M365-SHAREPOINT-LEAKCollection

SharePoint / OneDrive External Sharing

Open / anyone-with-link sharing leaves company files publicly indexable — recon via Bing / Grayhat Warfare.

§ Where this technique fits

M365-SHAREPOINT-LEAK is catalogued under the Collection tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 2 on average.

§ Dossiers chaining this technique

SharePoint / OneDrive public link enumeration → data dump
Bing / Grayhat Warfare reveals corporate SharePoint files shared 'with anyone' — financial docs, contracts, credentials in plaintext, etc.
step 2 / 4

§ What commonly comes next

01
Exfiltration Over C2 Channel
T1041 · Exfiltration
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

SharePoint / OneDrive public link enumeration → data dump

§ What commonly comes next