Following my passion for all things malware I now know I need to understand the delivery methods in more detail. Threat hunting is an area that interests me and links in well with malware analysis so today I have been tackling the various rooms on Try Hack Me that focus on delivery mechanisms, namely : Phishing emails. I know its not the only delivery method but it's for sure the biggest and growing so I think I need to understand how to investigate phishing emails more.
My first port of call is this new room called 'ParrotPost: Phishing Analysis', which is a room that teaches how attackers can craft client-side credential-stealing webpages that evade detection by security tools.
The room has an virtual machine attached to it but also includes a download of a questionable email, which is what I am using to pull it apart, analyse the tactics used and answer the various questions.