How to forward a forensic copy of an email as an attachment

If you receive a fraudulent email, can be very useful to send a full forensic copy to an organization that is being spoofed, industry partners, and law enforcement.

When a user clicks forward in a mail client, the client copies the message’s content and attachments to a new message. The original message headers are not included.

In order to send a full forensic sample that includes the original message headers, the original message must be sent as an attachment in a new message. The process for doing this varies by mail client.

Read moreHow to forward a forensic copy of an email as an attachment

How to view email headers

A screenshot of email headers

Email headers contain very useful information for tracing a message’s origin and troubleshooting its delivery. Email headers are written with the oldest headers at the bottom, and the newest headers at the top. By reading the headers in the correct order, you can see how the message was passed from one mail server to another, and the actions each mail server took along the way.

Most email clients have a function to display a message’s headers. The exact steps depends on the client. In most cases, this requires the desktop version of the client.

Read moreHow to view email headers

Demystifying DMARC: A guide to preventing email spoofing

A screenshot of a premade aggreate/summary DMARC dashboard in ELK using data from pardeemarc

DMARC can stop spoofed spam and phishing from reaching you and your customers, protecting your information security and your brand. However, complexity and misconceptions deter many organizations from ever deploying it. Part mythbusting , part implementation guide, this post explains the shortcomings of SPF and DKIM, what DMARC is, how to deploy DMARC properly, and how to respond to DMARC reports – all without the need for an additional vendor, thanks to open source software!

Read moreDemystifying DMARC: A guide to preventing email spoofing

How to compile and install FFmpeg on Debian/Ubuntu

Here’s how to build and install FFmpeg from source with all the bells and whistles (i.e codec support).¬† We’ll install it as a custom Debian package using checkinstall. That way, any other package that depends on the ffmpeg package will recognize that it is already installed, and won’t try to fetch it from the Debian or Ubuntu software repositories.

Read moreHow to compile and install FFmpeg on Debian/Ubuntu

How to install YARA and write basic YARA rules to identify malware

A screenshot of a YARA rule with syntax highlighting

YARA is described as “The pattern matching Swiss knife for malware researchers (and everyone else)”. Think of it as like grep, but instead of matching based on one pattern, YARA matches based on a set of rules, with each rule capable of ¬†containing multiple patterns, and complex condition logic for further refining matches. It’s a very useful tool. Let’s go over some practical examples of how to use it.

Read moreHow to install YARA and write basic YARA rules to identify malware

How to run graphical Linux applications on Windows 10 using the Windows Subsystem for Linux (WSL)

A screenshot of xeyes running on Bash on Ubuntu on Windows 10

The Windows Subsystem for Linux (WSL) was introduced by Microsoft in the Windows 10 Anniversary Update. It allows users to run a full Linux user space in Windows. It is a much nicer approach for most applications than Cygwin, or using a Linux VM. It is not an emulator either. Think of it as GNU/Linux/Windows (apologies to Richard Stallman). This guide starts off with Microsoft’s instructions for installing the WSL, and then goes a few steps further by describing how to run graphical Linux applications.

Read moreHow to run graphical Linux applications on Windows 10 using the Windows Subsystem for Linux (WSL)