Analyze application security posture

An adversary can probe a victim's network to determine configurations. The configurations may provide opportunities to route traffic through the network in an undetected or less detectable way. [1] [2]

ID: T1293

Tactic: Technical Weakness Identification

Version: 1.0

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: This can be done offline after the data has been collected.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Analyze technical scanning results to identify weaknesses in the configuration or architecture. Many of the common tools highlight these weakness automatically (e.g., software security scanning tools or published vulnerabilities about commonly used libraries).

References

  1. Brooks Li. (2014, December 17). What’s New in Exploit Kits in 2014. Retrieved March 6, 2017.
  1. Mark Poole. (2015, January 27). GHOST vulnerability (CVE-2015-0235) in popular Linux library glibc allows remote code execution. Retrieved March 6, 2017.