Only one task for this room.
Question 1: What date was the email received? (answer format: M/DD/YY)
I opened the email in Thunderbird.
Answer: 6/10/20
Question 2: Who is the email from?
In the From…
Answer: Mr. James Jackson
Question 3: What is his email address?
Also in the From…
Answer: info@mutawamarine.com
(more…)Question 1: After visiting the link in the task, what is the MITRE ID for the “Software Configuration” mitigation technique?
Follow the link to https://attack.mitre.org/techniques/T1598/#mitigations. Look for Software Configuration and the ID is there.
Answer: M1054
Question 1: Referencing the dmarcian SPF syntax table, what prefix character can be added to the “all” mechanism to ensure a “softfail” result?
Follow the link to the page and then click on the here in: “More in-depth information on the differences between “~” and “–” can be found here“
This gives you the…
Anwser: ~
Question 2: What is the meaning of the -all tag?
This answer is on that second webpage as well. Scroll down a little and to see the difference between ~all and -all.
- “softfail” in the case of “~”
- “fail” in the case of “-“
Answer: fail
(more…)Question 1: No answer needed
Question 1: No answer needed
Question 1: What is the official site name of the bank that capitai-one.com tried to resemble?
This should be self-explanatory, google capitol one to see what their domain is.
Answer: capitalone.com
(more…)I received this email this morning and I thought it would be a great example to point out the issues in the email that flag it as a phishing email.
Alright, here we have Jr. emailing us regarding an invoice. Two things off the bat, I’m not expecting anything from someone named Jr. and I have no idea what invoice I should be expecting. The last name Hade is not familiar to me. Next this attacker used Hello and Dear right after each other. This isn’t done. Then instead of using Jason to address me he uses my email address. Next looking at the attached PDF file name, which you should never open or download, the file name is just gibberish. The attacker didn’t even go to the bother of naming it “invoice” or anything that would make more sense. If we keep looking we see that their email is gibberish too and its from a gmail domain, who does legit business with a gmail address and not a real domain like bestbuy.com or something are slim.
Okay, so I know this is a phishing attempt, but what do I do with it? I could just delete it, but that doesn’t flag as something that gmail can research and prevent other users from getting this message. I could report spam, but it’s worse than just an unsolicited marketing email. This thing is malicious, so let’s see what gmail suggest.
Okay so I click on The three dots near reply and I can submit a phishing attempt.
After clicking on the message we get a pop-up that says…
And the email is removed from my inbox. We’re done. Great job and keep vigilant, Always be suspicious!
Question 1: No answer needed
Question 1: What phrase does the gibberish sender email start with?
This answer is in the reading. Look at the email address highlighted with a red circle 2.
Answer: noreply
(more…)Question 1: No answer needed.
Question 1: Email dates back to what time frame?
Answer is in the reading. Second paragraph.
Answer: 1970s
(more…)Learn Cybersecurity with me. I’m posting my journey here.
LinkedIn Learning – CompTIA Security+ Module 8: Network Security Design and Implementation | Complete!
TryHackMe – SOC Level 1(92 % Complete): Intro to Malware Analysis
UDemy – Python for Cybersecurity – Gitlab
In this walkthrough we will go step by step to answer the questions.
No questions here, so let’s keep moving.
Question: Which team uses malware analysis to look for IOCs and hunt for malware in a network?
The answer can be found in the reading in “The purpose behind Malware Analysis” section. Specifically, the Threat Hunt bullet.
Threat Hunt teams analyze malware to identify IOCs, which they use to hunt for malware in a network.
Answer: threat hunt teams
(more…)Some good youtubes this week…
LinkedIn Learning – CompTIA Security+ Module 8: Network Security Design and Implementation | This is a long one, I’m still working on it.
TryHackMe – SOC Level 1(91 % Complete): TheHive – Complete
UDemy – Python for Cybersecurity – Gitlab
What is Smishing?
Smishing, a portmanteau of “phishing” and “SMS,” the latter being the protocol used by most phone text messaging services, is a cyberattack that uses misleading text messages to deceive victims. The goal is to trick you into believing that a message has arrived from a trusted person or organization, and then convincing you to take action that gives the attacker exploitable information (like bank account login credentials, for example) or access to your mobile device.
I received this lately and I wanted to share it so you see a real-life example. I’ve blocked out the link for safety.
I did not go to this website, but you can bet they copied the look of USPS’s website along with a login page. This login page will not work for you to login, because this is a fake site. What it will do is capture you’re password and email.
So what, right? No harm done. Well here is another term to learn. Credential stuffing.
What is Credential Stuffing?
Credential stuffing is the automated injection of stolen username and password pairs (“credentials”) in to website login forms, in order to fraudulently gain access to user accounts.
Since many users will re-use the same password and username/email, when those credentials are exposed (by a database breach or phishing attack, for example) submitting those sets of stolen credentials into dozens or hundreds of other sites can allow an attacker to compromise those accounts too.
Credential Stuffing is a subset of the brute force attack category. Brute forcing will attempt to try multiple passwords against one or multiple accounts; guessing a password, in other words. Credential Stuffing typically refers to specifically using known (breached) username / password pairs against other websites.
https://owasp.org/www-community/attacks/Credential_stuffing
This is exactly what these bad guys or hackers will do. They might also sell the list that they get to other hackers. which will then in turn try the same thing. So use a password manager and don’t use the same password on more than one site. Don’t click on anything you are not expecting. If you’re unsure, contact the source directly. In this case, I am not expecting anything from USPS, and I see so many red flags on this I know it is smishing.
Those red flags are: