Instructor(s)

Muhammad Alharmeel

CyberSecurity Consultant

Muhammad is a business-focused cybersecurity consultant who is always looking for something new to learn or build. He likes to build things from the ground up and figure out simple ways to approach complex problems. He helped multiple organizations improve their security skills and abilities to defend their networks. He has also performed numerous security assessments and responded to attacks for clients in government, financial, high technology, healthcare, and other industries.

He used to wear multiple hats/roles within IT security, flipping between defensive and offensive roles such as security operations, intrusion analysis, penetration testing, fuzzing, and exploitation. He holds multiple hands-on respected certifications within defensive and offensive domains such as the prestigious GIAC Security Expert -GSE, Offensive Security Certified Expert OSCE, and the Certified Information Security Manager - CISM designation.

Course curriculum

  • 1

    Module 1: Introduction

  • 2

    Module 2: Attack Vector #1 - Spoofing

    • Sender Spoofing

    • Exercise 1 - Email Spoofing

    • SPF - Sender Policy Framework

    • Exercise 2 - SPF Record Creation & Validation

    • DKIM - DomainKeys Identified Mail

    • Exercise 3 - DKIM Record Creation & Validation

    • DMARC - Domain-based Message Authentication, Reporting & Conformance

    • Exercise 4 - DMARC Record Creation & Validation

  • 3

    Module 3: Attack Vector #2 - Attachments

    • Threats

    • Defensive Controls

    • Exercise 5 - File Extension Regex Filter

    • Exercise 6 - Cuckoo Sandbox Automation (API)

  • 4

    Module 4: Attack Vector #3 - URL's

    • Threats

    • Defensive Controls

    • Exercise – Detect Lookalike Domains

  • 5

    Module 5: Extra Mile Controls

    • User Awareness

    • Phishing Simulators

    • Exercise: GoPhish Deployment

    • Honeypot Tokens

    • Exercise: Canary Token Deployment

    • Multi Factor Authentication - MFA

    • Exercise: MFA Activation

    • Conditional Access

    • Exercise: Conditional Acces Whitelisted Counties

    • Stripping Internal Mail Headers

    • Exercise: Evaluate your organization exposed headers.

    • Server Hardening (CIS/DISA STIGS)

    • Exercise: Email Server Security Assessment

    • Business Buy-in

  • 6

    Responding to Email Attacks

    • Validate: confirm and analyze the attack

  • 7

    Conclusion

    • Summary

Course Objectives

  • Help SOC analysts understand email threats

  • Ability to assess enterprise email security posture

  • Minimize attack surface

  • Defend against phishing attacks