Under which tactic is port scanning categorized in the given framework?

Port scanning is a reconnaissance activity focused on gathering technical details about a target’s network surface. By probing a range of ports, it reveals which ports are open, which services are listening, and often what versions or configurations are exposed. This collection of concrete, actionable information about the target’s technology stack and reachable hosts is the essence of Technical Information Gathering. It’s about learning what exists and how it’s configured, so an attacker can plan subsequent steps. Defensive Evasion aims to avoid detection or security controls, which port scanning does not inherently accomplish. Initial Access is about gaining a foothold in the system, and while port scanning can support that later, the act itself is not the entry. Data Destruction involves harming or deleting data, which is unrelated to the purpose of port scanning. Therefore, the tactic that best fits port scanning within this framework is Technical Information Gathering.