Monitoring and Detection: Email Analysis and SMTP Logs
In this lab, you'll practice email and SMTP log analysis. After completing it, you'll be able to investigate suspected spam or phishing, determine its validity as well as the principles and configurations behind SMTP open relays.
Terms and conditions apply.
Challenge
Getting Started in the Lab Environment
Here are the initial instructions and explanation of the lab environment. Read this while your environment is busy creating itself from nothing. Yes, this violates physics; we know. How fun!
Challenge
Identifying Email Provenance
Let's check where an email is from. Does it seem to be legit? Is it coming from a source that is authorized to email on behalf of this domain? We'll find out!
Challenge
Verifying Email Legitimacy Using DKIM
The finance team has sent money to a vendor, who claims not to have received it. The finance team had received an email asking for funds to be deposited to a new bank account. Can we prove it really came from that vendor?
Challenge
Investigating SMTP relays
Someone has reported to your team that your email server is being abused as a relay for spam. We will investigate server logs and configuration to determine if that is the case.
Challenge
The Last Challenge
Welcome to the final challenge! This is your last chance to experiment in the environment. Clicking Finish Lab will end this little world that flittered into existence just for you.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.
Recommended prerequisites
- Basic understanding of networking
- Ability to use text editors and IDEs such as Visual Studio Code to open files
- Familiarity with command-line interfaces