-
Book Overview & Buying
-
Table Of Contents
-
Feedback & Rating

Effective Threat Investigation for SOC Analysts
By :

In the previous section, we analyzed the email header of a legitimate and non-spoofed email message, and we learned about the various email authentication protocols, how they work, and the expected results of a successful email authentication process. In this section, we will examine the email authentication result of a spoofed email message to understand what it looks like when email authentication fails.
In this section, we will thoroughly examine the email authentication results of an email purporting to be sent from the fedex.com domain to the [email protected] email address. To investigate the email message, we followed the steps outlined in Chapter 1, which led us to conclude that the email was indeed malicious and contained a harmful attachment designed to gain unauthorized access to the victim’s machine. Our investigation raised the possibility that an attacker may have compromised one of the fedex.com users...
Change the font size
Change margin width
Change background colour