Security engineer. Cloud focused. Still mostly just curious.

npm Malware Cluster Uses Hidden README Payloads to Trigger Credential Theft

A suspicious npm package cluster using postinstall execution, credential scanning, hidden README payloads, and GitHub-based delivery attempts.

How My Homemade NPM Hunter Caught a Mini Shai-Hulud Package

A scheduled npm-hunter pipeline surfaced a Mini Shai-Hulud package and proved the lead generator was useful.

ClickFix: A Delivery Method to the Cookie Monster

Fake CAPTCHA, encrypted shellcode, and obfuscated .NET malware across an eight-layer delivery chain.

The Prince of Nigeria is Dead: AI Phishing Ops

A local AI model test showing how easily polished phishing copy can be generated without accounts, API keys, or external logs.

LinaStealer Unity NSIS Electron Loader: Multi-Stage Infostealer Campaign Analysis

Unity + NSIS + Electron duct-taped together. Creative, honestly.

4 Firebase Projects, 410 Reply Addresses

What started as a pile of weird reply addresses turned into a pretty clear infrastructure story that kept leading back to one VPS.