Categories
Writeup

WriteUp SOC101 – Phishing Mail Detected – EventID 8

First of all, I take a look at the alarms on the Monitoring page and choose one to review. I selected the “Phishing mail detected” alarm and press the “+” button to view the details. As seen in the device action section, the mail has reached the end user. I’m starting to investigate by forwardingRead More

Categories
Detection Phishing

How to Investigate Phishing Campaigns?

Phishing attack is a type of attack aimed at stealing personal data of the user in general by clicking on malicious links to the users via email or running malicious files on their computer. Phishing attacks correspond to the “Delivery” phase in the Cyber ​​Kill Chain model created to analyze cyber attacks. The delivery stageRead More

Categories
Detection Python

Reputation Based Detection with Python

The purpose of the reputation based detection systems is detecting low reputation behaviors (Low reputation file opening, requesting IP address). The suspicious situation will be noticed when requesting low reputation IP address within a network using this system. I will show basically how to create reputation based detection system. I’ll use 3rd party resources forRead More