Reconnaissance (12 techniques)
Adversary activity to gather information that can be used to plan future operations.
The Reconnaissance tactic groups MITRE ATT&CK techniques used by adversaries toadversary activity to gather information that can be used to plan future operations. Each technique below has its own page with detection guidance, platforms, and sub-techniques.
- T1589 — Gather Victim Identity InformationPRE
- T1590 — Gather Victim Network InformationPRE
- T1591 — Gather Victim Org InformationPRE
- T1592 — Gather Victim Host InformationPRE
- T1593 — Search Open Websites/DomainsPRE
- T1594 — Search Victim-Owned WebsitesPRE
- T1595 — Active ScanningPRE
- T1596 — Search Open Technical DatabasesPRE
- T1597 — Search Closed SourcesPRE
- T1598 — Phishing for InformationPRE
- T1681 — Search Threat Vendor DataPRE
- T1682 — Query Public AI ServicesPRE
Detection engineering training, taught by practitioners.
Learn how to build real detections across the MITRE ATT&CK framework.
View Courses