- Home
- Techniques
- PRE-ATT&CK
- Identify security defensive capabilities
Identify security defensive capabilities
Security defensive capabilities are designed to stop or limit unauthorized network traffic or other types of accesses. [1] [2]
Detection
Detectable by Common Defenses (Yes/No/Partial): Yes
Explanation: Technically, the defender has the ability to detect. However, this is typically not performed as this type of traffic would likely not prompt the defender to take any actionable defense. In addition, this would require the defender to closely review their access logs for any suspicious activity (if the activity is even logged).
Difficulty for the Adversary
Easy for the Adversary (Yes/No): No
Explanation: The adversary will have some insight into defenses based on dropped traffic or filtered responses. It is more difficult to pinpoint which defenses are implemented (e.g., [https://www.fireeye.com FireEye] WMPS, [https://www.hpe.com Hewlett Packard Enterprise] Tipping Point IPS).
References
- InfoSec Institute. (2014, June 19). What You Must Know About OS Fingerprinting. Retrieved March 1, 2017.
- Paulino Calderon. (n.d.). http-waf-detect. Retrieved April 2, 2017.