Рет қаралды 363
This video is a continuation of • Day in the life of a S... (Day in the life of a SOC analyst - Analyzing Phishing Volume 1). This segment we go a little deeper with phishing analysis briefly introducing some custom made tools, utilization of Linux command line and finally some public threat intel for validation purposes.
The last video in this series will be putting Volume 1 and 2 together for a brief phishing analysis, writeup, search and threat hunt as well as OSINT.
Also covered in this segment is extracting e-mails from Outlook and Thunderbird. Finally we see how to obtain and reference IOC's and how to justify blocking different IOC types.
Tools used:
Linux: whois, nslookup
Windows: Phishing Analysis tool
Threat Intel Sources:
exchange.xforce.ibmcloud.com/
virustotal.com
SIEM:
Splunk indexes (proofpoint).