Preparation
Archive Data
Boot Order Manipulation
CCTV Enumeration
Circumventing Security Controls
Data Obfuscation
Data Staging
Device Mounting
Email Collection
External Media Formatting
File Exploration
IT Ticketing System Exploration
Network Scanning
Physical Disk Removal
Physical Exploration
Physical Item Smuggling
Private / Incognito Browsing
Read Windows Registry
Security Software Enumeration
Social Engineering (Outbound)
Software Installation
- Installing Browser Extensions
- Installing Browsers
- Installing Cloud Storage Applications
- Installing FTP Clients
- Installing Messenger Applications
- Installing Note-Taking Applications
- Installing RDP Clients
- Installing Screen Sharing Software
- Installing SSH Clients
- Installing Virtual Machines
- Installing VPN Applications
Software or Access Request
Suspicious Web Browsing
Testing Ability to Print
- ID: PR015.003
- Created: 31st May 2024
- Updated: 09th June 2024
- Platforms: Windows, Linux, MacOS
- Contributor: The ITM Team
Email Forwarding Rule
The subject creates an email forwarding rule to transport any incoming emails from one mailbox to another.
Prevention
| ID | Name | Description |
|---|---|---|
| PV017 | Prohibit Email Auto-Forwarding to External Domains, Exchange | Various methods can be used within Exchange to prevent internal emails being auto-forwarded to remote domains. This can prevent exfiltration via email auto-forwarding rules. |
Detection
| ID | Name | Description |
|---|---|---|
| DT048 | Data Loss Prevention Solution | A Data Loss Prevention (DLP) solution refers to policies, technologies, and controls that prevent the accidental and/or deliberate loss, misuse, or theft of data by members of an organization. Typically, DLP technology would take the form of a software agent installed on organization endpoints (such as laptops and servers).
Typical DLP technology will alert on the potential loss of data, or activity which might indicate the potential for data loss. A DLP technology may also provide automated responses to prevent data loss on a device. |
| DT041 | Email Gateway | Email gateway solutions offer the ability to trace inbound and outbound emails to an organization. This can be used to retrieve information such as emails sent or received, the subject line, content, attachments, timestamps, and recipients. |
| DT040 | Microsoft Exchange Message Trace | Message trace is a feature within Exchange that permits the ability to identify inbound and outbound emails within the organization. This can be used to see which mailboxes have sent or received emails, the time, the subject line, and recipients. |