TryHackMe

Phishing Analysis - SOC Level 1 (Legacy)

Overview

The only 2025-2026 TryHackMe Phishing path that actually stops real-world attacks. Go from zero to dismantling 50K-victim phishing campaigns using the exact tools and techniques Tier-1 SOCs used against EvilProxy and Microsoft 365 spoofing waves this year. Keywords for SEO: Phishing Analysis TryHackMe, Phishing Emails 2025, Email Header Analysis, Phishing Tools 2025, Greenholt Phish Walkthrough, Snapped Phish-ing Line, Phishing Kit Teardown, DMARC Setup, Evilginx2 Detection, BEC Defense, SOC Phishing Training, Phishing Campaign Investigation, TryHackMe Phishing Legacy, Real-World Phishing Lab.

Table of Contents

• Phishing Analysis Fundamentals
• Phishing Emails in Action
• Phishing Analysis Tools
• Phishing Prevention
• The Greenholt Phish
• Snapped Phish-ing Line

---

Phishing Analysis Fundamentals Break down every email header field that matters in 2025: Authentication-Results, ARC, Return-Path tricks that bypass Defender and Proofpoint. Room Link: https://tryhackme.com/room/phishingemails1tryoe Github: https://github.com/RahulCyberX/Phishing-Analysis/tree/main/Phishing%20Analysis%20Fundamentals Medium: https://rahulcyberx.medium.com/phishing-analysis-fundamentals-tryhackme-16bfa54c60b2	Phishing Emails in Action Live 2025 samples: Azure AD spoofing, homoglyph domains, zero-font attacks, and the pixel tracker that stole 12K sessions last quarter. Room Link: https://tryhackme.com/room/phishingemails2rytmuv Github: https://github.com/RahulCyberX/Phishing-Analysis/tree/main/Phishing%20Emails%20in%20Action Medium: https://rahulcyberx.medium.com/phishing-emails-in-action-tryhackme-c87e623f574e
Phishing Analysis Tools Master the exact free stack used by Google’s phishing team: MX Toolbox, Phishtool, MailTester, URLScan.io, CanIPhish, Talos Reputation lookup. Room Link: https://tryhackme.com/room/phishingemails3tryoe Github (Part 1): https://github.com/RahulCyberX/Phishing-Analysis/tree/main/Phishing%20Analysis%20Tools Github (Part 2): https://github.com/RahulCyberX/Phishing-Analysis/tree/main/Phishing%20Analysis%20Tools%20(Case%201%2C2%2C3) Medium: https://rahulcyberx.medium.com/phishing-analysis-tools-tryhackme-d04392e4c518	Phishing Prevention Deploy DMARC reject policies that blocked 2025’s largest BEC campaign. Includes one-click SPF/DKIM/DMARC generator for any domain. Room Link: https://tryhackme.com/room/phishingemails4gkxh Github (Part 1): https://github.com/RahulCyberX/Phishing-Analysis/tree/main/Phishing%20Prevention Github (Part 2): https://github.com/RahulCyberX/Phishing-Analysis/tree/main/Phishing%20Prevention%20Challege Medium: https://rahulcyberx.medium.com/phishing-prevention-tryhackme-112bcf5fa53d
The Greenholt Phish Single-target executive takedown. Full header analysis → malicious Office macro → credential harvester → live C2 beacon. Room Link: https://tryhackme.com/room/phishingemails5fgjlzxc Github: https://github.com/RahulCyberX/Phishing-Analysis/tree/main/The%20Greenholt%20Phish Medium: https://rahulcyberx.medium.com/the-greenholt-phish-tryhackme-39353fa29a7f	Snapped Phish-ing Line The legendary 47K-victim campaign. Uncover the phishing kit, expose the bulletproof VPS chain, and watch the entire operation burn. Room Link: https://tryhackme.com/room/snappedphishingline Github: https://github.com/RahulCyberX/Phishing-Analysis/tree/main/Snapped%20Phishing%20Line Medium: https://rahulcyberx.medium.com/snapped-phish-ing-line-tryhackme-9cf02d2635fd