Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

MITRE ATT&CK Framework > 1- Reconnaissance > Flashcards

1- Reconnaissance Flashcards

1
Q

1- Reconnaissance

10 techniques

A 
1- Active Scanning
2- Gather Victim Host Information
3- Gather Victim Identity Information
4- Gather Victim Network Information
5- Gather Victim Org Information
6- Phishing for Information
7- Search Closed Sources
8- Search Open Technical Databases
9- Search Open Websites/Domains
10- Search Victim-Owned Websites
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

1.1- Active Scanning

T1595

A

1- Scanning IP blocks
2- Vulnerability scanning

M1056 - Pre-compromise
Platforms: PRE
Data Sources:
(1) Network Traffic: Network Traffic Flow
(2) Network Traffic: Network Traffic Content

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

1.2- Gather Victim Host Information

T1592

A

1- Hardware
2- Software
3- Firmware
4- Client Configurations

M1056 - Pre-compromise
Platforms: PRE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

1.3 - Gather Victim Identity Information

A

1- Credentials
2- Email Addresses
3- Employee Names

G0050 - APT32
M1056 - Pre-compromise
Platforms: PRE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

1.4 - Gather Victim Network Information

A 
1- Domain Properties
2- DNS
3- Network Trust Dependencies
4- Network Topology
5- IP Addresses
6- Network Security Appliances

G0125 - HAFNIUM
M1056 - Pre-compromise
Platforms: PRE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

1.5 - Gather Victim Org Information

A

1- Determine Physical Locations
2- Business Relationships
3- Identify Business Tempo
4- Identify Roles

M1056 - Pre-compromise
Platforms: PRE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

1.6 - Phishing for Information

A

1- Spearphishing Service
2- Spearphishing Attachment
3- Spearphishing Link

G0007 - APT28
G0128 - ZIRCONIUM
M1054 - Software Configuration (DMARC)
M1017 - User Training
Platforms: PRE

Data Sources:

(1) Application Log: Application Log Content
(2) Network Traffic: Network Traffic Content
(3) Network Traffic: Network Traffic Flow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

1.7 - Search Closed Sources

A

1- Threat Intel Vendors
2- Purchase Technical Data

M1056 - Pre-compromise
Platforms: PRE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

1.8 - Search Open Technical Databases

A 
1- DNS/Passive DNS
2- WHOIS
3- Digital Certificates
4- CDNs
5- Scan Databases

M1056 - Pre-compromise
Platforms: PRE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

1.9 - Search Open Websites/Domains

A

1- Social Media
2- Search Engines

G0034 - Sandworm Team
M1056 - Pre-compromise
Platforms: PRE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

1.10 - Search Victim-Owned Websites

A

G0034 - Sandworm Team
G0122 - Silent Librarian
M1056 - Pre-compromise
Platforms: PRE

Data Sources:
(1) Application Log: Application Log Content

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

MITRE ATT&CK Framework (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions