- Information Domain: Host
- Data Subtypes: Process
- Analytic Type: TTP
- Applicable Platforms: Windows, Linux, macOS
- Contributors: MITRE
When entering on a host for the first time, an adversary may try to discover information about the host. There are several built-in Windows commands that can be used to learn about the software configurations, active users, administrators, and networking configuration. These commands should be monitored to identify when an adversary is learning information about the system and environment. The information returned may impact choices an adversary can make when establishing persistence, escalating privileges, or moving laterally.