Reconnaissance

MITRE | ATT&CK (TA0043) - Enterprise  10 techniques

1. Active Scanning (T1595) - Active Scanning (T1595) - Nmap

2. Gather Victim Host Information (T1592) - Pre-compromise (M1056), Internet Scan (DS0035) - Shodan

3. Gather Victim Identity Information (T1589) - Pre-compromise (M1056), Network Traffic (DS0029) - Shodan, Wireshark, Nmap

4. Gather Victim Network Information (T1590) - Pre-compromise (M1056) - Nmap, Nessus 

5. Gather Victim Org Information (T1591) - Pre-compromise (M1056) - OSINT, Social Media

6. Phishing for Information (T1598) - Network Traffic (DS0029) - Wireshark

7. Search Closed Sources (T1597) - Pre-compromise (M1056) - SQL injection

8. Search Open Technical Databases (T1596) - Pre-compromise (M1056) - SQL injection

9. Search Open Websites/Domains (T1593) - Pre-compromise (M1056) - SQL injection, Maltego - Cyber Investigation

10. Search Victim-Owned Websites (T1594) - Pre-compromise (M1056) - OSINT, SpiderFoot - OSINT tool, SpiderFootHX - OSINT tool

References

Miter Att&ck.  (n.d.) . Enterprise Matrix. Retrieved May 30, 2024, https://attack.mitre.org/matrices/enterprise/