Info
ID: AT-001
Tactic: Reconnaissance
MITRE technique: T1595
Active Scanning
Active Scanning involves methodical probing and enumeration of application components to gather intelligence about architecture, technologies, and potential vulnerabilities. Adversaries utilize automated tools (port scanners, vulnerability scanners, fuzzing tools) to systematically identify entry points across web applications, APIs, microservices, and cloud infrastructure. This reconnaissance technique differs from passive methods as it involves direct interaction with target systems, generating network traffic that may be detected by monitoring tools. Attackers leverage the intelligence gathered during Active Scanning to build comprehensive attack surface maps, identifying components with potential vulnerabilities, misconfigurations, outdated dependencies, and inadequate access controls. The information collected during this phase enables precise targeting in subsequent attack stages, allowing threat actors to prioritize high-value assets and customize their exploitation techniques accordingly.
Mitigations
| ID | Mitigation | Description |
|---|---|---|
| AM-M0001 | Web Application Firewall | Implement a WAF with rate limiting capabilities to detect and block automated scanning activities |
| AM-M0002 | Network Monitoring | Deploy network monitoring solutions to detect suspicious scanning patterns and traffic anomalies |
| AM-M0003 | Security Headers | Implement robust security headers to reduce information leakage that could aid attackers during scanning |