Analyze data collected
An adversary will assess collected information such as software/hardware versions, vulnerabilities, patch level, etc. They will analyze technical scanning results to identify weaknesses in the confirmation or architecture.    
Tactic: Technical Weakness Identification
DetectionDetectable by Common Defenses (Yes/No/Partial): No
Explanation: This can be done offline after the data has been collected.
Difficulty for the AdversaryEasy for the Adversary (Yes/No): Yes
Explanation: Many of the common tools highlight these weaknesses automatically. Adversary can "dry run" against the target using known exploits or burner devices to determine key identifiers of software, hardware, and services.
- Jamal Raiyn. (2014). A survey of Cyber Attack Detection Strategies. Retrieved March 5, 2017.
- H. P. Sanghvi and M. S. Dahiya. (2013, February). Cyber Reconnaissance: An Alarm before Cyber Attack. Retrieved March 5, 2017.
- Rotem Kerner. (2015, October). RECONNAISSANCE: A Walkthrough of the “APT” Intelligence Gathering Process. Retrieved March 1, 2017.
- FireEye, Inc. (2014). APT 28: A Window into Russia’s Cyber Espionage Operations?. Retrieved March 1, 2017.