draft cheatsheet security

Incident Response: Phishing Email Investigation Cheatsheet

(Draft)

Posted by Carl Gaspar on Thu, Dec 8, 2022

URLs

*VirusTotal - will give a reputation.

Google Safe Browsing - will tell if it’s on a blacklist

urlscan - best and quickest, it will flag if they are active phishing, will give a screenshot, and has an awesome API.

(NOTE) If you detect any as malicious, block them on your firewalls and do a search across your logs.

CheckPhish

PhishCheck

DNSDumpster

*Hybrid Analysis

*any.run

URLhaus

JOE Sandbox

*Can scan files

IPs

IPVOID

CyberChef - Decoder

Email Header Analyzer - Analyze email headers

Blockchain Explorer - Track blockchain activities

Attachments

Check the hash of the attachments. If it’s there, check the reputation, if it’s not, upload the file and scan analyze it privately in a sandbox

VirusTotal - will give a reputation.

*Hybrid Analysis

Sandboxes

CATALOG
    FEATURED TAGS
    application blueteam chatgpt cheatsheet communication css devsecops documentation draft emoji game government guide hacking html management markdown philippines primer privacy project redirect redteam review security shortcodes skincare text tutorial write-up