Standardlikelihood: Lowseverity: LowDraft

CAPEC-577Owner Footprinting

Abstraction
Standard
Status
Draft
Likelihood
Low
Severity
Low

Description

An adversary exploits functionality meant to identify information about the primary users on the target system to an authorized user. They may do this, for example, by reviewing logins or file modification times. By knowing what owners use the target system, the adversary can inform further and more targeted malicious behavior. An example Windows command that may accomplish this is "dir /A ntuser.dat". Which will display the last modified time of a user's ntuser.dat file when run within the root folder of a user. This time is synonymous with the last time that user was logged in.

Related weaknesses· 1

CWE-200

MITRE ATT&CK crosswalk· 1

T1033: System Owner/User Discovery

Related attack patterns· 1

CAPEC-169 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessExposure of Sensitive Information to an Unauthorized Actorcwe-200100%live

Related to1

TypeTargetConfidenceTier
TechniqueSystem Owner/User Discoveryt1033100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Account Footprinting
CAPEC
Group Permission Footprinting
CAPEC
Process Footprinting
Technique
System Owner/User Discovery
CAPEC
Services Footprinting
CAPEC
Identify Shared Files/Directories on System
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.