analysis
Deep dives into malware, phishing campaigns, and attacker tradecraft.
Focused on how things behave at runtime and what defenders can actually detect.
Songtrust Impersonation via SMS, Fake Work Portal, Telegram Pivot
Unsolicited SMS promised easy remote pay, linked to a Songtrust-branded login page that simply funnels victims to Telegram.
1/13/2026
LinkedIn 'Recruiter' Links, Dead Redirector, Evidence Preserved
A repeatable headers only workflow to sanity check suspicious short links from a LinkedIn DM, capture what you can, and preserve evidence even when the redirect chain is already dead.
12/21/2025
OHsint (TryHackMe) — OSINT Lab
how i solved ohsint (tryhackme) — a small osint lab about turning one photo into real-world context using only public breadcrumbs; process first, pii redacted.
8/16/2025