I Investigated a Real Phishing Attack — Here's the Full Kill Chain
Walkthrough of a real phishing-initiated endpoint compromise I investigated. Covers the full attack chain from password-protected PDF to PowerShell loader, forensic analysis in an isolated lab, and the response failures that delayed containment.