mirkaCH/phishing-email-investigation-ctf

# Phishing Email Investigation CTF ## Project Context This project was created to demonstrate my ability to design and document beginner-friendly cybersecurity CTF-style challenges. The focus is on clear scenario design, reproducible setup, investigation flow, learning objectives, and basic security documentation. ## Overview This is a beginner-friendly SOC-style CTF challenge focused on phishing email investigation. The challenge involves reviewing a suspicious email, identifying phishing indicators, extracting indicators of compromise, and writing basic incident response recommendations. ## Category SOC / Blue Team / Phishing Analysis ## Difficulty Beginner ## Scenario A user has reported a suspicious email claiming that their company password is about to expire. Your task is to analyse the email, identify suspicious elements, and recover the CTF flag. ## Objectives - Identify the suspicious sender - Identify the phishing domain - Identify the suspicious URL - Identify the suspicious attachment - Extract the indicator of compromise - Recover the CTF flag - Write basic SOC recommendations ## Tools Used - Docker - Docker Compose - Ubuntu Linux container - PowerShell - Basic Linux commands: `cat`, `grep`, `ls` ## Project Files - `suspicious_email.txt` - suspicious email sample for analysis - `Dockerfile` - defines the Linux-based challenge environment - `docker-compose.yml` - runs the challenge container - `solution.md` - contains the solution and investigation notes - `screenshots/` - contains screenshots for portfolio documentation ## How to Run Build the Docker image: docker compose build