Sign in Subscribe

THM - Advent of Cyber [Day 19]

Alex McCulley

1 min read

Phishing is the focus of the task for the 19th. Phishing is a common attack vector, and one that to be honest I haven’t had a lot of experience with considering that most ctfs don’t deal with them.

Phishing is an attempt to get a foothold into a user’s computer of network via an electronic message. Usually this is by email, but it can also include social media messages. A targeted phishing attack is called spearphishing, and more sophisticated attacks can pose as a trusted source in order to be more effective.

Oftentimes there are very obvious signs of a phishing attack, but sometimes attackers can be clever and the email or message looks like it’s legitimate. Some questions to ask yourself when suspecting a phishing attack are:

  • Do you know the sender? Does the email look familiar?
  • Is the reply to email the same as the sender?
  • Is the greeting generic or specific?
  • Is there a sense of urgency to the email, especially in regards to resetting a password.
  • Is there an external link in the email? Does the link match what’s expected?
  • Is there an attachment to the email?

In the attached VM, we can investigate the email and see if the Grinch is up to his tricks.

We can open the email in outlook and see the answer to some of the questions posed to us. One of the ways we can double check links is to hover our mouse over the link in the email and get the real URL that way. The tasks today are pretty straightforward. You can get all the answers by following the task’s instructions. The worst part for me was finding the unusual header, it just took some time though.

Sign up for more like this.

Enter your email
Subscribe
Follow Me on Mastodon! Follow Me on Twitter