Discovery consists of techniques an adversary may use to gain knowledge about the system structure and implementation or configuration. These techniques can help adversaries to observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what is around their entry point in order to discover how it could benefit their current objective.
ID | Name | Description | |
T2032 | Key Management Policy Discovery | Adversaries may try to gather information about Key Management Policy implemented. Security Policies are rules and regulations that describe the operational procedures required for proper key management. This includes the specification of rules for processes such as generation, distribution, and allowed use for cryptographic keys. | |
T2034 | Spacecraft's Components Discovery | Adversaries may try to gather information about Components of the Spacecraft, monitoring internal communication, actively communicating with the system, or from internal registries or configurations. | |
T1007 | System Service Discovery | Adversaries may try to gather information about registered local system services. Adversaries may obtain information about services using tools as well as OS utility commands.Adversaries may use the information from System Service Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions. | |
T2033 | Trust Relationships Discovery | Adversaries may try to gather information about Trust Relationships with other companies or organizations. |