Reconnaissance (12 techniques)
Adversary activity to gather information that can be used to plan future operations.
The Reconnaissance tactic groups MITRE ATT&CK techniques used by adversaries to adversary activity to gather information that can be used to plan future operations. Each technique below has its own page with detection guidance, platforms, and sub-techniques.
- T1589 — Gather Victim Identity Information PRE
- T1590 — Gather Victim Network Information PRE
- T1591 — Gather Victim Org Information PRE
- T1592 — Gather Victim Host Information PRE
- T1593 — Search Open Websites/Domains PRE
- T1594 — Search Victim-Owned Websites PRE
- T1595 — Active Scanning PRE
- T1596 — Search Open Technical Databases PRE
- T1597 — Search Closed Sources PRE
- T1598 — Phishing for Information PRE
- T1681 — Search Threat Vendor Data PRE
- T1682 — Query Public AI Services PRE
Detection engineering training, taught by practitioners.
Learn how to build real detections across the MITRE ATT&CK framework.
View Courses