osj
I think malware is fascinating but the delivery of it is more fascinating.
Threat hunter and detection engineer. I pull apart phishing kits, trace delivery chains, and publish everything so other defenders can use it. The delivery mechanism is usually the clever part, that's where I focus. But malware is still super cool so I like poking at it.
If I didn't need money I'd still do this. I need more hobbies.
The short version
Investigations
Full archive →★ Pinned
Phishing PDFs in the Wild - Patterns Across Three Campaigns
Three low-complexity PDF phishing samples with different lure styles but the same objective: drive urgent clicks into credential or payload delivery paths.
ClickFix: A Delivery Method to the Cookie Monster
How a fake CAPTCHA led me 8 layers deep into encrypted shellcode and obfuscated .
The Prince of Nigeria is Dead: AI Phishing Ops
I spent one morning with a free local model.
LinaStealer Unity NSIS Electron Loader: Multi-Stage Infostealer Campaign Analysis
Unity + NSIS + Electron duct-taped together. Creative, honestly.
Analyzing A Recent Agent Tesla Sample
Runtime payload, 15+ app credential harvest, FTP exfil. KQL included.
Windows Loader/Stager Crash Case
Environment checks, re-execution, then a BSOD. No payload delivered.
Lumma Stealer HTA Loader Analysis
Self-reading HTA that decodes and evals its own payload. Classic.
Tools
Want to trade notes or work on something?
I'm always down to talk shop.