Threat actors may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation. Common methods to acquire this information include port, vulnerability, and/or wordlist scans using tools that are brought onto a system.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.