Determine physical locations

From pre-attack
Jump to: navigation, search


Determine physical locations
Technique
ID PRE-T1059
Tactic Organizational Information Gathering

Definition

Physical locality information may be used by an adversary to shape social engineering attempts (language, culture, events, weather, etc.) or to plan for physical actions such as dumpster diving or attempting to access a facility.1

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Most corporations now list their locations on public facing websites. Some challenge still exists to find covert or sensitive locations.

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Adversary searches publicly available sources that list physical locations that cannot be monitored by a defender or are not necessarily monitored (e.g., all IP addresses touching their public web space listing physical locations).