The sub-techniques beta is now live! Read the release blog post for more info.

Network Service Scanning

Adversaries may attempt to get a listing of services running on remote hosts, including those that may be vulnerable to remote software exploitation. Methods to acquire this information include port scans and vulnerability scans from the mobile device. This technique may take advantage of the mobile device's access to an internal enterprise network either through local connectivity or through a Virtual Private Network (VPN).

ID: T1423
Tactic Type: Post-Adversary Device Access
Tactic: Discovery
Platform: Android, iOS
Version: 1.0
Created: 25 October 2017
Last Modified: 17 October 2018

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.