# MAAD-AF Mailbox Forwarding

This module allows attackers to setup mail forwarding rules on a mailbox within 
Exchange Online to forward emails to an external adversary-controlled mailbox. 
Setting mail forwarding rules allows an attacker to maintain access to 
organizational information, even if the account access is discovered.

## Module Overview - DRAFT

**NOTE TO ENABLEMENT TEAM:** We may need to find a more sustainable example to
use for lab users and adjust the verbiage below accordingly.

1. From the main Attack Arsenal menu, enter `7` for `Setup Mailbox Forwarding
   for Continuous Exfiltration`.  Read through the MITRE information, and press 
   `<Enter>` to continue.

2. Follow the on-screen prompts in MAAD-AF and set up the following mail
   forwarding rule:

   - Mailbox: `Michael Scott`
   - Forwarding Destination: `your_vectra_email`

6. MAAD-AF will prompt the user to undo the actions just created.  Select `No`
   for the purposes of this exercise.

## Validation

Enter the full email address for the mailbox that mail forwarding was configured
on.