Applied Intelligence

INTERNAL NETWORK RECONNAISSANCE

TARGET INFORMATION OBJECTIVES CRITICAL CONTROLS

IDEAL CONTROLS

Internal Network Reconnaissance is where an attacker enumerates information about a target environment before completing their later objectives in the attack such as elevating their privileges or stealing sensitive information.

Do not underestimate the value of technical information describing your environment and the business information describing your organisation to your attacker.

File Shares

Domain Controllers

User Directories

Proxy Settings

(EXAMPLES)

TAR

GET

ED E

NVI

RO

NM

ENT

INFO

RM

ATIO

NTA

RG

ETED

US

ERIN

FOR

MAT

ION

TAR

GET

ED S

YSTE

MS

INFO

RM

ATIO

NTA

RG

ETED

OTH

ERIN

FOR

MAT

ION

Open Outbound Ports

Logged-in Users

Network Services

Anti-Virus vendors

Backup Files

Organisation Charts

Configuration Management Database

Identify key environment information

Log AnalysisCollection and analysis of system and network logs for security events.

Incident ResponseThe resources and processes to manage and respond to attacks.

Network MonitoringCollection of network traffic in order to identify malicious communications.

Threat IntelligenceCollection, analysis and sharing of attacker data to determine the threat to your environment.

Software InventoryA list of known and approved software within the organisation.

Network DiodeA highly assured uni-directional network flow between two differently trusted networks.

Account MonitoringDetection of attempts to impersonate legitimate users through inactive user accounts.

Behavioural AnalysisThe identification of suspicious patterns of behaviour from network traffic and endpoint activity.

Download of additional tools to collect environment information

Elevate privileges to collect environment information

Lateral movement

Stage environment for exfiltration