System Service Discovery
System Service Discovery (T1007) is a MITRE ATT&CK technique associated with Discovery . Adversaries may try to gather information about registered local system services.
Discovery
3 platforms
Loading AttackTrace...
Loading AttackTrace...
ATT&CK tactic
49 techniques mapped to this tactic.
System Service Discovery (T1007) is a MITRE ATT&CK technique associated with Discovery . Adversaries may try to gather information about registered local system services.
Application Window Discovery (T1010) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to get a listing of open application windows.
Query Registry (T1012) is a MITRE ATT&CK technique associated with Discovery . Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
System Network Configuration Discovery (T1016) is a MITRE ATT&CK technique associated with Discovery . Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of rem…
Internet Connection Discovery (T1016.001) is a MITRE ATT&CK technique associated with Discovery . Adversaries may check for Internet connectivity on compromised systems.
Wi Fi Discovery (T1016.002) is a MITRE ATT&CK technique associated with Discovery . Adversaries may search for information about Wi Fi networks, such as network names and passwords, on compromised systems.
Remote System Discovery (T1018) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system.
System Owner/User Discovery (T1033) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system.
Network Sniffing (T1040) is a MITRE ATT&CK technique associated with Credential Access, Discovery . Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.
Network Service Discovery (T1046) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.
System Network Connections Discovery (T1049) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to get a listing of network connections to or from the compromised system they are currently accessing or from remote systems by querying for informatio…
Process Discovery (T1057) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to get information about running processes on a system.
Permission Groups Discovery (T1069) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to discover group and permission settings.
Local Groups (T1069.001) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to find local system groups and permission settings.
Domain Groups (T1069.002) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to find domain level groups and permission settings.
Cloud Groups (T1069.003) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to find cloud groups and permission settings.
System Information Discovery (T1082) is a MITRE ATT&CK technique associated with Discovery . An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.
File and Directory Discovery (T1083) is a MITRE ATT&CK technique associated with Discovery . Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
Account Discovery (T1087) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment.
Local Account (T1087.001) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to get a listing of local system accounts.
Domain Account (T1087.002) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to get a listing of domain accounts.
Email Account (T1087.003) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to get a listing of email addresses and accounts.
Cloud Account (T1087.004) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to get a listing of cloud accounts.
Peripheral Device Discovery (T1120) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system. Peripheral devices could include auxiliary resources that…
System Time Discovery (T1124) is a MITRE ATT&CK technique associated with Discovery . An adversary may gather the system time and/or time zone settings from a local or remote system.
Network Share Discovery (T1135) is a MITRE ATT&CK technique associated with Discovery . Adversaries may look for folders and drives shared on remote systems as a means of identifying sources of information to gather as a precursor for Collection and to identify potential syste…
Password Policy Discovery (T1201) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to access detailed information about the password policy used within an enterprise network or cloud environment.
Browser Information Discovery (T1217) is a MITRE ATT&CK technique associated with Discovery . Adversaries may enumerate information about browsers to learn more about compromised environments.
Domain Trust Discovery (T1482) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to gather information on domain trust relationships that may be used to identify lateral movement opportunities in Windows multi domain/forest environments.
Virtualization/Sandbox Evasion (T1497) is a MITRE ATT&CK technique associated with Stealth, Discovery . Adversaries may employ various means to detect and avoid virtualization and analysis environments.
System Checks (T1497.001) is a MITRE ATT&CK technique associated with Stealth, Discovery . Adversaries may employ various system checks to detect and avoid virtualization and analysis environments.
User Activity Based Checks (T1497.002) is a MITRE ATT&CK technique associated with Stealth, Discovery . Adversaries may employ various user activity checks to detect and avoid virtualization and analysis environments.
Time Based Checks (T1497.003) is a MITRE ATT&CK technique associated with Stealth, Discovery . Adversaries may employ various time based methods to detect virtualization and analysis environments, particularly those that attempt to manipulate time mechanisms to simulate longer…
Software Discovery (T1518) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to get a listing of software and software versions that are installed on a system or in a cloud environment.
Security Software Discovery (T1518.001) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment.
Backup Software Discovery (T1518.002) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to get a listing of backup software or configurations that are installed on a system.
Cloud Service Discovery (T1526) is a MITRE ATT&CK technique associated with Discovery . An adversary may attempt to enumerate the cloud services running on a system after gaining access.
Cloud Service Dashboard (T1538) is a MITRE ATT&CK technique associated with Discovery . An adversary may use a cloud service dashboard GUI with stolen credentials to gain useful information from an operational cloud environment, such as specific services, resources, and features.
Cloud Infrastructure Discovery (T1580) is a MITRE ATT&CK technique associated with Discovery . An adversary may attempt to discover infrastructure and resources that are available within an infrastructure as a service (IaaS) environment.
Container and Resource Discovery (T1613) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to discover containers and other resources that are available within a containers environment.
System Location Discovery (T1614) is a MITRE ATT&CK technique associated with Discovery . Adversaries may gather information in an attempt to calculate the geographical location of a victim host.
System Language Discovery (T1614.001) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to gather information about the system language of a victim in order to infer the geographical location of that host.
Group Policy Discovery (T1615) is a MITRE ATT&CK technique associated with Discovery . Adversaries may gather information on Group Policy settings to identify paths for privilege escalation, security measures applied within a domain, and to discover patterns in domain objects…
Cloud Storage Object Discovery (T1619) is a MITRE ATT&CK technique associated with Discovery . Adversaries may enumerate objects in cloud storage infrastructure.
Debugger Evasion (T1622) is a MITRE ATT&CK technique associated with Stealth, Discovery . Adversaries may employ various means to detect and avoid debuggers.
Device Driver Discovery (T1652) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to enumerate local device drivers on a victim host.
Log Enumeration (T1654) is a MITRE ATT&CK technique associated with Discovery . Adversaries may enumerate system and service logs to find useful data.
Virtual Machine Discovery (T1673) is a MITRE ATT&CK technique associated with Discovery . An adversary may attempt to enumerate running virtual machines (VMs) after gaining access to a host or hypervisor.
Local Storage Discovery (T1680) is a MITRE ATT&CK technique associated with Discovery . Adversaries may enumerate local drives, disks, and/or volumes and their attributes like total or free space and volume serial number.