The sub-techniques beta is now live! Read the release blog post for more info.

Research relevant vulnerabilities/CVEs

Common Vulnerability Enumeration (CVE) is a dictionary of publicly known information about security vulnerabilities and exposures. An adversary can use this information to target specific software that may be vulnerable. [1] [2]

ID: T1291
Tactic: Technical Weakness Identification
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Public source external to the defender's organization.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Using standard headers/fingerprints from normal traffic, it is often trivial to identify the SW or HW the target is running, which can be correlated against known CVEs and exploit packages.


  1. Jack Smith IV. (2015, January 22). Pentagon Chief Weapons Tester: Almost All Military Programs Vulnerable to Cyber-Attacks. Retrieved March 5, 2017.
  1. Kaspersky Lab's Global Research & Analysis Team. (2015, February). CARBANAK APT THE GREAT BANK ROBBERY. Retrieved March 27, 2017.