Phishing Response Brief Flashcards
Next up we have a lab that incorporates all of the knowledge and skills you have learned throughout the Phishing Analysis domain. You will be analyzing a number of emails, conducting two malicious email investigations, and writing a report for each. You will answer a number of questions about the artifacts retrieved. This activity is crucial practice for the BTL1 exam, so take your time and put the effort in – it will pay off later!
Challenge Brief
You have recently joined the security team at ABC Industries as a Junior SOC analyst within their security operations center (SOC). You are responsible for monitoring the SIEM platform, investigating and responding to security events, and protecting the organization from phishing attacks. You have just begun your shift, and in a new effort to proactively identify phishing emails that have made it past perimeter defenses, you have been given a number of emails that have randomly been copied from employee mailboxes. It is your job to analyze the downloaded emails, identify if any are malicious, and conduct investigations and write reports for any that are deemed to pose a risk to the organization. Reports should include a list of artifacts, analysis activities and results, and suggested defensive measures which will be reviewed by senior analysts.
A fellow analyst has already taken a look at the selection of emails and identified TWO malicious emails out of the sample of 5.
Hints and Advice
Set aside time to complete this activity. Having no distractions will allow you to work more effectively.
Ensure that you are comfortable with all of the content in this domain before starting, specifically; retrieving email, web, and file-based artifacts, performing analysis, and suggesting appropriate defensive measures.
Once you have identified the two malicious emails, follow the Report Writing lessons to write two reports that feature all of the sections we’ve covered.
If an email is not malicious, you are not required to write a report for it.
Answer the questions in the lab to pass!