Preparation
Archive Data
Boot Order Manipulation
CCTV Enumeration
Circumventing Security Controls
Data Obfuscation
Data Staging
Device Mounting
Email Collection
External Media Formatting
File Download
File Exploration
Increase Privileges
IT Ticketing System Exploration
Network Scanning
Physical Disk Removal
Physical Exploration
Physical Item Smuggling
Private / Incognito Browsing
Read Windows Registry
Remote Desktop (RDP) Access on Windows Systems
Security Software Enumeration
Social Engineering (Outbound)
Software Installation
- Installing Browser Extensions
- Installing Browsers
- Installing Cloud Storage Applications
- Installing FTP Clients
- Installing Messenger Applications
- Installing Note-Taking Applications
- Installing RDP Clients
- Installing Screen Sharing Software
- Installing SSH Clients
- Installing Virtual Machines
- Installing VPN Applications
Software or Access Request
Suspicious Web Browsing
Testing Ability to Print
- ID: PR018.003
- Created: 23rd July 2024
- Updated: 08th April 2025
- Platforms: Windows, Linux, MacOS,
- Contributor: The ITM Team
Unauthorized Manipulation of Anti-Virus Exclusions
A subject abuses their access or conducts unapproved changes to set exclusions within an anti-virus solution, allowing known malicious files to be executed from a specified location on disk.
Prevention
| ID | Name | Description |
|---|---|---|
| PV033 | Native Anti-Tampering Protections | Commercial security software may include native anti-tampering protections that prevent attempts to interfere with its operations, such as deleting or renaming required files. |
| PV002 | Restrict Access to Administrative Privileges | The Principle of Least Privilege should be enforced, and period reviews of permissions conducted to ensure that accounts have the minimum level of access required to complete duties as per their role. |