Skip to content

Supported Techniques

mvelazco edited this page Apr 7, 2024 · 22 revisions

read_email

  • Supported Methods: Graph, EWS
  • Description: Simulates the action of reading emails from a specified mailbox, demonstrating data access and potential exfiltration capabilities.
  • Parameters:
    • auth_type: Authentication type used, with values ranging from 1 to 3, each representing a different authentication mechanism.
    • method: Specifies the API method used (Graph API or EWS).
    • mailbox: Target email address from which emails will be read.
    • keyword: Keyword for the search.
    • limit: Maximum number of emails to be read.

search_mailbox

  • Supported Methods: Graph
  • Description: Simulates an adversary conducting targeted searches within a mailbox to uncover sensitive information.
  • Parameters:
    • auth_type: Authentication type used, with values ranging from 1 to 3, each representing a different authentication mechanism.
    • method: Specifies the API method used (Graph API or EWS).
    • mailbox: Target email address from which emails will be read.
    • limit: Maximum number of emails to be read.

create_rule

  • Supported Methods: Graph, EWS, REST
  • Description: Creates an email rule to automatically forward emails containing specified keywords, simulating discreet information exfiltration.
  • Parameters:
    • auth_type: Authentication type used.
    • method: Method used for rule creation (Graph, EWS, or REST).
    • mailbox: Email address on which the rule will be created.
    • rule_name: Name of the created rule.
    • forward_to: Email address to which matching emails will be forwarded.
    • body_contains: Keyword that triggers the rule.

enable_email_forwarding

  • Supported Methods: REST
  • Description: Enables automatic forwarding of all emails from a specified mailbox, simulating unauthorized email traffic diversion.
  • Parameters:
    • auth_type: Authentication type used.
    • method: This technique uses REST.
    • mailbox: Mailbox from which emails will be forwarded.
    • forward_to: Destination email address for forwarded emails.

add_folder_permission

  • Supported Methods: REST, EWS
  • Description: Grants a user permission to access a specific folder in another user's mailbox, simulating unauthorized access to sensitive information.
  • Parameters:
    • auth_type: Authentication type used.
    • method: Specifies REST or EWS.
    • mailbox: Mailbox containing the folder to which permissions will be added.
    • folder: Folder for which permissions are granted.
    • grantee: User being granted folder access.
    • access_rights: Level of access granted (e.g., Owner, Author).

add_mailbox_delegation

  • Supported Methods: REST
  • Description: Grants a user full access to another user's mailbox, critical for simulating compromised account scenarios.
  • Parameters:
    • auth_type: Authentication type used.
    • method: Uses REST.
    • mailbox: Mailbox to which access will be delegated.
    • grantee: User granted access to the mailbox.
    • access_rights: Type of access granted, "FullAccess".

run_compliance_search

  • Supported Methods: REST
  • Description: Executes a compliance search for specified keywords, simulating the search for sensitive or regulated information.
  • Parameters:
    • auth_type: Authentication type used.
    • method: Uses REST.
    • keyword: Keyword for the search.
    • name: Name of the compliance search.

create_mailflow_rule

  • Supported Methods: REST
  • Description: Establishes a mail flow rule to forward emails based on defined criteria, simulating potential malicious redirection.
  • Parameters:
    • auth_type: Authentication type used.
    • method: Uses REST.
    • forward_to: Email address for forwarding.
    • name: Name of the mail flow rule.
Technique Graph EWS REST
read_email X X NA
create_rule X X X
enable_email_forwarding NA NA X
add_folder_permission NA X X
add_mailbox_delegation NA NA X
run_compliance_search NA X NA
create_mailflow NA NA X
Clone this wiki locally