SOC100 C25 - Email Security Analysis 1, SMTP Breakdown, SPF DKIM DMARC, MUA MSA MTA MDA MUA
We're taking you from navigating the Windows start menu to triaging Tier 1 SOC Analyst tickets by live stream instructing every piece of content from the pay what you can (PWYC) 400+ hour SOC100 course series over 5 months. Recordings free, and course is minimum $19, suggested $29 with virtual machines provided and lab time.
Full playlist: • SOC100 Full Playlist
Full course info 👉 https://www.leveleffect.com/soc100
Stream calendar 🗓️ https://docs.google.com/spreadsheets/...
Stream Details:
Class 25
Course: SOC100-2
Domain: Email Security
Website: https://leveleffect.com
Discord: / discord
Twitch: / leveleffect
Newsletter & Blog: https://news.leveleffect.com/
LinkedIn: / leveleffect
Timestamps:
00:00:00 - Greetings and introductions: Chat engagement and community interactions.
00:05:45 - Agenda overview: Transitioning from Windows Triage to email security and foundational concepts.
00:06:14 - Introduction to tools for email security: Process overview of SMTP, headers, and authenticity.
00:08:28 - Overview of email as a major attack vector and human elements in security breaches.
Understanding Threats in Email Security
00:11:15 - The reality of simple attacks: Threat actors leveraging phishing for easy wins.
00:14:19 - Threat intelligence reports and focusing on high-impact areas like phishing and ransomware.
00:15:48 - Human error in breaches: 68% involve the human element; 28% involve misconfiguration.
00:17:56 - Statistics on phishing: User click rates rising from 4% in 2016 to 11% in 2024.
00:18:53 - Median time to click on a phishing email: 21 seconds to open, 49 seconds to compromise.
Pretexting and Red Team Examples
00:19:34 - Pretexting attacks: Leveraging psychology to mislead users into credential compromise.
00:20:52 - Example of red team phishing campaign: Mimicking a rewards program email for successful credential harvesting.
00:21:52 - Discussion: Blame vs. addressing human vulnerabilities in cybersecurity.
SMTP and Email Transmission Fundamentals
00:28:56 - Simple Mail Transfer Protocol (SMTP): Overview and historical context.
00:34:40 - The evolution of SMTP: Reliability over security in Arpanet days.
00:42:28 - SMTP process: Sending emails with headers, encryption layers, and STARTTLS.
00:48:36 - SMTP in action: Port 25 for clear text and Port 587 with STARTTLS for encryption.
Email Flow: Step-by-Step Breakdown
01:02:52 - Mail User Agent (MUA): Formatting email, adding headers, and initiating transmission.
01:06:40 - Mail Submission Agent (MSA): Validation checks, spam filtering, and applying encryption.
01:14:26 - Mail Transfer Agent (MTA): Consulting DNS records (MX and A records) to forward emails.
01:27:25 - Mail Delivery Agent (MDA): Final delivery, integrity checks, and client retrieval using IMAP/POP.
Layers of Email Security
01:30:46 - Introduction to SPF (Sender Policy Framework): Trust through IP address validation.
01:37:22 - SPF limitations: Trusting emails sent from compromised accounts.
01:50:54 - DKIM (DomainKeys Identified Mail): Adding authenticity through digital signatures.
01:56:57 - DMARC (Domain-based Message Authentication Reporting and Conformance): Policy enforcement for email validation.
02:05:03 - Policy implementation: Quarantine, reject, or accept emails based on SPF/DKIM results.
Practical Lab: Email Analysis
02:15:10 - Setting up the lab: Inspecting email headers and analyzing SPF, DKIM, and DMARC results.
02:22:45 - Inspecting email headers for authentication details and identifying phishing attempts.
02:29:58 - Practical example: Analyzing phishing emails that bypass SPF/DKIM checks.
02:35:20 - Exploring DNS records: Verifying SPF records and their role in email authentication.
Threat Actor Tactics
02:45:40 - Leveraging trusted platforms (e.g., Gmail and Outlook) to bypass email security controls.
02:50:12 - Business Email Compromise (BEC): Exploiting misconfigurations in self-hosted email servers.
02:55:44 - Using tools to enhance security: Importance of layered defenses and threat intelligence.
Advanced Threat Analysis
03:05:10 - Analyzing failed SPF/DKIM results and their implications on email trust.
03:10:32 - Understanding misconfigurations and the risks in corporate email setups.
03:15:45 - Real-world scenarios: Threat actors targeting businesses with poor email policies.
Closing Remarks
04:03:25 - Recap: Importance of email security and applying lessons to real-world incidents.
04:08:10 - Q&A session: Student queries on SMTP, SPF, DKIM, and DMARC implementations.
04:13:00 - Final thoughts: Preparing for next week's deeper dive into Cyber Threat Intelligence.
Watch video SOC100 C25 - Email Security Analysis 1, SMTP Breakdown, SPF DKIM DMARC, MUA MSA MTA MDA MUA online, duration hours minute second in high quality that is uploaded to the channel Level Effect 27 January 2025. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 105 times and liked it 13 visitors.
