Projects

Investigations and technical research into sanctions evasion, criminal infrastructure, and offshore architectures.

Technical Research
Technical Research

Phishing the Sanctioned

OFAC designated Iran's four largest crypto exchanges; within days, Certificate Transparency caught a Persian-language seed-phrase phishing wave, one vertical of an industrial, bulletproof-hosted platform spanning some 60 exchanges and roughly 640 domains, ahead of every public reputation feed.

June 2026
Technical Research

A Free VPN for the Front

A free "VPN for Russian soldiers" is in fact Android spyware. We ran it in a sealed lab, followed it to a still-live, undetected C2, and mapped the APEX RENT phishing-as-a-service business and the bulletproof host behind it.

June 2026
Technical Research

14,600 and Climbing

A pre-kickoff census of the FIFA World Cup 2026 impersonation surge: the GHOST STADIUM phishing operation, a Hong Kong betting backbone, and an ecosystem that absorbed four advisories and kept growing.

June 2026
Technical Research

Oil Shock Crisis Fraud

1,435 domains in 30 days: how fraud actors weaponized the 2026 oil shock with crisis-themed impersonation and squatting campaigns.

April 2026
Technical Research

Ransom Note to Binance

Tracing a 3-year Elasticsearch extortion operation across two blockchains — 307 victim-facing wallets and a Binance-centric circular financial loop.

March 2026
Technical Research

Lighthouse Smishing Syndicate

Mapping a distributed SMS phishing operation across toll road and postal service brands, operated by the China-based Smishing Triad.

March 2026
Technical Research

Starbucks Yeti Phishing

Inside a 5-hop phishing chain that landed in a primary inbox — a Starbucks Yeti Rambler lure with five layered anti-spam evasion techniques and an affiliate scareware operation.

March 2026
Technical Research

Crypto Underground

How cryptocurrency, underground banking, and state-sponsored illicit finance converge — from Russia's crypto laundromats to a U.S.-based firm funneling $530 million for sanctioned banks.

June 2025