Threat actors may build, buy or steal capabilities that can be used during targeting. Activities may include the acquisition of malware, software (including licenses), exploits, certificates, and information relating to vulnerabilities.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.