Clankerusecase
MITRE ATT&CK detection coverage
 ← Back to main site
Home/ MITRE Matrix/ Reconnaissance/ T1592.002

T1592.002Software

T1592.002 — Software is a MITRE ATT&CK technique in the Reconnaissance tactic. Clankerusecase tracks 10 detection use cases covering it and 9 threat-intel articles citing it.

Reconnaissance
View on the matrix → Filter Detection Library MITRE official spec ↗
10Use cases
9Articles
0Sub-techniques
1Tactic
↑ Parent technique: T1592 · Gather Victim Host Information

Use cases covering this technique (10)

Windows WinPEAS PowerShell Script Execution ESCU actions · alerting P [LLM] Vulnerable langgraph / langgraph-checkpoint package version inventory Bespoke recon · hunting DSP [LLM] Vulnerable meta-ads-mcp installation inventory (CVE-2026-48039) on managed hosts Bespoke recon · hunting DSPDDCS [LLM] Web-facing exposure of dev.env / .env config file (returns 200) Bespoke recon · alerting DSΣPDDCSCW [LLM] phpBB instance vulnerable to CVE-2026-29199 (3.3.16 and below / 4.0.0-a2) exposed on managed assets Bespoke recon · hunting DSP [LLM] CVE-2026-47430 fleet exposure via Defender TVM (vulnerable cordova-plugin-inappbrowser) Bespoke recon · hunting DSP [LLM] Vulnerable vm2 (<= 3.11.3) present on host — CVE-2026-47210 exposure Bespoke recon · hunting DSPDDCS [LLM] Algernon vulnerable installation discovery (CVE-2026-45721 exposure inventory) Bespoke recon · hunting DSPDDCS [LLM] Vulnerable n8n versions in TVM inventory (CVE-2026-44789) Bespoke recon · hunting DSPDD [LLM] Vulnerable Jinja2 < 3.1.3 inventory pivot for CVE-2024-22195 (xmlattr XSS) Bespoke recon · hunting DSP

Articles citing this technique (9)

crit LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution art-32
crit [GHSA / CRITICAL] CVE-2026-48039: Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token art-47
crit [GHSA / CRITICAL] CVE-2026-48031: Go Restful API Boilerplate: Hardcoded JWT Secret "random" Allows Token Forgery art-64
high 10 year old critical vulnerability in phpBB affecting tens of millions of users across thousands of forums art-69
crit [GHSA / CRITICAL] CVE-2026-47430: Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from art-105
crit [GHSA / CRITICAL] CVE-2026-47210: vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass art-174
crit [GHSA / CRITICAL] CVE-2026-45721: Algernon: handler.lua discovery walks parent directories above the server root art-262
crit [GHSA / CRITICAL] CVE-2026-44789: n8n: HTTP Request Node Pagination Prototype Pollution to RCE art-301
high Understanding and mitigating the Jinja2 XSS vulnerability (CVE-2024-22195) art-1295