Browser Information Discovery (T1217)

Tactic: Discovery · Platforms: Linux, macOS, Windows

The interactive view maps 1 detection strategy, 7 threat groups, 18 software entries, 4 campaigns to this technique, alongside D3FEND countermeasures and data-component coverage.

Overview

Adversaries may enumerate information about browsers to learn more about compromised environments. Data saved by browsers (such as bookmarks, accounts, and browsing history) may reveal a variety of personal information about users (e.g., banking sites, relationships/interests, social media, etc.) as well as details about internal network resources such as servers, tools/dashboards, or other related infrastructure.

Browser information may also highlight additional targets after an adversary has access to valid credentials, especially Credentials In Files associated with logins cached by a browser.

Specific storage locations vary based on platform and/or application, but browser information is typically stored in local files and databases (e.g., `%APPDATA%/Google/Chrome`).

Explore