - Patterns Across Three Campaigns

Different lures, same endgame. The pattern was the interesting part.

malware

LinaStealer Unity NSIS Electron Loader: Multi-Stage Infostealer Campaign Analysis

Unity + NSIS + Electron duct-taped together. Creative, honestly.

malware

Analyzing A Recent Agent Tesla Sample

Runtime payload, 15+ app credential harvest, FTP exfil. Noisy but useful.

malware

Windows Loader/Stager Crash Case

Environment checks, re-execution, then a BSOD. No payload delivered.

Tools

PRVIEW↗

Phishing email analyzer. Drop an .eml, get parsed headers, URLs, and a clean export.

threat-detections↗

Open source detections. Every query from a real investigation. Take them, use them.

Want to trade notes or work on something?

I'm always down to talk shop.

@inf0stache substack me@heyosj.com