chg: [o365-exchange-techniques] Persistence kill-chain added (WiP)

2019-05-12 17:54:53 +02:00 · 2019-05-12 17:54:53 +02:00 · ee0f793e49
parent 3a75c6a3df
commit ee0f793e49
1 changed files with 60 additions and 0 deletions
--- a/clusters/o365-exchange-techniques.json
+++ b/clusters/o365-exchange-techniques.json
@ -189,6 +189,66 @@
      },
      "uuid": "cf8df948-0332-4ec7-94f3-3f6d54bbcbb9",
      "value": "On-Prem Exchange - Bruteforce of Autodiscover: SensePost Ruler"
+    },
+    {
+      "description": "O365 - Add Mail forwarding rule",
+      "meta": {
+        "kill_chain": [
+          "tactics:Persistence"
+        ]
+      },
+      "uuid": "80308e39-11e9-45b2-b6d2-f13f3de509ab",
+      "value": "O365 - Add Mail forwarding rule"
+    },
+    {
+      "description": "O365 - Add Global admin account",
+      "meta": {
+        "kill_chain": [
+          "tactics:Persistence"
+        ]
+      },
+      "uuid": "a9c1f718-b9bf-4efc-9fa1-852b6c93f725",
+      "value": "O365 - Add Global admin account"
+    },
+    {
+      "description": "O365 - Delegate Tenant Admin",
+      "meta": {
+        "kill_chain": [
+          "tactics:Persistence"
+        ]
+      },
+      "uuid": "80308e39-11e9-45b2-b6d2-f13f3de509ab",
+      "value": "O365 - Delegate Tenant Admin"
+    },
+    {
+      "description": "End Point - Persistence throught Outlook Home Page: SensePost Ruler",
+      "meta": {
+        "kill_chain": [
+          "tactics:Persistence"
+        ]
+      },
+      "uuid": "708790c8-3e6f-4dd3-8f89-0651ef71dfe0",
+      "value": "End Point - Persistence throught Outlook Home Page: SensePost Ruler"
+    },
+    {
+      "description": "End Point - Persistence throught custom Outlook form",
+      "meta": {
+        "kill_chain": [
+          "tactics:Persistence"
+        ]
+      },
+      "uuid": "aadc2552-97db-419c-a414-5c1f862d38ef",
+      "value": "End Point - Persistence throught custom Outlook form"
+    },
+    {
+      "description": "End Point - Create Hidden Mailbox Rule",
+      "meta": {
+        "kill_chain": [
+          "tactics:Persistence"
+        ]
+      },
+      "uuid": "d023f254-466b-436b-acfd-beea54c323b1",
+      "value": "End Point - Create Hidden Mailbox Rule"
    }
  ],
  "version": 1