The sub-techniques beta is now live! Read the release blog post for more info.

Discover new exploits and monitor exploit-provider forums

An exploit takes advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer hardware or software. The adversary may need to discover new exploits when existing exploits are no longer relevant to the environment they are trying to compromise. An adversary may monitor exploit provider forums to understand the state of existing, as well as newly discovered, exploits. [1]

ID: T1350
Tactic: Build Capabilities
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Public source external to the defender's organization.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Many public sources exist for this information.

References