T1018: Remote System Discovery
Adversaries may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system. Functionality could exist within remote access tools to enable this, but utilities available on the operating system could also be used such as Ping or net view using Net. Adversaries may also use local use local host files (ex: C:\Windows\System32\Drivers\etc\hosts or /etc/hosts) in order to discover the hostname to IP address mapping of remote systems.
Specific to macOS, the bonjour protocol exists to discover additional Mac-based systems within the same broadcast domain.
Example
Pinging computers on the sub-net we can see any of them that are currently alive around the network, we can do a ping sweep for CMD or PowerShell
Copy link