- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Business Email Compromise (BEC) Investigation | IR Playbook
A CFO just wired $500k to attackers — and the email looked perfect.
IR Playbook | DFIR Media
• Business email compromise starts with one stolen password.
• Check Azure AD sign-in logs for impossible travel or suspicious IPs.
• Pull mailbox audit logs — look for MailItemsAccessed and SendAs events.
• Attackers create forwarding rules to exfiltrate emails to external addresses.
• Check for malicious OAuth apps — attackers grant themselves persistent access.
• Containment: reset password, revoke sessions, delete inbox rules, remove OAuth apps.
• Alert business partners immediately — wire fraud happens fast.
AI-generated narration | DFIR Media
Видео Business Email Compromise (BEC) Investigation | IR Playbook канала DFIR Lab
IR Playbook | DFIR Media
• Business email compromise starts with one stolen password.
• Check Azure AD sign-in logs for impossible travel or suspicious IPs.
• Pull mailbox audit logs — look for MailItemsAccessed and SendAs events.
• Attackers create forwarding rules to exfiltrate emails to external addresses.
• Check for malicious OAuth apps — attackers grant themselves persistent access.
• Containment: reset password, revoke sessions, delete inbox rules, remove OAuth apps.
• Alert business partners immediately — wire fraud happens fast.
AI-generated narration | DFIR Media
Видео Business Email Compromise (BEC) Investigation | IR Playbook канала DFIR Lab
Комментарии отсутствуют
Информация о видео
22 апреля 2026 г. 10:08:14
00:00:42
Другие видео канала
T1562 — Impair Defenses | MITRE Spotlight
Mystery Malware Coded in Unknown Language Stumped World's Best Hackers
AI Alert Triage
DNS Configuration Analysis
Ransomware's Worst Nightmare (Shadow Copies) #DFIR #Cybersecurity
T1190 — Exploit Public-Facing Application | MITRE Spotlight
PCAP Files | Artifact of the Day
macOS Unified Logs | Artifact of the Day
Shellbags | Artifact of the Day
PCAP Files | Artifact of the Day
Google Safe Browsing Check
Windows Event Logs — PowerShell | Artifact of the Day
Cobalt Strike Beacon Detection Patterns | Detection Rule Friday
LOLBins — Living Off the Land Detection | Detection Rule Friday
Student Accidentally Broke 10% of the Internet in 1988
Sysmon (System Monitor) | Tool Tuesday
KAPE (Kroll Artifact Parser and Extractor) | Tool Tuesday
China's Secret Hacker Army Finally Exposed by Name and Face
Volatility 3 | Tool Tuesday
Linux Crontab Entries | Artifact of the Day
