T1046: Network Servie Scanning
Adversaries may attempt to get a listing of services running on remote hosts, including those that may be vulnerable to remote software exploitation. Methods to acquire this information include port scans and vulnerability scans using tools that are brought onto a system.
Within cloud environments, adversaries may attempt to discover services running on other cloud hosts. Additionally, if the cloud environment is connected to a on-premises environment, adversaries may be able to identify services running on non-cloud systems as well.
Will use nmap for windows to achieve this goal, sometimes we will use tools that can be moved onto the compromised host and achieve ports scans on other systems, In this example we use it scan a remote system Desktop-Bravo