Detecting, Investigating and Tracking Malicious Infrastructure
ما ستتعلمه
This learning path shows how to analyze both phishing messages and the infrastructure they link to.
آخر تحديث في: 23 أغسطس 2024
وحدات
لوريم إيبسوم دولور سيت أميت بلاه.
ابدأ هنا
Introduction
Read the learning path overview, objectives, associated threats, and prerequisites
وحدة 1
Triage - Deciding when to investigate
When you receive or are forwarded a suspicious message, conduct initial triage in order to determine if it is indeed malicious, to figure out the best rapid response for the targeted recipient(s) if it is, and to determine if further investigation is needed. For most messages, it’s enough to conduct basic heuristics to separate untargeted from targeted threats and to identify harm-reducing actions
وحدة 2
Interpersonal Skills for Malicious Infrastructure/Phishing Response
After completing this subtopic, practitioners will be able to support those who might have received or clicked on malicious emails or links in a responsible way, embodying empathy and focusing on harm reduction informed by the targeted person’s own threat model
وحدة 3
Operational Security - Safe Handling of links and infrastructure
"As you go about investigating malicious phishing emails, attachments, websites, and other infrastructure, you will need to take some proactive steps to make sure that you keep yourself and the people you support safe. Be sure to study this skill and, if necessary, set up a safe environment before interacting with suspected malicious emails or web pages"
وحدة 4
Passive Investigation - Analyze URLs, hostnames, and IP addresses
A practitioner can use the skills outlined in this subtopic to begin a passive investigation against servers on the internet. A passive investigation is one that does not load any websites, but only looks up publicly available data on them. It utilizes open source intelligence (OSINT) tools and resources which can give us many details about the digital footprint of attack infrastructure without an attacker noticing that we are investigating
وحدة 5
Passive Investigation - Analyze email headers
The subtopic will teach you how to analyze the extensive metadata which documents an email’s origin, the servers it traveled through, information about possible spam checks, and much more. This metadata can form a crucial part of any in-depth investigation into potentially malicious emails
وحدة 6
Active Investigation - Analyze malicious emails
Whether they be pure social engineering, phishing, or malware delivery, malicious emails can be quite complex. This module will teach you how to interpret and understand them and find the infrastructure that they link to
وحدة 7
Active Investigation - Analyze malicious webpages
This module will teach you to look at attacker-controlled websites to understand their actions and potentially uncover further attacker-controlled infrastructure or attack vectors used in the attacks
وحدة 8
Documenting Findings
This module teaches you how to write up and share the results of your investigation and include appropriate indicators of compromise (IoCs)
وحدة 9
Response - Infrastructure takedown
Here, we cover abuse-reporting and other safe browsing and sinkhole mechanisms. This includes contacting the infrastructure provider to report malicious infrastructure so that it can be taken down
وحدة 10
Capture-the-flag exercise
We have also designed a capture-the-flag exercise in which learners can analyze a phishing email and the infrastructure it links to. The exercise can be used as an additional practice or skill verification exercise, and can be found here