615 indexed
CAPECCAPEC attack patterns
615 MITRE CAPEC entries — attack patterns at meta, standard, and detailed abstraction levels. Filter by abstraction. Authored by Adam Lundqvist.
Showing 101–150 of 341 in Detailed · page 3 of 7
| ID | Title | Summary |
|---|---|---|
| CAPEC-305 | TCP ACK Scan | An adversary uses TCP ACK segments to gather information about firewall or ACL configuration. The purpose of this type of scan is to discover information about… |
| CAPEC-306 | TCP Window Scan | An adversary engages in TCP Window scanning to analyze port status and operating system type. TCP Window scanning uses the ACK scanning method but examine the … |
| CAPEC-307 | TCP RPC Scan | An adversary scans for RPC services listing on a Unix/Linux host. Metadata: detailed CAPEC pattern, status stable, severity low. Underlying weakness: CWE-200.… |
| CAPEC-308 | UDP Scan | An adversary engages in UDP scanning to gather information about UDP port status on the target system. UDP scanning methods involve sending a UDP datagram to t… |
| CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies | This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. There are several different fo… |
| CAPEC-310 | Scanning for Vulnerable Software | An attacker engages in scanning activity to find vulnerable software versions or types, such as operating system versions or network services. Vulnerable or ex… |
| CAPEC-317 | IP ID Sequencing Probe | This OS fingerprinting probe analyzes the IP 'ID' field sequence number generation algorithm of a remote host. Operating systems generate IP 'ID' numbers diffe… |
| CAPEC-318 | IP 'ID' Echoed Byte-Order Probe | This OS fingerprinting probe tests to determine if the remote host echoes back the IP 'ID' value from the probe packet. An attacker sends a UDP datagram with a… |
| CAPEC-319 | IP (DF) 'Don't Fragment Bit' Echoing Probe | This OS fingerprinting probe tests to determine if the remote host echoes back the IP 'DF' (Don't Fragment) bit in a response packet. An attacker sends a UDP d… |
| CAPEC-32 | XSS Through HTTP Query Strings | An adversary embeds malicious script code in the parameters of an HTTP query string and convinces a victim to submit the HTTP request that contains the query s… |
| CAPEC-320 | TCP Timestamp Probe | This OS fingerprinting probe examines the remote server's implementation of TCP timestamps. Not all operating systems implement timestamps within the TCP heade… |
| CAPEC-321 | TCP Sequence Number Probe | This OS fingerprinting probe tests the target system's assignment of TCP sequence numbers. One common way to test TCP Sequence Number generation is to send a p… |
| CAPEC-322 | TCP (ISN) Greatest Common Divisor Probe | This OS fingerprinting probe sends a number of TCP SYN packets to an open port of a remote machine. The Initial Sequence Number (ISN) in each of the SYN/ACK re… |
| CAPEC-323 | TCP (ISN) Counter Rate Probe | This OS detection probe measures the average rate of initial sequence number increments during a period of time. Sequence numbers are incremented using a time-… |
| CAPEC-324 | TCP (ISN) Sequence Predictability Probe | This type of operating system probe attempts to determine an estimate for how predictable the sequence number generation algorithm is for a remote host. Statis… |
| CAPEC-325 | TCP Congestion Control Flag (ECN) Probe | This OS fingerprinting probe checks to see if the remote host supports explicit congestion notification (ECN) messaging. ECN messaging was designed to allow ro… |
| CAPEC-326 | TCP Initial Window Size Probe | This OS fingerprinting probe checks the initial TCP Window size. TCP stacks limit the range of sequence numbers allowable within a session to maintain the "con… |
| CAPEC-327 | TCP Options Probe | This OS fingerprinting probe analyzes the type and order of any TCP header options present within a response segment. Most operating systems use unique orderin… |
| CAPEC-328 | TCP 'RST' Flag Checksum Probe | This OS fingerprinting probe performs a checksum on any ASCII data contained within the data portion or a RST packet. Some operating systems will report a huma… |
| CAPEC-329 | ICMP Error Message Quoting Probe | An adversary uses a technique to generate an ICMP Error message (Port Unreachable, Destination Unreachable, Redirect, Source Quench, Time Exceeded, Parameter P… |
| CAPEC-33 | HTTP Request Smuggling | Metadata: detailed CAPEC pattern, status stable, likelihood medium, severity high. Underlying weakness: CWE-444. Related CAPEC patterns: [object Object], [obje… |
| CAPEC-330 | ICMP Error Message Echoing Integrity Probe | An adversary uses a technique to generate an ICMP Error message (Port Unreachable, Destination Unreachable, Redirect, Source Quench, Time Exceeded, Parameter P… |
| CAPEC-331 | ICMP IP Total Length Field Probe | An adversary sends a UDP packet to a closed port on the target machine to solicit an IP Header's total length field value within the echoed 'Port Unreachable" … |
| CAPEC-332 | ICMP IP 'ID' Field Error Message Probe | An adversary sends a UDP datagram having an assigned value to its internet identification field (ID) to a closed port on a target to observe the manner in whic… |
| CAPEC-34 | HTTP Response Splitting | Metadata: detailed CAPEC pattern, status stable, likelihood medium, severity high. Underlying weaknesses: CWE-74, CWE-113, CWE-138, CWE-436. Related CAPEC patt… |
| CAPEC-35 | Leverage Executable Code in Non-Executable Files | An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configur… |
| CAPEC-37 | Retrieve Embedded Sensitive Data | An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as accoun… |
| CAPEC-38 | Leveraging/Manipulating Configuration File Search Paths | This pattern of attack sees an adversary load a malicious resource into a program's standard path so that when a known command is executed then the system inst… |
| CAPEC-383 | Harvesting Information via API Event Monitoring | An adversary hosts an event within an application framework and then monitors the data exchanged during the course of the event for the purpose of harvesting a… |
| CAPEC-385 | Transaction or Event Tampering via Application API Manipulation | An attacker hosts or joins an event or transaction within an application framework in order to change the content of messages or items that are being exchanged… |
| CAPEC-387 | Navigation Remapping To Propagate Malicious Content | An adversary manipulates either egress or ingress data from a client within an application framework in order to change the content of messages and thereby cir… |
| CAPEC-388 | Application API Button Hijacking | An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of button… |
| CAPEC-389 | Content Spoofing Via Application API Manipulation | An attacker manipulates either egress or ingress data from a client within an application framework in order to change the content of messages. Performing this… |
| CAPEC-392 | Lock Bumping | An attacker uses a bump key to force a lock on a building or facility and gain entry. Lock Bumping is the use of a special type of key that can be tapped or bu… |
| CAPEC-393 | Lock Picking | An attacker uses lock picking tools and techniques to bypass the locks on a building or facility. Lock picking is the use of a special set of tools to manipula… |
| CAPEC-394 | Using a Snap Gun Lock to Force a Lock | An attacker uses a Snap Gun, also known as a Pick Gun, to force the lock on a building or facility. A Pick Gun is a special type of lock picking instrument tha… |
| CAPEC-397 | Cloning Magnetic Strip Cards | An attacker duplicates the data on a Magnetic strip card (i.e. 'swipe card' or 'magstripe') to gain unauthorized access to a physical location or a person's pr… |
| CAPEC-398 | Magnetic Strip Card Brute Force Attacks | An adversary analyzes the data on two or more magnetic strip cards and is able to generate new cards containing valid sequences that allow unauthorized access … |
| CAPEC-399 | Cloning RFID Cards or Chips | An attacker analyzes data returned by an RFID chip and uses this information to duplicate a RFID signal that responds identically to the target chip. In some c… |
| CAPEC-4 | Using Alternative IP Address Encodings | This attack relies on the adversary using unexpected formats for representing IP addresses. Networked applications may expect network location information in a… |
| CAPEC-400 | RFID Chip Deactivation or Destruction | An attacker uses methods to deactivate a passive RFID tag for the purpose of rendering the tag, badge, card, or object containing the tag unresponsive. RFID ta… |
| CAPEC-402 | Bypassing ATA Password Security | An adversary exploits a weakness in ATA security on a drive to gain access to the information the drive contains without supplying the proper credentials. ATA … |
| CAPEC-406 | Dumpster Diving | An adversary cases an establishment and searches through trash bins, dumpsters, or areas where company information may have been accidentally discarded for inf… |
| CAPEC-41 | Using Meta-characters in E-mail Headers to Inject Malicious Payloads | This type of attack involves an attacker leveraging meta-characters in email headers to inject improper behavior into email programs. Email software has become… |
| CAPEC-412 | Pretexting via Customer Service | An adversary engages in pretexting behavior, assuming the role of someone who works for Customer Service, to solicit information from target persons, or manipu… |
| CAPEC-413 | Pretexting via Tech Support | An adversary engages in pretexting behavior, assuming the role of a tech support worker, to solicit information from target persons, or manipulate the target i… |
| CAPEC-414 | Pretexting via Delivery Person | An adversary engages in pretexting behavior, assuming the role of a delivery person, to solicit information from target persons, or manipulate the target into … |
| CAPEC-415 | Pretexting via Phone | An adversary engages in pretexting behavior, assuming some sort of trusted role, and contacting the targeted individual or organization via phone to solicit in… |
| CAPEC-418 | Influence Perception of Reciprocation | An adversary uses a social engineering techniques to produce a sense of obligation in the target to perform a certain action or concede some sensitive or key p… |
| CAPEC-42 | MIME Conversion | An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is des… |