Phishing Analysis & Malware Indicators

Phishing Analysis & Malware Indicators is a hands-on course focused on analyzing suspicious emails, identifying malicious indicators, and collecting Indicators of Compromise (IOCs), followed by investigating the collected data through online sandbox environments and public threat intelligence services. The course covers the full phishing analysis workflow from understanding email structure and header fields to extracting IOCs and interpreting results using industry-standard tools. 

What You'll Learn

• Identify the structural components of an email (envelope, header, body) and their role in phishing investigations.
• Recognize phishing tactics: urgency, brand spoofing, social engineering, and obfuscated URLs.
• Analyze email headers to trace delivery paths, detect spoofing, and interpret SPF, DKIM, and DMARC results.
• Extract header- and body-based IOCs including sender IPs, spoofed domains, embedded URLs, attachments, and file hashes.
• Apply a structured phishing analysis toolset: CoolUtils Mail Viewer, Detect It Easy, VirusTotal, ANY.RUN, MXToolbox, IPinfo, and URLScan.io.
• Conduct end-to-end phishing analysis across real-world cases, identifying malware families such as AsyncRAT.
• Identify advanced evasion techniques including SVG Smuggling, DLL Search Order Hijacking, Cloudflare tunnel abuse, and credential harvesting.