Cyberspace Operations

Responsible for gathering evidence on criminal or foreign intelligence entities to mitigate and protect against possible or real-time threats. Conducts collection, processing, and geolocation of systems to exploit, locate, and track targets. Performs network navigation and tactical forensic analysis and executes on-net operations when directed.

  • T0796: Provide real-time actionable geolocation information
  • T1020: Determine the operational and safety impacts of cybersecurity lapses
  • T1034: Prepare deconfliction report
  • T1035: Determine how threat activity groups employ encryption to support their operations
  • T1039: Identify network artifacts from hardware and software options
  • T1040: Identify impact of network artifacts on exploitation
  • T1041: Determine impact of software configurations
  • T1575: Adapt software to new hardware
  • T1576: Upgrade software interfaces
  • T1577: Improve software performance
  • T1633: Identify target operational architecture vulnerabilities
  • T1663: Identify potential avenues of access in digital technologies
  • T1664: Access wireless computer and digital networks
  • T1665: Process intelligence collection data
  • T1666: Exploit wireless computer and digital networks
  • T1668: Conduct network scouting
  • T1669: Analyze system vulnerabilities within a network
  • T1670: Conduct on-net activities
  • T1671: Exfiltrate data from deployed technologies
  • T1672: Conduct off-net activities
  • T1673: Exfiltrate data from automated technologies
  • T1674: Perform open source data collection
  • T1676: Survey computer and digital networks
  • T1691: Detect exploits against targeted networks and hosts
  • T1692: Counter exploits against targeted networks and hosts
  • T1709: Develop new techniques for accessing target systems
  • T1734: Exploit network devices and terminals
  • T1747: Identify system vulnerabilities within a network
  • T1759: Maintain situational awareness of organic operational infrastructure
  • T1760: Maintain functionality of organic operational infrastructure
  • T1774: Gain and maintain access to target systems
  • T1781: Degrade or remove data from networks and computers
  • T1784: Process exfiltrated data
  • T1803: Document information collection and environment activities
  • T1829: Evaluate locally developed tools
  • T1830: Test internally developed software