StandardDraft

CAPEC-545Pull Data from System Resources

Abstraction
Standard
Status
Draft

Description

An adversary who is authorized or has the ability to search known system resources, does so with the intention of gathering useful information. System resources include files, memory, and other aspects of the target system. In this pattern of attack, the adversary does not necessarily know what they are going to find when they start pulling data. This is different than CAPEC-150 where the adversary knows what they are looking for due to the common location.

Related weaknesses· 9

CWE-1239CWE-1243CWE-1258CWE-1266CWE-1272CWE-1278CWE-1323CWE-1258CWE-1330

MITRE ATT&CK crosswalk· 2

T1005: Data from Local SystemT1555.001: Credentials from Password Stores:Keychain

Related attack patterns· 1

CAPEC-116 (ChildOf)

Exploits8

TypeTargetConfidenceTier
WeaknessMissing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniquescwe-1278100%live
WeaknessExposure of Sensitive System Information Due to Uncleared Debug Informationcwe-1258100%live
WeaknessImproper Management of Sensitive Trace Datacwe-1323100%live
WeaknessImproper Scrubbing of Sensitive Data from Decommissioned Devicecwe-1266100%live
WeaknessRemanent Data Readable after Memory Erasecwe-1330100%live
WeaknessImproper Zeroization of Hardware Registercwe-1239100%live
WeaknessSensitive Non-Volatile Information Not Protected During Debugcwe-1243100%live
WeaknessSensitive Information Uncleared Before Debug/Power State Transitioncwe-1272100%live

Related to2

TypeTargetConfidenceTier
TechniqueData from Local Systemt1005100%live
SubTechniqueKeychaint1555.001100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Collect Data from Common Resource Locations
CAPEC
Collect Data from Registries
CAPEC
Identify Shared Files/Directories on System
CAPEC
Probe System Files
CAPEC
Physical Theft
CAPEC
System Footprinting
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.