MITRE ATT&CK Technique
Description
Adversaries may gather information about the victim's network trust dependencies that can be used during targeting. Information about network trusts may include a variety of details, including second or third-party organizations/domains (ex: managed service providers, contractors, etc.) that have connected (and potentially elevated) network access. Adversaries may gather this information in various ways, such as direct elicitation via [Phishing for Information](https://attack.mitre.org/techniques/T1598). Information about network trusts may also be exposed to adversaries via online or other accessible data sets (ex: [Search Open Technical Databases](https://attack.mitre.org/techniques/T1596)).(Citation: Pentesting AD Forests) Gathering this information may reveal opportunities for other forms of reconnaissance (ex: [Active Scanning](https://attack.mitre.org/techniques/T1595) or [Search Open Websites/Domains](https://attack.mitre.org/techniques/T1593)), establishing operational resources (ex: [Acquire Infrastructure](https://attack.mitre.org/techniques/T1583) or [Compromise Infrastructure](https://attack.mitre.org/techniques/T1584)), and/or initial access (ex: [Trusted Relationship](https://attack.mitre.org/techniques/T1199)).
Supported Platforms
Created
April 29, 2026
Last Updated
April 29, 2026
STIX Data
{'created': '2020-10-02T15:47:59.457Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': "Adversaries may gather information about the victim's network "
'trust dependencies that can be used during targeting. '
'Information about network trusts may include a variety of '
'details, including second or third-party '
'organizations/domains (ex: managed service providers, '
'contractors, etc.) that have connected (and potentially '
'elevated) network access.\n'
'\n'
'Adversaries may gather this information in various ways, such '
'as direct elicitation via [Phishing for '
'Information](https://attack.mitre.org/techniques/T1598). '
'Information about network trusts may also be exposed to '
'adversaries via online or other accessible data sets (ex: '
'[Search Open Technical '
'Databases](https://attack.mitre.org/techniques/T1596)).(Citation: '
'Pentesting AD Forests) Gathering this information may reveal '
'opportunities for other forms of reconnaissance (ex: [Active '
'Scanning](https://attack.mitre.org/techniques/T1595) or '
'[Search Open '
'Websites/Domains](https://attack.mitre.org/techniques/T1593)), '
'establishing operational resources (ex: [Acquire '
'Infrastructure](https://attack.mitre.org/techniques/T1583) or '
'[Compromise '
'Infrastructure](https://attack.mitre.org/techniques/T1584)), '
'and/or initial access (ex: [Trusted '
'Relationship](https://attack.mitre.org/techniques/T1199)).',
'external_references': [{'external_id': 'T1590.003',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/techniques/T1590/003'},
{'description': 'García, C. (2019, April 3). '
'Pentesting Active Directory Forests. '
'Retrieved October 20, 2020.',
'source_name': 'Pentesting AD Forests',
'url': 'https://www.slideshare.net/rootedcon/carlos-garca-pentesting-active-directory-forests-rooted2019'}],
'id': 'attack-pattern--36aa137f-5166-41f8-b2f0-a4cfa1b4133e',
'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
'phase_name': 'reconnaissance'}],
'modified': '2025-10-24T17:48:38.803Z',
'name': 'Network Trust Dependencies',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'revoked': False,
'spec_version': '2.1',
'type': 'attack-pattern',
'x_mitre_attack_spec_version': '3.2.0',
'x_mitre_deprecated': False,
'x_mitre_detection': '',
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_is_subtechnique': True,
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_platforms': ['PRE'],
'x_mitre_version': '1.0'}