Research relevant vulnerabilities/CVEs
Common Vulnerability Enumeration (CVE) is a dictionary of publicly known information about security vulnerabilities and exposures. An adversary can use this information to target specific software that may be vulnerable.  
Tactic: Technical Weakness Identification
DetectionDetectable by Common Defenses (Yes/No/Partial): No
Explanation: Public source external to the defender's organization.
Difficulty for the AdversaryEasy for the Adversary (Yes/No): Yes
Explanation: Using standard headers/fingerprints from normal traffic, it is often trivial to identify the SW or HW the target is running, which can be correlated against known CVEs and exploit packages.
- Jack Smith IV. (2015, January 22). Pentagon Chief Weapons Tester: Almost All Military Programs Vulnerable to Cyber-Attacks. Retrieved March 5, 2017.
- Kaspersky Lab's Global Research & Analysis Team. (2015, February). CARBANAK APT THE GREAT BANK ROBBERY. Retrieved March 27, 2017.