Means
Ability to Modify Cloud Resources
Access
Aiding and Abetting
Bluetooth
Bring Your Own Device (BYOD)
Clipboard
Delegated Access via Managed Service Providers
FTP Servers
Installed Software
Media Capture
Network Attached Storage
Physical Disk Access
Placement
Printing
Privileged Access
Removable Media
Screenshots and Screen Recording
Sensitivity Label Leakage
SMB File Sharing
SSH Servers
System Startup Firmware Access
Unauthorized Access to Unassigned Hardware
Unmanaged Credential Storage
Unrestricted Software Installation
Unrevoked Access
Web Access
- ID: ME003
- Created: 22nd May 2024
- Updated: 14th June 2024
- Platforms: WindowsLinuxMacOS
- Contributor: The ITM Team
Installed Software
A subject can leverage software approved for installation or software that is already installed.
Subsections (11)
| ID | Name | Description |
|---|---|---|
| ME003.004 | Browser Extensions | The organization permits the installation or execution of unapproved browser extensions, introducing a mechanism by which web-accessible systems, authentication workflows, or data transactions can be intercepted, altered, or exploited. These extensions often operate with elevated browser-level permissions, including access to cookies, session tokens, clipboard content, keystrokes, or internal URLs. In environments where business systems are browser-based and authenticated via SSO or tokenized workflows, this exposure enables passive surveillance or active manipulation of sensitive operations.
Unapproved extensions typically fall outside the control perimeter of traditional endpoint detection tools or access control frameworks. When extension installation is user-controlled or unmonitored, it creates a circumstance in which subjects - intentionally or otherwise - can introduce new capabilities for access, data exfiltration, or surveillance. This includes extensions sourced from public repositories, sideloaded packages, or internally developed tools lacking code review or deployment controls.
The presence of ungoverned extension capability constitutes a durable and distributed access mechanism, especially in cloud-forward or hybrid environments where browser access is the primary interface to organizational systems. In many cases, infringement is made possible not by elevated privilege in the operating system, but by the absence of control within the browser execution layer. |
| ME003.003 | Browsers | A subject can install unapproved browser with features that frustrate or prevent preventions or detections. Such as built-in VPN, Tor access or automatic browser artifact destruction. |
| ME003.005 | Cloud Storage Applications | A subject can install an unapproved cloud storage application. |
| ME003.009 | FTP Clients | A subject can access or install an File Transfer Protocol (FTP) client which can be used to access FTP servers across the Internet. |
| ME003.007 | Messenger Applications | A subject can install an unapproved messenger application with the ability to transmit data and/or files across the Internet. |
| ME003.006 | Note-Taking Applications | A subject can install an unapproved note taking application (Such as Evernote and Obsidian) with the ability to sync notes across the Internet. |
| ME003.010 | RDP Clients | A subject can access or install an Remote Desktop Protocol (RDP) client which can be used to access RDP servers across the Internet. |
| ME003.011 | Screen Sharing Software | A subject has access to or can install screen sharing software which can be used to capture images or other information from a target system. |
| ME003.008 | SSH Clients | A subject can access or install an Secure Shell (SSH) client which can be used to access SSH servers across the Internet. |
| ME003.001 | Virtual Machines | A subject has access to a virtual environment on a device. |
| ME003.002 | VPN Applications | A subject has access to a VPN application. |