The adversary is trying to figure out your environment. Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what’s around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective.
View in MITRE ATT&CK®| Technique ID | Technique Name | Number of Mappings | Number of Subtechniques |
|---|---|---|---|
| T1087 | Account Discovery | 3 | 3 |
| T1580 | Cloud Infrastructure Discovery | 5 | 0 |
| T1538 | Cloud Service Dashboard | 6 | 0 |
| T1619 | Cloud Storage Object Discovery | 7 | 0 |
| T1613 | Container and Resource Discovery | 10 | 0 |
| T1482 | Domain Trust Discovery | 9 | 0 |
| T1046 | Network Service Scanning | 11 | 0 |
| T1135 | Network Share Discovery | 3 | 0 |
| T1040 | Network Sniffing | 11 | 0 |
| T1201 | Password Policy Discovery | 5 | 0 |