ITM is an open framework - Submit your contributions now.

Preparation

Archive Data

Authorization Token Staging

Boot Order Manipulation

CCTV Enumeration

Circumventing Security Controls

Data Obfuscation

Data Staging

Device Mounting

Email Collection

External Media Formatting

File Download

File Exploration

Impersonation

Increase Privileges

Privilege Escalation through Kerberoasting

IT Ticketing System Exploration

Joiner

Mover

Network Scanning

On-Screen Data Collection

Persistent Access via Bots

Physical Disk Removal

Physical Exploration

Physical Item Smuggling

Private / Incognito Browsing

Read Windows Registry

Remote Desktop (RDP)

Security Software Enumeration

Social Engineering (Outbound)

Software Installation

Software or Access Request

Suspicious Web Browsing

Testing Ability to Print

VPN Usage

ID: PR015.003
Created: 31st May 2024
Updated: 23rd October 2025
Platforms: WindowsLinuxMacOS
MITRE ATT&CK®: T1114.003
Contributor: The ITM Team

Email Forwarding Rule

The subject creates an email forwarding rule to transport any incoming emails from one mailbox to another.

Preventions (1)

Detections (4)

MITRE ATT&CK® Mapping (1)

ATT&CK Enterprise Matrix Version 18.1