labs
experiments, notes, research.
hands-on writeups from ctfs, tooling trials, and small investigations — focused on what’s reproducible.
Office 365 Termination Phish, Google Forms Credential Grab, Evidence Preserved
Sketchy email asking me to give them my email + password to verify that my email was in fact still being used.
12/31/2025
Casefile: 'System Shutdown' Phish — Safe Redirect Triage + IOC Extraction
A repeatable email-triage workflow: preserve evidence, review headers, extract/defang links, safely resolve redirects (headers-only), and document IOCs + defensive actions.
12/14/2025
Brutus HTB Sherlock — SSH Brute Force Investigation
Analyzing a successful SSH brute force attack against a Confluence server using Linux auth logs and wtmp data. A practical walkthrough of incident response techniques.
9/20/2025