Analyze hardware/software security defensive capabilities

An adversary can probe a victim's network to determine configurations. The configurations may provide opportunities to route traffic through the network in an undetected or less detectable way. [1]

ID: T1294

Tactic: Technical Weakness Identification

Version: 1.0

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: This can be done offline after the data has been collected.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Analyze network traffic to determine security filtering policies, packets dropped, etc.

References

  1. InfoSec Institute. (2014, June 19). What You Must Know About OS Fingerprinting. Retrieved March 1, 2017.