Giters

0xAnalyst / NotifySecurity

Outlook add-in companion to report suspicious mail easily

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

What is NotifySecurity?

NotifySecurity is an Outlook add-in used to help your users to report suspicious e-mails to security teams.

It is also built as a companion tool to Swordphish: it will automatically detect an e-mail issued by that platform and update the "reported statistics" accordingly.

So this tool has two benefits:

  • it helps your users reporting an e-mail to the right contacts with relevant information (e.g. full SMTP headers),
  • it helps you tracking your users' behavior when you run a Swordphish awareness campaign.

We believe that the click rate is not really a useful metric when doing awareness campaigns. Reaching 0 click is utopian, but we need to ensure that at least one target will notify a malicious e-mail to security teams.

When a victim reports an e-mail, they allow the security teams to initiate identification, containment and remediation actions; for example pivot on IOCs to identify all the targets and identify those who were compromised.

By deploying this add-in to your workstations, you make reporting suspicious e-mails a one-click process and naturally improve reporting rates.

This add-in is a very simple version, feel free to improve it and adapt it to your organization.

Once installed it will add a button in the Outlook ribbon:

screenshot

And one in the contextual menu:

screenshot

If you select an e-mail and click on this button, a notification will automatically be generated:

screenshot

Building the project

This project can be compiled with Visual Studio Community Edition with the Office tools enabled.

You simply have to edit the project settings to adapt them to your organization and your Sworphish instance, if available.

screenshot

screenshot

Special thanks

We would like to thank Nicolas Chaussard from ALD Automotive Security Teams for providing us the code base for this project and allowing us to release it here!

Modifications

This is modified version of the above where I removed the swordphish related stuff and added A VT link for the first recieved from IP. Use visual studio 2017 and it's publish menu to create installer. Modify the names as you wish

About

Outlook add-in companion to report suspicious mail easily

License:GNU General Public License v3.0

Languages

Language:HTML 72.3%Language:C# 27.7%