Preparation
Archive Data
Authorization Token Staging
Boot Order Manipulation
CCTV Enumeration
Circumventing Security Controls
Data Obfuscation
Data Staging
Device Mounting
Email Collection
External Media Formatting
File Download
File Exploration
Impersonation
Increase Privileges
IT Ticketing System Exploration
Network Scanning
On-Screen Data Collection
Persistent Access via Bots
Physical Disk Removal
Physical Exploration
Physical Item Smuggling
Private / Incognito Browsing
Read Windows Registry
Remote Desktop (RDP)
Security Software Enumeration
Social Engineering (Outbound)
Software Installation
- Installation of Dark Web-Capable Browsers
- Installing Browser Extensions
- Installing Browsers
- Installing Cloud Storage Applications
- Installing FTP Clients
- Installing Messenger Applications
- Installing Note-Taking Applications
- Installing RDP Clients
- Installing Screen Sharing Software
- Installing SSH Clients
- Installing Virtual Machines
- Installing VPN Applications
Software or Access Request
Suspicious Web Browsing
Testing Ability to Print
- ID: PR020
- Created: 25th July 2024
- Updated: 25th July 2024
- Platforms: WindowsLinuxMacOSiOSAndroid
- Contributor: Ismael Briones-Vilar
Data Obfuscation
Data obfuscation is the act of deliberately obscuring or disguising data to avoid detection and/or hinder forensic analysis. A subject may obscure data in preparation to exfiltrate the data.
Subsections (3)
| ID | Name | Description |
|---|---|---|
| PR020.003 | Misclassification of Sensitivity Labels | The subject intentionally misclassifies the sensitivity label of a file in an attempt to bypass DLP or other security controls. |
| PR020.002 | Modification of Sensitivity Labels | The subject modifies or downgrades the sensitivity label of a file in an attempt to bypass DLP or other security controls. |
| PR020.001 | Renaming Files or Changing File Extensions | A subject may rename a file to obscure the content of the file or change the file extension to hide the file type. This can aid in avoiding suspicion and bypassing certain security filers and endpoint monitoring tools. For example, renaming a sensitive document from FinancialReport.docx to Recipes.txt before copying it to a USB mass storage device. |