Analyze architecture and configuration posture

An adversary may analyze technical scanning results to identify weaknesses in the configuration or architecture of a victim network. These weaknesses could include architectural flaws, misconfigurations, or improper security controls. [1]

ID: T1288

Tactic: Technical Weakness Identification

Version: 1.0

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: This can be done offline after the data has been collected.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Many of the common tools highlight these weakness automatically.

References

  1. FireEye, Inc. (2014). APT 28: A Window into Russia’s Cyber Espionage Operations?. Retrieved March 1, 2017.