Trusted Design戦術「Discovery」に関連する攻撃手法(Technique)の一覧です。
| Technique ID | Name | Description |
|---|---|---|
| T1007 | System Service Discovery | Adversaries may try to gather information about registered local system services. Adversaries may obtain information abo… |
| T1010 | Application Window Discovery | Adversaries may attempt to get a listing of open application windows. Window listings could convey information about how… |
| T1012 | Query Registry | Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed … |
| T1016 | System Network Configuration Discovery | Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of syste… |
| T1016.001 | Internet Connection Discovery | Adversaries may check for Internet connectivity on compromised systems. This may be performed during automated discovery… |
| T1016.002 | Wi-Fi Discovery | Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems… |
| T1018 | Remote System Discovery | Adversaries may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a netw… |
| T1033 | System Owner/User Discovery | Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system… |
| T1046 | Network Service Discovery | Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, i… |
| T1049 | System Network Connections Discovery | Adversaries may attempt to get a listing of network connections to or from the compromised system they are currently acc… |
| T1057 | Process Discovery | Adversaries may attempt to get information about running processes on a system. Information obtained could be used to ga… |
| T1063 | Security Software Discovery | Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are ins… |
| T1069 | Permission Groups Discovery | Adversaries may attempt to discover group and permission settings. This information can help adversaries determine which… |
| T1069.001 | Local Groups | Adversaries may attempt to find local system groups and permission settings. The knowledge of local system permission gr… |
| T1069.002 | Domain Groups | Adversaries may attempt to find domain-level groups and permission settings. The knowledge of domain-level permission gr… |
| T1069.003 | Cloud Groups | Adversaries may attempt to find cloud groups and permission settings. The knowledge of cloud permission groups can help … |
| T1082 | System Information Discovery | An adversary may attempt to get detailed information about the operating system and hardware, including version, patches… |
| T1083 | File and Directory Discovery | Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certa… |
| T1087 | Account Discovery | Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compro… |
| T1087.001 | Local Account | Adversaries may attempt to get a listing of local system accounts. This information can help adversaries determine which… |
| T1087.002 | Domain Account | Adversaries may attempt to get a listing of domain accounts. This information can help adversaries determine which domai… |
| T1087.003 | Email Account | Adversaries may attempt to get a listing of email addresses and accounts. Adversaries may try to dump Exchange address l… |
| T1087.004 | Cloud Account | Adversaries may attempt to get a listing of cloud accounts. Cloud accounts are those created and configured by an organi… |
| T1120 | Peripheral Device Discovery | Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer s… |
| T1124 | System Time Discovery | An adversary may gather the system time and/or time zone settings from a local or remote system. The system time is set … |
| T1135 | Network Share Discovery | Adversaries may look for folders and drives shared on remote systems as a means of identifying sources of information to… |
| T1201 | Password Policy Discovery | Adversaries may attempt to access detailed information about the password policy used within an enterprise network or cl… |
| T1217 | Browser Information Discovery | Adversaries may enumerate information about browsers to learn more about compromised environments. Data saved by browser… |
| T1482 | Domain Trust Discovery | Adversaries may attempt to gather information on domain trust relationships that may be used to identify lateral movemen… |
| T1518 | Software Discovery | Adversaries may attempt to get a listing of software and software versions that are installed on a system or in a cloud … |
| T1518.001 | Security Software Discovery | Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are ins… |
| T1518.002 | Backup Software Discovery | Adversaries may attempt to get a listing of backup software or configurations that are installed on a system. Adversarie… |
| T1526 | Cloud Service Discovery | An adversary may attempt to enumerate the cloud services running on a system after gaining access. These methods can dif… |
| T1538 | Cloud Service Dashboard | An adversary may use a cloud service dashboard GUI with stolen credentials to gain useful information from an operationa… |
| T1580 | Cloud Infrastructure Discovery | An adversary may attempt to discover infrastructure and resources that are available within an infrastructure-as-a-servi… |
| T1613 | Container and Resource Discovery | Adversaries may attempt to discover containers and other resources that are available within a containers environment. O… |
| T1614 | System Location Discovery | Adversaries may gather information in an attempt to calculate the geographical location of a victim host. Adversaries m… |
| T1614.001 | System Language Discovery | Adversaries may attempt to gather information about the system language of a victim in order to infer the geographical l… |
| T1615 | Group Policy Discovery | Adversaries may gather information on Group Policy settings to identify paths for privilege escalation, security measure… |
| T1619 | Cloud Storage Object Discovery | Adversaries may enumerate objects in cloud storage infrastructure. Adversaries may use this information during automated… |
| T1652 | Device Driver Discovery | Adversaries may attempt to enumerate local device drivers on a victim host. Information about device drivers may highlig… |
| T1654 | Log Enumeration | Adversaries may enumerate system and service logs to find useful data. These logs may highlight various types of valuabl… |
| T1673 | Virtual Machine Discovery | An adversary may attempt to enumerate running virtual machines (VMs) after gaining access to a host or hypervisor. For e… |
| T1680 | Local Storage Discovery | Adversaries may enumerate local drives, disks, and/or volumes and their attributes like total or free space and volume s… |