T1595 - Active Scanning

Record summary

A quick snapshot of what this page covers.

Records1Records included in this view.

SourcePublicBuilt from public source data.

ModeStaticPrepared as a ready-to-read page.

ATT&CK object

The broader cybersecurity technique connected to these AI records.

Adversaries may execute active reconnaissance scans to gather information that can be used during targeting. Active scans are those where the adversary probes victim infrastructure via network traffic, as opposed to other forms of reconnaissance that do not involve direct interaction.

Adversaries may perform different forms of active scanning depending on what information they seek to gather. These scans can also be performed in various ways, including using native features of network protocols such as ICMP.(Citation: Botnet Scan)(Citation: OWASP Fingerprinting) Information from these scans may reveal opportunities for other forms of reconnaissance (ex: Search Open Websites/Domains or Search Open Technical Databases), establishing operational resources (ex: Develop Capabilities or Obtain Capabilities), and/or initial access (ex: External Remote Services or Exploit Public-Facing Application).

ATT&CK ID: T1595
STIX ID: attack-pattern--67073dde-d720-45ae-83da-b12d5e73ca3b
Name: Active Scanning
Connected AI records: 1

Connected AI records

AI security records connected to this cybersecurity technique.

AML.T0006 - Active Scanning

Confidence: 1.00

Kindatlas_techniqueLink typesame_or_related_attack_techniqueMethodexact_attack_external_id

Source

Where this page information comes from.

Original source

Original source links

Open the public records and source datasets used for this page.

Repositoryhttps://github.com/mitre-attack/attack-stix-data Enterprise JSONhttps://github.com/mitre-attack/attack-stix-data/blob/master/enterprise-attack/enterprise-attack.json MITRE ATT&CK objecthttps://attack.mitre.org/techniques/T1595/