An adversary engages in probing and exploration activities to identify constituents and properties of the target.
Description
Attack Execution Flow
1
1
Step 1
Explore[Request Footprinting] The attacker examines the website information and source code of the website and uses automated tools to get as much information as possible about the system and organization.
Open Source Footprinting: Examine the website about the organization and skim through the webpage's HTML source to look for comments.
Network Enumeration: Perform various queries (Registrar Query, Organizational Query, Domain Query, Network Query, POC Query) on the many whois databases found on the internet to identify domain names and associated networks.
DNS Interrogation: Once basic information is gathered the attack could begin to query DNS.
Other Techniques: Use ping sweep, TCP scan, UDP scan, OS Identification various techniques to gain more information about the system and network.
AI Translation
[Request Footprinting] L'attaccante esamina le informazioni del sito web e il codice sorgente del sito stesso, utilizzando strumenti automatizzati per ottenere quante più informazioni possibile sul sistema e sull'organizzazione.
Footprinting Open Source: Esamina il sito web riguardante l'organizzazione e scorri il codice HTML della pagina per cercare commenti.
Enumerazione di Rete: Esegue varie query (Registrar Query, Organizational Query, Domain Query, Network Query, POC Query) sui numerosi database whois trovati su internet per identificare nomi di dominio e reti associate.
Interrogazione DNS: Una volta raccolte le informazioni di base, l'attacco potrebbe iniziare a interrogare il DNS.
Altre Tecniche: Utilizza ping sweep, scansione TCP, scansione UDP, identificazione del sistema operativo e altre tecniche per ottenere ulteriori informazioni sul sistema e sulla rete.
Attack Techniques
-
Other Techniques: Use ping sweep, TCP scan, UDP scan, OS Identification various techniques to gain more information about the system and network.
-
Open Source Footprinting: Examine the website about the organization and skim through the webpage's HTML source to look for comments.IT: Altre tecniche: utilizzare ping sweep, scansione TCP, scansione UDP, identificazione del sistema operativo e altre tecniche per ottenere ulteriori informazioni sul sistema e sulla rete.
-
Network Enumeration: Perform various queries (Registrar Query, Organizational Query, Domain Query, Network Query, POC Query) on the many whois databases found on the internet to identify domain names and associated networks.IT: Altre tecniche: utilizzare ping sweep, scansione TCP, scansione UDP, identificazione del sistema operativo e altre tecniche per ottenere ulteriori informazioni sul sistema e sulla rete.
-
DNS Interrogation: Once basic information is gathered the attack could begin to query DNS.IT: Altre tecniche: utilizzare ping sweep, scansione TCP, scansione UDP, identificazione del sistema operativo e altre tecniche per ottenere ulteriori informazioni sul sistema e sulla rete.
Mitigations
6
Avoid Including Information That Has The Potential To Identify And Compromise Your Organization'S Security Such As Access To Business Plans, Formulas, And Proprietary Documents.
Keep Patches Up To Date By Installing Weekly Or Daily If Possible.
Shut Down Unnecessary Services/Ports.
Change Default Passwords By Choosing Strong Passwords.
Curtail Unexpected Input.
Encrypt And Password-Protect Sensitive Data.
Consequences
Security Scopes Affected
Confidentiality
Potential Impacts
Read Data
Relationships
Child CAPECs
CAPEC-292
Host Discovery
CAPEC-300
Port Scanning
CAPEC-309
Network Topology Mapping
CAPEC-497
File Discovery
CAPEC-529
Malware-Directed Internal Reconnaissance
CAPEC-573
Process Footprinting
CAPEC-574
Services Footprinting
CAPEC-575
Account Footprinting
CAPEC-576
Group Permission Footprinting
CAPEC-577
Owner Footprinting
CAPEC-580
System Footprinting
CAPEC-646
Peripheral Footprinting
CAPEC-694
System Location Discovery
Related ATT&CK Techniques
3
T1217
Browser Information Discovery
Adversaries may enumerate information about browsers to learn more about compromised environments. Data saved by browsers (such as bookmarks, accounts, …
T1592
Gather Victim Host Information
Adversaries may gather information about the victim's hosts that can be used during targeting. Information about hosts may include a …
T1595
Active Scanning
Adversaries may execute active reconnaissance scans to gather information that can be used during targeting. Active scans are those where …
Resources Required
1
The adversary requires a variety of tools to collect information about the target. These include port/network scanners and tools to analyze responses from applications to determine version and configuration information. Footprinting a system adequately may also take a few days if the attacker wishes the footprinting attempt to go undetected.