CollectionIn the collection phase, attackers gather data of interest from within the compromised environment. This phase is focused on harvesting valuable information such as databases, credentials, sensitive files, and communications. Common methods of collection include database dumps, capturing audio, video, or screen activity, and accessing internal documentation, network shared drives, and ..