Configures email security gateways like Microsoft Defender, Proofpoint, Mimecast, Barracuda to detect spearphishing via impersonation protection, URL detonation, attachment sandbox, and custom rules. Useful for targeted phishing defense.
npx claudepluginhub killvxk/cybersecurity-skills-zhThis skill uses the workspace's default tool permissions.
鱼叉式网络钓鱼(Spearphishing)使用个性化、经过研究的内容针对特定个人,可绕过通用垃圾邮件过滤器。邮件安全网关(SEG)如 Microsoft Defender for Office 365、Proofpoint、Mimecast 和 Barracuda 提供高级检测能力,包括行为分析、URL 引爆、附件沙箱和冒充检测。本技能涵盖配置这些网关以检测和拦截定向钓鱼攻击。
Guides configuration of email gateways like Microsoft Defender and Proofpoint to detect spearphishing via impersonation protection, URL detonation, and behavioral analysis. For incident response and threat hunting.
Configures email security gateways like Microsoft Defender for Office 365 and Proofpoint to detect spearphishing via impersonation protection and behavioral analysis. Useful for SOC analysts investigating phishing incidents.
Deploys Mimecast Targeted Threat Protection including URL Protect, Attachment Protect, Impersonation Protect, and Internal Email Protect to defend against advanced phishing and spearphishing attacks.
Share bugs, ideas, or general feedback.
鱼叉式网络钓鱼(Spearphishing)使用个性化、经过研究的内容针对特定个人,可绕过通用垃圾邮件过滤器。邮件安全网关(SEG)如 Microsoft Defender for Office 365、Proofpoint、Mimecast 和 Barracuda 提供高级检测能力,包括行为分析、URL 引爆、附件沙箱和冒充检测。本技能涵盖配置这些网关以检测和拦截定向钓鱼攻击。
Microsoft Defender for Office 365:
安全 > 反钓鱼策略 > 冒充设置
- 为 VIP 启用用户冒充保护
- 启用域名冒充保护
- 添加受保护用户(CEO、CFO、HR 总监)
- 设置操作:隔离邮件
Proofpoint:
邮件保护 > 冒充者分类器
- 启用显示名称伪造检测
- 配置仿冒域名检测
- 设置冒充者阈值敏感度
使用 scripts/process.py 分析邮件网关日志,识别鱼叉式钓鱼模式,并生成自定义检测规则。