Reconnaissance (12 techniques)
Adversary activity to gather information that can be used to plan future operations.
The Reconnaissance tactic groups MITRE ATT&CK techniques used by adversaries toadversary activity to gather information that can be used to plan future operations. Each technique below has its own page with detection guidance, platforms, and sub-techniques.
- T1589 - Gather Victim Identity InformationPRE
- T1590 - Gather Victim Network InformationPRE
- T1591 - Gather Victim Org InformationPRE
- T1592 - Gather Victim Host InformationPRE
- T1593 - Search Open Websites/DomainsPRE
- T1594 - Search Victim-Owned WebsitesPRE
- T1595 - Active ScanningPRE
- T1596 - Search Open Technical DatabasesPRE
- T1597 - Search Closed SourcesPRE
- T1598 - Phishing for InformationPRE
- T1681 - Search Threat Vendor DataPRE
- T1682 - Query Public AI ServicesPRE
Detection engineering training, taught by practitioners.
Learn how to build real detections across the MITRE ATT&CK framework.
View Courses