View MITRE-ATTACK on GitHub

Techniques

Tactic1 - Reconnaissance

number Technique Sub-Techqniue Detection How to do
1 Active Scanning Scanning IP Blocks single source multiple dests nmap, netdiscover or other tools
2 Vulnerability Scanning malicious user-agents openvas, nessus, nmap, acunetix, ...
3 Gather Victim Host Information Hardware Not possible active direct scan or phishing
4 Software Not possible active direct scan or phishing
5 Firmware Not possible active direct scan or phishing
6 Client Configurations Not possible active direct scan or phishing
7 Gather Victim Identity Information Credentials Not possible Leaked DBs, phishing, compromise sites, keyloggers, ...
8 Email Addresses Not Possible OSINT, Leaked DBs, Social Medias
9 Employee Names Not Possible OSINT, Leaked DBs, Social Medias
10 Gather Victim Network Information Domain Properties Not Possible
11 DNS Not Possible
12 Network Trust Dependencies Not Possible
13 Network Topology Not Possible
14 IP Addresses Not Possible
15 Network Security Appliances Not Possible
16 Gather Victim Org Information Business Relationships Not Possible
17 Determine Physical Locations Not Possible
18 Identify Business Tempo Not Possible
19 Identify Roles Not Possible
20 Phishing for Information Spearphishing Service Not Possible
21 Spearphishing Attachment Check emails / attachments
22 Spearphishing Link Check emails / links
23 Search Closed Sources Threat Intel Vendors Not Possible
24 Purchase Technical Data Not Possible
25 Search Open Technical Databases WHOIS Not Possible
26 DNS/Passive DNS Not Possible
27 Digital Certificates Not Possible
28 CDNs Not Possible
29 Scan Databases Not Possible
30 Search Open Websites/Domains Social Media Not Possible
31 Search Engines Not Possible
32 Search Victim-Owned Websites - Not Possible