Aug 06 2021 07:32 AM
DShield's Aug 5th, '21 article mentions cookies on a phishing page. It made me think if they should be considered for incident response. Example, defender alerts a user clicked a link. Proxy logs show they visited and no other traffic, referrals, posts, etc. The user didn't download the phishing document. Generally, analysis concludes the risk has ended, no further action to take. Yet, would a malicious site leverage cookies, trackers, and similar objects. Should incident response include clearing cookies and cache?
Aug 06 2021 07:47 AM
SolutionAug 06 2021 07:47 AM
Solution