ITM is an open framework - Submit your contributions now.

Preparation

Archive Data

Boot Order Manipulation

CCTV Enumeration

Circumventing Security Controls

Data Obfuscation

Renaming Files or Changing File Extensions

Data Staging

Device Mounting

Email Collection

External Media Formatting

File Exploration

IT Ticketing System Exploration

Network Scanning

Physical Disk Removal

Physical Exploration

Physical Item Smuggling

Private / Incognito Browsing

Read Windows Registry

Security Software Enumeration

Social Engineering (Outbound)

Software Installation

Software or Access Request

Managerial Approval

Suspicious Web Browsing

Testing Ability to Print

ID: PR006
Created: 25th May 2024
Updated: 14th June 2024
Contributor: The ITM Team

Security Software Enumeration

A subject attempts to identify security software or other surveillance software/services on a target system.

Subsections

ID	Name	Description
PR006.003	Security Enumeration via File System	A subject attempts to identify security software on a target system by looking through the file system to identify relevant directories or files.
PR006.004	Security Enumeration via Network Activity	A subject attempts to identify security software by monitoring network traffic.
PR006.002	Security Enumeration via Running Processes	A subject observes running processes on the target system in an attempt to identify any security agents or software that is running.
PR006.001	Security Enumeration via Windows Registry	A subject attempts to identify security software through keys and values within the Windows registry.

Prevention

ID	Name	Description
PV002	Restrict Access to Administrative Privileges	The Principle of Least Privilege should be enforced, and period reviews of permissions conducted to ensure that accounts have the minimum level of access required to complete duties as per their role.