mitre attack recon method
Mitre Recon
Essa lista é uma ordem lógica das fases de recon baseado no mitre-pre https://attack.mitre.org/matrices/enterprise/pre/. A ordem das fases é como eu vejo a melhor forma de se organizar e executar um recon em uma empresa/organização, isso vai desde osint basico até o início da enumeração de rede/ativos.
1 - Gather Victim Org Information
- https://attack.mitre.org/techniques/T1591/
- Determine Physical Locations
- Business Relationships
- Identify Business Tempo
- Identify Roles
2 - Gather Victim Identity Information
https://attack.mitre.org/techniques/T1589/
Credentials
Email Address
Employee Names
3 - Search Open Websites/Domains
https://attack.mitre.org/techniques/T1593/
- https://cyware.com/news/how-hackers-exploit-social-media-to-break-into-your-company-88e8da8e
- https://securitytrails.com/blog/google-hacking-techniques
- https://www.exploit-db.com/google-hacking-database
Social media
Code Repositories (github search)
4 - Search Open Technical Databases
https://attack.mitre.org/techniques/T1596/
- some whois
- passive dns - https://dnsdumpster.com/
- digital certs - https://www.sslshopper.com/ssl-checker.html
- CDNs
- shodan and others…
5 - Search Victim-Owned Websites
https://attack.mitre.org/techniques/T1594/
6 - Search Closed Sources
Threat Intel Vendors
- https://d3security.com/blog/10-of-the-best-open-source-threat-intelligence-feeds/
- https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti/
7 - Gather Victim Network Information
FQDNs
Network Trust Dependencies
IP Addresses
Network Security Appliances
8 - Gather Victim Host Information
Software
9 - Phishing for Information
https://attack.mitre.org/techniques/T1598/
10 - Active Scanning
Scanning IP Blocks
Vulnerability Scanning https://attack.mitre.org/techniques/T1595/002/
Wordlist Scanning (brute-force)