Preparation
Archive Data
Authorization Token Staging
Boot Order Manipulation
CCTV Enumeration
Circumventing Security Controls
Data Obfuscation
Data Staging
Delegated Preparation via Artificial Intelligence Agents
Device Mounting
Email Collection
External Media Formatting
File Download
File Exploration
Hardware-Based Remote Access (IP-KVM)
Impersonation
Increase Privileges
IT Ticketing System Exploration
Joiner
Media Capture via External Device
Mover
Network Scanning
On-Screen Data Collection
Oversight Circumvention and Control Degradation
Persistent Access via Bots
Physical Disk Removal
Physical Exploration
Physical Item Smuggling
Private / Incognito Browsing
Read Windows Registry
Remote Desktop (RDP)
Security Software Enumeration
Social Engineering (Outbound)
Software Installation
- Installation of Dark Web-Capable Browsers
- Installing Browser Extensions
- Installing Browsers
- Installing Cloud Storage Applications
- Installing FTP Clients
- Installing Messenger Applications
- Installing Note-Taking Applications
- Installing RDP Clients
- Installing Screen Sharing Software
- Installing SSH Clients
- Installing Virtual Machines
- Installing VPN Applications
Software or Access Request
Suspicious Web Browsing
Testing Ability to Print
VPN Usage
- ID: PR025.002
- Created: 06th April 2026
- Updated: 06th April 2026
- Contributor: The ITM Team
File Download via Browser
The subject downloads files using a web browser (e.g., Chrome, Edge, Firefox) from external or internal web resources. This is the most common and lowest-friction method of file acquisition, typically requiring no additional tooling or elevated privileges.
Browser-based downloads are often logged via proxy, CASB, or endpoint telemetry, but may still present challenges in environments with encrypted traffic or limited content inspection. This behavior is frequently associated with early-stage preparation, including retrieval of tools, scripts, or datasets from public repositories, file-sharing platforms, or personal cloud storage.