My Best Work

Three pieces that show how I think

Investigation, incident response, and detection engineering.

Currently:: Security analyst @ MLS
Focus:: Detection engineering, threat hunting, incident analysis
Approach:: Hands-on workflows, real examples, and why they matter

Investigation

Agent Tesla staged malware analysis

•Analyzed a fresh Agent Tesla sample using static and behavioral techniques
•Mapped staging and execution flow and identified exfil patterns
•Focused on what can be detected, not just reversing for fun

Environment: isolated lab, offline execution, behavioral tooling

View analysis →

Incident response

Phishing PDFs in the Wild

•Compared multiple PDF lures and highlighted what stayed consistent across them
•Focused on attacker behavior and delivery paths, not just file trivia
•Wrote it to be useful during live triage

Focus: scoping and patterns

View analysis →

Detection engineering

Detection Library

•KQL queries used to scope phishing and related activity
•Detection logic built from real investigations
•Queries and rules designed for fast pivoting during response

View repository →

featuredproject

PRVIEW

Browser-based phishing email analysis: import .eml or raw source, parse headers/body, extract URLs, and export a clean summary.

newsletter

Substack

Subscribe to get new research and writeups in your inbox when they drop.

Read on Substack →

Want more casework? Explore Analysis.

Say hi:me⁠@⁠heyosj.com•LinkedIn

This page is intentionally curated for tactical response work.