-
Notifications
You must be signed in to change notification settings - Fork 15
Supported Techniques
mvelazco edited this page Apr 7, 2024
·
22 revisions
- Supported Methods: Graph, EWS
- Description: Simulates the action of reading emails from a specified mailbox, demonstrating data access and potential exfiltration capabilities.
-
Parameters:
-
auth_type
: Authentication type used, with values ranging from 1 to 3, each representing a different authentication mechanism. -
method
: Specifies the API method used (Graph API or EWS). -
mailbox
: Target email address from which emails will be read. -
keyword
: Keyword for the search. -
limit
: Maximum number of emails to be read.
-
- Supported Methods: Graph
- Description: Simulates an adversary conducting targeted searches within a mailbox to uncover sensitive information.
-
Parameters:
-
auth_type
: Authentication type used, with values ranging from 1 to 3, each representing a different authentication mechanism. -
method
: Specifies the API method used (Graph API or EWS). -
mailbox
: Target email address from which emails will be read. -
limit
: Maximum number of emails to be read.
-
- Supported Methods: Graph, EWS, REST
- Description: Creates an email rule to automatically forward emails containing specified keywords, simulating discreet information exfiltration.
-
Parameters:
-
auth_type
: Authentication type used. -
method
: Method used for rule creation (Graph, EWS, or REST). -
mailbox
: Email address on which the rule will be created. -
rule_name
: Name of the created rule. -
forward_to
: Email address to which matching emails will be forwarded. -
body_contains
: Keyword that triggers the rule.
-
- Supported Methods: REST
- Description: Enables automatic forwarding of all emails from a specified mailbox, simulating unauthorized email traffic diversion.
-
Parameters:
-
auth_type
: Authentication type used. -
method
: This technique uses REST. -
mailbox
: Mailbox from which emails will be forwarded. -
forward_to
: Destination email address for forwarded emails.
-
- Supported Methods: REST, EWS
- Description: Grants a user permission to access a specific folder in another user's mailbox, simulating unauthorized access to sensitive information.
-
Parameters:
-
auth_type
: Authentication type used. -
method
: Specifies REST or EWS. -
mailbox
: Mailbox containing the folder to which permissions will be added. -
folder
: Folder for which permissions are granted. -
grantee
: User being granted folder access. -
access_rights
: Level of access granted (e.g., Owner, Author).
-
- Supported Methods: REST
- Description: Grants a user full access to another user's mailbox, critical for simulating compromised account scenarios.
-
Parameters:
-
auth_type
: Authentication type used. -
method
: Uses REST. -
mailbox
: Mailbox to which access will be delegated. -
grantee
: User granted access to the mailbox. -
access_rights
: Type of access granted, "FullAccess".
-
- Supported Methods: REST
- Description: Executes a compliance search for specified keywords, simulating the search for sensitive or regulated information.
-
Parameters:
-
auth_type
: Authentication type used. -
method
: Uses REST. -
keyword
: Keyword for the search. -
name
: Name of the compliance search.
-
- Supported Methods: REST
- Description: Establishes a mail flow rule to forward emails based on defined criteria, simulating potential malicious redirection.
-
Parameters:
-
auth_type
: Authentication type used. -
method
: Uses REST. -
forward_to
: Email address for forwarding. -
name
: Name of the mail flow rule.
-
Technique | Graph | EWS | REST |
---|---|---|---|
read_email | X | X | NA |
create_rule | X | X | X |
enable_email_forwarding | NA | NA | X |
add_folder_permission | NA | X | X |
add_mailbox_delegation | NA | NA | X |
run_compliance_search | NA | X | NA |
create_mailflow | NA | NA | X |