This was an interesting rabbit hole I ventured into. What started as a simple alert for an end user, turned into what felt like a CTF as I decided to dig deeper, and beat this alert like I was going to make an omelet out of it. While I could have moved onto the next thing, I wanted to not only see what the payload intended to do, but dissect the payload to figure out how it was created. This is part one, the Blue part of this story.
In my first Infosec role, a part of my job was to manage quarantine queues, adding mail domains to any white or black lists based on their reputation. While I could just go to sites like Virustotal or Senderbase and manually enter the URLs in, that would just take the fun out of it. The idea of the tool came from me wanting to sharpen my Python skills, and get some experience scraping useful public information on the Internet. I’ve written pretty simple scripts in the past and wanted to learn more than just the basic provide input–>get output.