.. / Zix Secure Messaging

Enterprise tool to compose, receive, view, reply to, and forward encrypted messages over the internet.


Data Exfiltration

Steps to exfiltrate data using day-to-day enterprise tooling
		    Attempt to locate the zix secure messaging portal for the organization and check to see if you have the ability to register an account. Register an account with a custom email that looks like it could actually belong to an employee. Zip any files you want to exfiltrate from the workstation. Compose a new message, and address it to an employee that doesnt actually exist in the system. You can now retrieve the files on a different device by logging in and viewing the sent mail tab.
Usecase: Exfiltrating data in heavily monitored environments
Privileges required: None


Steps to setup an account and download your malware by a whitelisted solution.
		    Register a zix secure messaging account for the company. Upload a zip-encrypted archive with your payload in it. Compose a new message and send it to an employee that doesnt exist. Login from the victim host machine, download, unzip, and execute the payload.
Usecase: Leveraging external tooling for proxy inspection bypass
Privileges required: None


Steps to attempt phishing with tools recognized/allowed by the company
		    Register a zix secure messaging account using multiple employee email addresses. Save all of the emails and passwords registered. If an employee clicks the approve button, youll now have their newly registered account to use for whitelisted phishing.
Usecase: Whitelisted phishing since Zix will probably be allowed if the company uses it
Privileges required: User interaction/User
MITRE ATT&CK®: T1566.003