The sub-techniques beta is now live! Read the release blog post for more info.

Analyze architecture and configuration posture

An adversary may analyze technical scanning results to identify weaknesses in the configuration or architecture of a victim network. These weaknesses could include architectural flaws, misconfigurations, or improper security controls. [1]

ID: T1288
Tactic: Technical Weakness Identification
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: This can be done offline after the data has been collected.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Many of the common tools highlight these weakness automatically.


  1. FireEye, Inc. (2014). APT 28: A Window into Russia’s Cyber Espionage Operations?. Retrieved March 1, 2017.