Web Proxy Logs

A subject unlawfully accesses copyrighted material, such as pirated media or illegitimate streaming sites.

A subject uses a messaging application to exfiltrate data through messages or uploaded media.

A subject accesses web content that is deemed inappropriate by the organization.

A subject may search for, or otherwise explore an IT Ticketing System to identify sensitive information or to identify credentials or other information which may assist in pivoting to other sources of sensitive information.

A subject can access the web with an organization device.

Private browsing, also known as 'incognito mode' among other terms, is a feature in modern web browsers that prevents the storage of browsing history, cookies, and site data on a subject's device. When private browsing is enabled, it ensures any browsing activity conducted during the browser session is not saved to the browser history or cache.

A subject can use private browsing to conceal their actions in a web browser, such as navigating to unauthorized websites, downloading illicit materials, uploading corporate data or conducting covert communications, thus leaving minimal traces of their browsing activities on a device and frustrating forensic recovery efforts.

A subject interacts with a public Artificial Intelligence (AI) chatbot (such as ChatGPT and xAI Grok), leading to the intentional or unintentional sharing of sensitive information.

A subject engages in web searches that may indicate research or information gathering related to potential infringement or anti-forensic activities. Examples include searching for software that could facilitate data exfiltration, methods for deleting or modifying system logs, or techniques to evade security controls. Such activity could signal preparation for a potential insider event.

A subject deploys a hardware-based remote access device, typically an IP-KVM (Keyboard, Video, Mouse over IP) system, to remotely interact with a workstation or server through its physical interfaces.

These devices connect directly to the system’s video output (HDMI or DisplayPort) and USB ports, capturing the display signal while injecting keyboard and mouse input remotely. The device presents itself to the operating system as standard USB Human Interface Devices (HID), such as a generic keyboard and mouse, allowing the subject to interact with the system as though physically present at the console.

Because the interaction occurs through physical interface emulation rather than installed software, activity generated through the device appears as local console input to the operating system. This can bypass controls designed to detect or restrict software-based remote access tools such as Remote Desktop Protocol (RDP) or third-party remote administration platforms.

Many IP-KVM devices provide independent network connectivity, including Ethernet, Wi-Fi, or cellular access, allowing the subject to maintain remote interaction with the system through an external management interface. When used in this manner, the remote session may not traverse corporate remote access infrastructure or generate conventional remote access/network logs.

While these devices have legitimate uses in system administration, hardware labs, and data center environments, a subject may deploy them covertly to maintain persistent remote access to a system without installing software or triggering typical remote access monitoring or network controls.

Within the Insider Threat Matrix, this behavior represents preparatory activity, as it establishes a covert remote control capability that may later enable unauthorized access, data exfiltration, or system manipulation.

A subject operates within an environment where artificial intelligence (AI) platforms or agents are integrated across multiple enterprise systems, providing centralized access to data, services, or functionality within the organization.

These platforms are typically deployed to support productivity, knowledge retrieval, automation, or decision-making. As part of their implementation, they may be connected to internal repositories, collaboration tools, identity systems, ticketing platforms, or other business-critical services. Integration is often achieved through APIs, service accounts, or enterprise-wide indexing capabilities.

As a result, the AI platform may provide:

• Access to data across multiple repositories through a unified interface.
• The ability to query, summarize, or retrieve information spanning different business functions.
• Integration with systems that enable interaction with internal services or workflows.
• Persistent access to organizational data or systems through configured permissions.

This form of integration creates a consolidated access layer within the environment that differs from standard user interaction patterns. Rather than accessing systems individually, the subject may interact with multiple data sources or services through the AI platform.

In some cases, the scope of access available through the platform may not align precisely with role-based access expectations, particularly where data is aggregated, summarized, or retrieved across systems. The platform may also operate with service account permissions or API-level access that are not directly accessible to the subject through traditional interfaces or individual user access controls, creating a divergence between user-level access and effective access via the platform.

This Section captures the availability of AI platforms that are integrated into the enterprise environment with broad access to data or systems. While deployed for legitimate operational purposes, such platforms may provide expanded capability that can be leveraged by a subject in the course of insider activity.

A subject uses a cloud storage service, such as Dropbox, OneDrive, or Google Drive to exfiltrate data. They will then access that service again on another device to retrieve the data. Examples include (URLs have been sanitized):

• hxxps://www.dropbox[.]com
• hxxps://drive.google[.]com
• hxxps://onedrive.live[.]com
• hxxps://mega[.]nz
• hxxps://www.icloud[.]com/iclouddrive
• hxxps://www.pcloud[.]com

A subject uses a code repository service, such as GitHub, to exfiltrate data. They will then access that service again on another device to retrieve the data. Examples include (URLs have been sanitized):

• hxxps://github[.]com
• hxxps://gitlab[.]com
• hxxps://bitbucket[.]org
• hxxps://sourceforge[.]net
• hxxps://aws.amazon[.]com/codecommit

A subject uses a text storage service, such as Pastebin, to exfiltrate data. They will then access that service again on another device to retrieve the data. Examples include (URLs have been sanitized):

• hxxps://pastebin[.]com
• hxxps://hastebin[.]com
• hxxps://privatebin[.]net
• hxxps://controlc[.]com
• hxxps://rentry[.]co
• hxxps://dpaste[.]org

A subject may use an existing, legitimate external Web service to exfiltrate data.

A subject clears Mozzila Firefox browser artifacts to hide evidence of their activities, such as visited websites, cache, cookies, and download history.

A subject clears Microsoft Edge browser artifacts to hide evidence of their activities, such as visited websites, cache, cookies, and download history.

A subject clears Google Chrome browser artifacts to hide evidence of their activities, such as visited websites, cache, cookies, and download history.

A subject accesses lawful pornographic material from an organization device, contravening internal policies on acceptable use of organization equipment.

A subject accesses unlawful pornographic material from a organization device, contravening internal policies on acceptable use of organization equipment and potentially, the law.

A subject accesses, possesses and/or distributes materials that advocate, promote, or incite unlawful acts of violence intended to further political, ideological or religious aims (terrorism).

A person accesses, possesses, or distributes materials that advocate, promote, or incite extreme ideological, political, or religious views, often encouraging violence or promoting prejudice against individuals or groups.

A subject accesses or participates in online gambling from a corporate device, contravening internal policies on acceptable use of company equipment.

A subject misuses social media platforms to engage in activities that violate organizational policies, compromise security, disclose confidential information, or damage the organization’s reputation. This includes sharing sensitive data, making unauthorized statements, engaging in harassment or bullying, or undertaking any actions that could risk the organization’s digital security or public image.

A subject accesses or participates in web-based online gaming from a corporate device, contravening internal policies on acceptable use of company equipment.

A subject accesses other inappropriate web content from a corporate device, contravening internal policies on acceptable use of company equipment.

A subject exfiltrates information using a web-based messaging application that is accessed through a web browser. They will access the conversation at a later date to retrieve information on a different system.

A subject accesses a website that allows for the unauthorized streaming of copyrighted material.

A subject uses a website or peer-to-peer (P2P) network (such as BitTorrent) to unlawfully distribute copyrighted material.

A subject uses a website or peer-to-peer (P2P) network (such as BitTorrent) to unlawfully download copyrighted material.

A subject can access personal webmail services in a browser.

A subject can access personal cloud storage in a browser.

A subject can access websites containing inappropriate content.

A subject can access external note-taking websites (Such as Evernote).

A subject can access external messenger web-applications with the ability to transmit data and/or files.

A subject can access websites used to access or manage code repositories.

A subject uploads confidential organization data to a note-taking web service, such as Evernote. The subject can then access the confidential data outside of the organization from another device. Examples include (URLs have been sanitized):

• hxxps://www.evernote[.]com
• hxxps://keep.google[.]com
• hxxps://www.notion[.]so
• hxxps://www.onenote[.]com
• hxxps://notebook.zoho[.]com

A subject can access external text storage websites, such as Pastebin.

A subject intentionally submits sensitive information when interacting with a public Artificial Intelligence (AI) chatbot (such as ChatGPT and xAI Grok). They will access the conversation at a later date to retrieve information on a different system.

A subject recklessly interacts with a public Artificial Intelligence (AI) chatbot (such as ChatGPT and xAI Grok), leading to the inadvertent sharing of sensitive information. The submission of sensitive information to public AI platforms risks exposure due to potential inadequate data handling or security practices. Although some platforms are designed not to retain specific personal data, the reckless disclosure could expose the information to unauthorized access and potential misuse, violating data privacy regulations and leading to a loss of competitive advantage through the exposure of proprietary information.

A subject exfiltrates information using a mailbox they own or have access to, either via software or webmail. They will access the conversation at a later date to retrieve information on a different system.

The subject transfers sensitive, proprietary, or classified information into an external generative AI platform through text input, file upload, API integration, or embedded application features. This results in uncontrolled data exposure to third-party environments outside organizational governance, potentially violating confidentiality, regulatory, or contractual obligations.

Characteristics

• Involves manual or automated transfer of sensitive data through:
• Web-based AI interfaces (e.g., ChatGPT, Claude, Gemini).
• Upload of files (e.g., PDFs, DOCX, CSVs) for summarization, parsing, or analysis.
• API calls to generative AI services from scripts or third-party SaaS integrations.
• Embedded AI features inside productivity suites (e.g., Copilot in Microsoft 365, Gemini in Google Workspace).
• Subjects may act with or without malicious intent—motivated by efficiency, convenience, curiosity, or deliberate exfiltration.
• Data transmitted may be stored, cached, logged, or used for model retraining, depending on provider-specific terms of service and API configurations.
• Exfiltration through generative AI channels often evades traditional DLP (Data Loss Prevention) patterns due to novel data formats, variable input methods, and encrypted traffic.

Example Scenario

A subject copies sensitive internal financial projections into a public generative AI chatbot to "optimize" executive presentation materials. The AI provider, per its terms of use, retains inputs for service improvement and model fine-tuning. Sensitive data—now stored outside corporate control—becomes vulnerable to exposure through potential data breaches, subpoena, insider misuse at the service provider, or future unintended model outputs.

A subject uses a cloud collaboration platform, such as Slack, Google Docs, Atlassian Confluence, or Microsoft 365 Online, to exfiltrate data. They will then access that service again on another device to retrieve the data. Examples include (URLs have been sanitized):

• hxxps://docs.google[.]com
  hxxps://*.slack[.]com (* represents a wildcard, where a workspace name would be present)
  hxxps://word.cloud[.]microsoft
  hxxps://excel.cloud[.]Microsoft
• hxxps://powerpoint.cloud[.]Microsoft
• hxxps://*.atlassian[.]net/wiki/ (* represents a wildcard, where a workspace name would be present)

The subject installs browser extensions on a managed device that have not been approved, vetted, or distributed via sanctioned organizational channels. These may include productivity tools, automation agents, data scrapers, content manipulators, or AI-enhanced interfaces. Installations typically originate from GitHub repositories, private developer sites, shared file storage, or sideloading tools that bypass enterprise browser controls.

Unapproved extensions introduce unmonitored execution environments directly into the subject’s browser, enabling silent access to sensitive web applications, stored credentials, and internal content. Many request expansive permissions (e.g., webRequest, cookies, tabs, clipboardRead) and operate with persistent background scripts that are difficult to detect through normal endpoint monitoring.

This behavior violates Acceptable Use Policies and, depending on the extension’s behavior, may also constitute unauthorized access, data exfiltration, or malware introduction. Some extensions—particularly those hosted on GitHub or distributed through Telegram groups or developer forums—have been found to contain obfuscated payloads, embedded credential harvesters, or cryptojacking modules.

Examples include:

• Installing a GitHub-hosted ChatGPT sidebar extension that silently logs visited URLs and API keys used in developer consoles.
• Deploying a YouTube downloader that injects scripts for ad click fraud or SEO manipulation.
• Using a browser extension to auto-fill forms with personal data, which transmits data to offshore analytics servers.
• Loading unpacked or custom extensions that disguise themselves as utilities but include base64-encoded malware installers.

While subjects may initially claim curiosity or productivity needs, repeated installation of unapproved extensions—especially after prior enforcement—may indicate normalization of risky behavior or active circumvention of controls.

The subject initiates or facilitates a denial of service attack targeting public-facing organizational services, such as corporate websites, client portals, or externally accessible APIs, through external means. This may include direct volumetric attacks, abuse of known application logic weaknesses, or orchestration of resource exhaustion via cloud interfaces or third-party integrations. In some cases, the subject may coordinate with external actors to mask attribution, prolong disruption, or cause reputational damage.

The subject deploys credential-harvesting malware (commonly referred to as an infostealer) to extract sensitive authentication material or session artifacts from systems under their control. These payloads are typically configured to capture data from browser credential stores (e.g., Login Data SQLite databases in Chromium-based browsers), password vaults (e.g., KeePass, 1Password), clipboard buffers, Windows Credential Manager, or the Local Security Authority Subsystem Service (LSASS) memory space.

Infostealers may be executed directly via compiled binaries, staged through malicious document macros, or loaded reflectively into memory using PowerShell, .NET assemblies, or process hollowing techniques. Some variants are fileless and reside entirely in memory, while others create persistence via registry keys (e.g., HKCU\Software\Microsoft\Windows\CurrentVersion\Run) or scheduled tasks.

While often associated with external threat actors, insider deployment of infostealers allows subjects to bypass authentication safeguards, impersonate peers, or exfiltrate internal tokens for later use or sale. In cases where data is not immediately exfiltrated, local staging (e.g., in %AppData%, %Temp%, or encrypted containers) may indicate an intent to transfer data offline or deliver it via alternate channels.

The subject deploys software designed to record keystrokes entered on an endpoint to capture credentials, sensitive communications, internal documentation, or intellectual property. Keyloggers may be introduced as standalone binaries, embedded within otherwise legitimate tools, or configured through dual-use frameworks (e.g. C++ dropper with keylogging module). In insider scenarios, the deployment is typically local and deliberate, leveraging the subject’s physical access or assigned privileges to bypass existing controls.

Keyloggers operate in one of several modes:

• Kernel-based: Install drivers or hook low-level keyboard input APIs (e.g. Kbdclass.sys) to intercept inputs pre-OS.
• User-mode: Hook Windows APIs (SetWindowsHookEx, GetAsyncKeyState, GetForegroundWindow) to log input tied to active processes or windows.
• Form grabbers: Intercept browser or GUI form submissions, often bypassing SSL/TLS encryption by logging data pre-submission.
• Clipboard and screen scrapers: Supplement keylogging with capture of copied content and screenshots for contextual awareness.

Captured data is typically stored in encrypted local files (e.g. %TEMP%, %APPDATA%, or hidden directories), periodically exfiltrated via email, FTP, HTTP POST, or external storage.

The subject deploys a Remote Access Tool (RAT): a software implant that provides covert, persistent remote control of an endpoint or server—enabling continued unauthorized access, monitoring, or post-employment re-entry. Unlike sanctioned remote administration platforms, RATs are deployed without organizational oversight and are often configured to obfuscate their presence, evade detection, or blend into legitimate activity.

RATs deployed by insiders may be off-the-shelf tools (e.g. njRAT, Quasar, Remcos), lightly modified open-source frameworks (e.g. Havoc, Pupy), or commercial-grade products repurposed for unsanctioned use (e.g. AnyDesk, TeamViewer in stealth mode). 

Functionality typically includes:

• Full GUI or shell access
• File system interaction
• Screenshot and webcam capture
• Credential harvesting
• Process and registry manipulation
• Optional keylogging and persistence modules

Deployment methods include manual installation, script-wrapped droppers, DLL side-loading, or execution via LOLBins (mshta, rundll32). Persistence is typically achieved through scheduled tasks, registry run keys, or disguised service installations. In some cases, the RAT may be configured to activate only during specific windows or respond to remote beacons, reducing exposure to detection.

The subject uploads organizational data to a personal or unauthorized file-sharing platform (e.g., Dropbox, Google Drive, WeTransfer, MEGA, or similar) to remove it from controlled environments. This technique is commonly used to bypass endpoint restrictions, avoid detection by traditional DLP systems, and facilitate remote access to stolen data. Uploads may occur through browser sessions, desktop clients, or command-line tools, depending on the sophistication of the subject and the controls in place.

Investigators should evaluate whether the data transferred was sensitive, proprietary, or otherwise restricted, and assess whether the subject attempted to conceal or stage the transfer using obfuscation or anti-forensics techniques.

A subject has access to an artificial intelligence (AI) platform that aggregates data from multiple internal systems and presents it through a unified interface, where access controls are insufficiently enforced or misaligned with underlying role-based access restrictions.

These platforms are typically configured to index, query, or retrieve information from enterprise repositories such as file storage systems, collaboration platforms, knowledge bases, and internal documentation systems. Data from these sources may be combined, summarized, or surfaced in response to a single query.

In some implementations, the platform aggregates data across repositories without consistently applying the access controls of the underlying systems. As a result, information may be surfaced through the AI interface that the subject would not ordinarily access through direct interaction with those systems.

The AI platform may provide:

• Cross-repository search and retrieval spanning multiple data sources.
• Summarized or consolidated outputs derived from restricted or segmented repositories.
• Correlation of information across business functions or sensitivity domains.
• Visibility into data that is not directly accessible through standard user interfaces.

This access model creates a divergence between the subject’s direct access permissions and the information available to them through the AI platform. Data that is distributed, restricted, or contextually separated within underlying systems may be surfaced together through aggregated queries.

The presence of aggregated data access with insufficiently constrained access controls provides the subject with a means to obtain information beyond their intended role-based scope, particularly where enterprise-wide indexing or broad query capabilities are implemented.

A subject has access to an artificial intelligence (AI) platform that is integrated with internal systems and capable of interacting with those systems through APIs, service accounts, automation frameworks, or agent interaction protocols (e.g., Model Context Protocol (MCP)), where the platform operates with permissions or capabilities that exceed typical user-level access controls.

These platforms are connected to enterprise systems such as identity services, ticketing platforms, communication tools, file storage systems, and other operational applications. Integration enables the platform to execute actions, retrieve data, or interact with system functionality on behalf of the user.

In some implementations, the platform is granted broad or persistent permissions to support automation and cross-system functionality. These permissions may not align precisely with the subject’s role-based access and may allow the platform to perform actions or retrieve data beyond what the subject could achieve through direct interaction with the underlying systems.

The AI platform may:

• Execute actions against internal systems through API integrations.
• Operate using service accounts with elevated or persistent privileges.
• Trigger workflows or automation processes across multiple systems.
• Interact with system functionality outside standard user interfaces.
• Perform actions or retrieve data using permissions not directly available to the subject.

This interaction model creates a divergence between the subject’s direct capabilities and the effective capabilities available through the AI platform. Actions that would normally require elevated access, multi-system coordination, or additional authorization may be performed through the platform’s integrated functionality.

The presence of AI platforms with system interaction capability and insufficiently constrained permissions provides the subject with a means to interact with internal systems and services beyond their intended role-based authority.