Determine physical locations
|Determine physical locations|
|Tactic||Organizational Information Gathering|
Physical locality information may be used by an adversary to shape social engineering attempts (language, culture, events, weather, etc.) or to plan for physical actions such as dumpster diving or attempting to access a facility.1
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: Most corporations now list their locations on public facing websites. Some challenge still exists to find covert or sensitive locations.
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: Adversary searches publicly available sources that list physical locations that cannot be monitored by a defender or are not necessarily monitored (e.g., all IP addresses touching their public web space listing physical locations).