The sub-techniques beta is now live! Read the release blog post for more info.

Organizational Weakness Identification

Organizational weakness identification consists of identifying and analyzing weaknesses and vulnerabilities from the intelligence gathering phases which can be leveraged to gain access to target or intermediate target organizations of interest.

ID: TA0020
Created: 17 October 2018
Last Modified: 17 October 2018


Techniques: 6
ID Name Description
T1301 Analyze business processes

Business processes, such as who typically communicates with who, or what the supply chain is for a particular part, provide opportunities for social engineering or other

T1300 Analyze organizational skillsets and deficiencies

Analyze strengths and weaknesses of the target for potential areas of where to focus compromise efforts.

T1303 Analyze presence of outsourced capabilities

Outsourcing, the arrangement of one company providing goods or services to another company for something that could be done in-house, provides another avenue for an adversary to target. Businesses often have networks, portals, or other technical connections between themselves and their outsourced/partner organizations that could be exploited. Additionally, outsourced/partner organization information could provide opportunities for phishing.

T1299 Assess opportunities created by business deals

During mergers, divestitures, or other period of change in joint infrastructure or business processes there may be an opportunity for exploitation. During this type of churn, unusual requests, or other non standard practices may not be as noticeable.

T1302 Assess security posture of physical locations

Physical access may be required for certain types of adversarial actions.

T1298 Assess vulnerability of 3rd party vendors

Once a 3rd party vendor has been identified as being of interest it can be probed for vulnerabilities just like the main target would be.