Analyze application security posture
An adversary can probe a victim's network to determine configurations. The configurations may provide opportunities to route traffic through the network in an undetected or less detectable way.  
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: This can be done offline after the data has been collected.
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: Analyze technical scanning results to identify weaknesses in the configuration or architecture. Many of the common tools highlight these weakness automatically (e.g., software security scanning tools or published vulnerabilities about commonly used libraries).
- Brooks Li. (2014, December 17). What’s New in Exploit Kits in 2014. Retrieved March 6, 2017.
- Mark Poole. (2015, January 27). GHOST vulnerability (CVE-2015-0235) in popular Linux library glibc allows remote code execution. Retrieved March 6, 2017.