analysis
Deep dives into malware, phishing campaigns, and attacker tradecraft.
Focused on how things behave at runtime and what defenders can actually detect.
Office 365 Termination Phish, Google Forms Credential Grab, Evidence Preserved
Sketchy email asking me to give them my email + password to verify that my email was in fact still being used.
12/31/2025
Casefile: 'System Shutdown' Phish — Safe Redirect Triage + IOC Extraction
A repeatable email-triage workflow: preserve evidence, review headers, extract/defang links, safely resolve redirects (headers-only), and document IOCs + defensive actions.
12/14/2025
Brutus HTB Sherlock — SSH Brute Force Investigation
Analyzing a successful SSH brute force attack against a Confluence server using Linux auth logs and wtmp data. A practical walkthrough of incident response techniques.
9/20/2025