Application Window Discovery (T1010)
Tactic: Discovery · Platforms: Linux, macOS, Windows
The interactive view maps 1 detection strategy, 3 threat groups, 34 software entries to this technique, alongside D3FEND countermeasures and data-component coverage.
Overview
Adversaries may attempt to get a listing of open application windows. Window listings could convey information about how the system is used. For example, information about application windows could be used identify potential data to collect as well as identifying security tooling (Security Software Discovery) to evade.
Adversaries typically abuse system features for this type of enumeration. For example, they may gather information through native system features such as Command and Scripting Interpreter commands and Native API functions.