Historically, tackling email-based threats has been considered the purview of black-box vendor solutions, with defenders having limited scope (or tooling!) to swiftly and effectively respond to emerging attacker activity and novel offensive tradecraft.
In this workshop, you will:
- gain insights into the latest techniques used to deliver malware strains like IcedID and Emotet
- hunt through email data to identify malicious activity and develop rules to detect and block attacks
- leave with a strong understanding of tools and techniques to defend your organization from email threats
We'll cover common phishing techniques including:
- VIP Impersonations
- HTML smuggling via links/attachments
- Malicious VBA macros
- OneNote / LNK file malware
- PDF attachments with embedded links to malware
- Credential phishing
- and more!
You'll be guided through the rule creation process, utilizing free and open detection engines including Sublime and YARA, while dissecting faithfully reproduced malware in delivr.to's payload collection. Expect to leave with a strong understanding of the signals and email attributes that can be used to craft high-fidelity rules.