CCTV Enumeration

The subject enumerates organizational CCTV coverage through physical reconnaissance, network-based probing, or a combination of both. This behavior aims to identify surveillance blind spots, coverage patterns, and system weaknesses in order to plan insider activity such as unauthorized entry, covert data removal, or sabotage.

• Physical enumeration involves walking routes to observe camera placement, photographing or sketching locations, and identifying fields of view, blind spots, or coverage overlaps. Subjects may test movement within blind zones or note environmental features (e.g., pillars, furniture) that obstruct visibility.

• Network enumeration targets digital surveillance systems, including IP cameras, DVRs, NVRs, and PoE switches. Subjects may scan for active devices, query configurations, or attempt login with default credentials to discover camera IPs, firmware details, and accessible streams.

When combined, physical and network enumeration provide a sophisticated map of surveillance infrastructure. For example, a subject may confirm camera placement through on-site observation, then validate viewing angles and live coverage zones by remotely accessing the corresponding camera feeds across the network. This dual approach allows the subject to identify exact surveillance gaps, test whether specific areas are monitored, and plan movement or concealment with high confidence.

This behavior is a strong indicator of deliberate preparation, as it requires technical effort, situational awareness, and intent to circumvent organizational surveillance.