# Phishing, Email Headers and Static/Dynamic Analysis. [疯狂的一点](https://twitter.com/@themadbit) ![img](https://study.com/cimages/videopreview/videopreview-full/1an55lcj40.jpg) *image-src: Study.com* ### Phishing Phishing is a type of an attack aimed at stealing personal data of the user in general by clicking on **malicious links** sent to the users **via email** or running **malicious files** on their computer. Phishing is used in the **delivery phase** of the cyber kill chain. In most cases, attackers use it to gain initial access. ### Spoofing Emails do not necessarily have an authentication mechanism and attackers can send mail on behalf of someone else. The technique used is called **spoofing**. However,with the help of SPF, DKIM and DMARC protocols, it can be understood whether the sender's address(SMTP) is fake or real. Using tools such as [**Mxtoolbox**](https://mxtoolbox.com/), we can manually find out whether an email is spoof or not. Mxtoolbox examines whether the SMTP address belongs to that institution by looking at the whois records of the SMTP IP address. ### E-mail Traffic Analysis When examining email traffic, there're important parameters that we should consider: * Sender Address(info@workspace.io) * SMTP IP Address(127.0.0.1) * @workspace.io (domain base) * workspace (Besides the gmail account, attacker may have sent from the hotmail account) * Subject (sender address and SMTP address may be constantly changing) ### E-mail Header Analysis An **email header** is basically a section of the mail that contains information such as sender, recipient and date. In addition, it contains fields such as "Return-Path", "Reply-To", and "Received". Spam blockers use email headers to protect people from SPAM emails(**Everyone hates SPAM emails!**).It is possible to detect spam emails using header analysis and other various methods. #### How to Access Your Email Header? Gmail 1- Open the relevant e-mail 2- Click on the 3 points at the top right "..." 3- Click on the "Download message" button. ### Static E-mail Analysis It is a fact that mails composed of plain text are boring. For this reason, mail applications provide HTML support, allowing the creation of mails that can attract more attention of users. Of course, this feature has a disadvantage. Attackers can create e-mails with HTML, hiding URL addresses that are harmful behind buttons / texts that seem harmless. Attackers take a new domain address in most phishing attacks and do a phishing attack within a few days and finish their work. For this reason, if the domain name in the mail is new, it is more likely to be a phishing attack. A search of the domain address on VirusTotal can give details to determine the reputation of the domain and whether it's been flagged as a malicious domain before. However, an address may be mistaken to be safe due to evasion techniques used. Therefore, a more comprehensive analysis(dynamic) is recommended. ### Dynamic E-mail Analysis If you want to quickly check the web addresses in the mail, you can see the content of the website using online web browsers such as Browserling. The good thing about such services is that you will not be affected by a possible zero-day vulnerability that affects browsers, since you do not go to the web page on your own computer. The disadvantage of using web browsers such as Browserling is that if the malicious file is downloaded on the site, you cannot run this file. For this reason, your analysis will be interrupted. A few commonly used sandboxes: * VMRay * Cuckoo Sandbox * JoeSandbox * AnyRun * Hybrid Analysis(Falcon Sandbox)
Last changed by  
themadbit
疯狂的一点
452

Read more

IMINT/GEOINT

IMINT/GEOINT Short for Image intelligence and geospatial intelligence. There are 5 elements of IMINT that you should consider when looking at an image, according to Geoint expert Benjamin Strick: Context Foreground Background Map markings Trial and error

9/20/2022
Scripting in Bash and other sh-es 01

Say Hello Universe in Bash For sure, I do not want to go against the culture and start the series without a 'Hello world' kind of introduction. In this part of the series, I purpose to understand: [ ] Wtf is a shell -a computer shell for that matter? [ ] Who's Bash? [ ] How to write a bash script and make it executable [ ] Say Hello Universe in Bash.

9/20/2022
Scripting in Bash and other sh-es 00

Introducing the Bash scripting parts series. Hey, why don't we learn together? I am currently refreshing my bash scripting skills using Jay LaCroix's course on udemy. I am making notes, and I will be sharing them through my blog. It is a parts series, which I will updating as I write them. Induge and enjoy. :smiley:

9/20/2022
Environment Variables

The Environment Variables ❝ Don’t bury your burden in saintly silence. You have a problem? Great. Rejoice, dive in, and investigate. ❞ — Ven. Henepola Gunaratana What are environment variables? Variables and Constants are fundamental components of computer programming languages. Both represent unique memory locations containing data that programs use in their computations. Unlike constants, variables may change during execution. An environment variable is then a variable whose value is set outside the program and may change. Ordinarily, they are set through a functionality built into the operating system or microservice. An environment variable comprises a name/value pair, as in program-defined variables. Any number may be created and available for reference at a point in time.

9/20/2022
Read more from themadbit
Published on HackMD