A nonprofit’s donation form became a testing ground for stolen credit cards. What looked like a sophisticated bot attack turned out to be one person running scripts after dinner. Here’s how I shut them down.
Read Details
A wedding photographer’s contact form was drowning in spam despite captcha protection. The investigation revealed something more sophisticated: paid human solvers and residential proxy networks that make spam look legitimate. Here’s how we stopped it.
Read Details
A nonprofit’s emails began failing authentication, triggering warnings of a possible compromise. The investigation revealed a long-standing SPF omission and a well-intentioned workaround that caused DMARC failures.
Read Details
A Shopify store owner’s friend gets redirected to a scareware page. By the time I’m called in, the suspected app has been uninstalled and the only witness who can reproduce the issue accidentally infects his own Mac. A forensic investigation into what happens when the evidence is destroyed before you arrive.
Read Details
The client noticed Google ads on their site. The problem: they’d never set up AdSense. What followed was a forensic investigation into backdoor persistence, ad fraud infrastructure, and the art of hiding in plain sight.
Read Details
Customers reported browser takeovers. Google flagged the site as dangerous. Stripe keys were compromised. What looked like a redirect problem turned out to be a multi-layered attack: a Magecart-style payment skimmer, automated spam injection, and a backdoor that had been waiting since 2024.
Read Details
The client’s Cloudflare blocklist had 95 IPs and zero blocks. What looked like a broken WAF turned out to be a fundamental architecture problem — and a click farm operation running out of Manila.
Read Details