Detailedlikelihood: Mediumseverity: MediumDraft

CAPEC-643Identify Shared Files/Directories on System

Abstraction
Detailed
Status
Draft
Likelihood
Medium
Severity
Medium

Description

An adversary discovers connections between systems by exploiting the target system's standard practice of revealing them in searchable, common areas. Through the identification of shared folders/drives between systems, the adversary may further their goals of locating and collecting sensitive information/files, or map potential routes for lateral movement within the network.

Related weaknesses· 2

CWE-267CWE-200

MITRE ATT&CK crosswalk· 1

T1135: Network Share Discovery

Related attack patterns· 4

CAPEC-309 (ChildOf)CAPEC-561 (CanPrecede)CAPEC-545 (CanPrecede)CAPEC-165 (CanPrecede)

Exploits2

TypeTargetConfidenceTier
WeaknessExposure of Sensitive Information to an Unauthorized Actorcwe-200100%live
WeaknessPrivilege Defined With Unsafe Actionscwe-267100%live

Related to1

TypeTargetConfidenceTier
TechniqueNetwork Share Discoveryt1135100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
File Discovery
CAPEC
Collect Data from Common Resource Locations
CAPEC
Directory Indexing
Technique
Network Share Discovery
CAPEC
Pull Data from System Resources
CAPEC
Explore for Predictable Temporary File Names
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.