615 indexed
CAPECCAPEC attack patterns
615 MITRE CAPEC entries — attack patterns at meta, standard, and detailed abstraction levels. Filter by abstraction. Authored by Adam Lundqvist.
Showing 151–200 of 341 in Detailed · page 4 of 7
| ID | Title | Summary |
|---|---|---|
| CAPEC-420 | Influence Perception of Scarcity | The adversary leverages a perception of scarcity to persuade the target to perform an action or divulge information that is advantageous to the adversary. By c… |
| CAPEC-421 | Influence Perception of Authority | An adversary uses a social engineering technique to convey a sense of authority that motivates the target to reveal specific information or take specific actio… |
| CAPEC-422 | Influence Perception of Commitment and Consistency | An adversary uses social engineering to convince the target to do minor tasks as opposed to larger actions. After complying with a request, individuals are mor… |
| CAPEC-423 | Influence Perception of Liking | The adversary influences the target's actions by building a relationship where the target has a liking to the adversary. People are more likely to be influence… |
| CAPEC-424 | Influence Perception of Consensus or Social Proof | The adversary influences the target's actions by leveraging the inherent human nature to assume behavior of others is appropriate. In situations of uncertainty… |
| CAPEC-428 | Influence via Modes of Thinking | The adversary tailors their communication to the language and thought patterns of the target thereby weakening barriers or reluctance to communication. This me… |
| CAPEC-429 | Target Influence via Eye Cues | The adversary gains information via non-verbal means from the target through eye movements. Metadata: detailed CAPEC pattern, status draft, severity low. Rela… |
| CAPEC-43 | Exploiting Multiple Input Interpretation Layers | An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit … |
| CAPEC-430 | DEPRECATED: Target Influence via Micro-Expressions | This attack pattern has been deprecated. Metadata: detailed CAPEC pattern, status deprecated. Metadata: detailed CAPEC pattern, status deprecated. |
| CAPEC-431 | DEPRECATED: Target Influence via Neuro-Linguistic Programming (NLP) | This attack pattern has been deprecated. Metadata: detailed CAPEC pattern, status deprecated. Metadata: detailed CAPEC pattern, status deprecated. |
| CAPEC-432 | DEPRECATED: Target Influence via Voice in NLP | This attack pattern has been deprecated. Metadata: detailed CAPEC pattern, status deprecated. Metadata: detailed CAPEC pattern, status deprecated. |
| CAPEC-433 | Target Influence via The Human Buffer Overflow | An attacker utilizes a technique to insinuate commands to the subconscious mind of the target via communication patterns. The human buffer overflow methodology… |
| CAPEC-434 | Target Influence via Interview and Interrogation | Metadata: detailed CAPEC pattern, status draft, severity low. Related CAPEC pattern: [object Object]. Metadata: detailed CAPEC pattern, status draft, severity… |
| CAPEC-435 | Target Influence via Instant Rapport | Metadata: detailed CAPEC pattern, status draft, severity low. Related CAPEC pattern: [object Object]. Metadata: detailed CAPEC pattern, status draft, severity… |
| CAPEC-44 | Overflow Binary Resource File | An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image f… |
| CAPEC-443 | Malicious Logic Inserted Into Product by Authorized Developer | An adversary uses their privileged position within an authorized development organization to inject malicious logic into a codebase or product. Metadata: deta… |
| CAPEC-445 | Malicious Logic Insertion into Product Software via Configuration Management Manipulation | Metadata: detailed CAPEC pattern, status stable, likelihood medium, severity high. Mapped ATT&CK technique: [object Object]. Related CAPEC pattern: [object Obj… |
| CAPEC-446 | Malicious Logic Insertion into Product via Inclusion of Third-Party Component | Metadata: detailed CAPEC pattern, status stable, likelihood medium, severity high. Mapped ATT&CK technique: [object Object]. Related CAPEC pattern: [object Obj… |
| CAPEC-448 | Embed Virus into DLL | An adversary tampers with a DLL and embeds a computer virus into gaps between legitimate machine instructions. These gaps may be the result of compiler optimiz… |
| CAPEC-449 | DEPRECATED: Malware Propagation via USB Stick | This attack pattern has been deprecated as it is a duplicate of CAPEC-448 : Malware Infection into Product Software. Please refer to this other pattern going f… |
| CAPEC-45 | Buffer Overflow via Symbolic Links | This type of attack leverages the use of symbolic links to cause buffer overflows. An adversary can try to create or manipulate a symbolic link file such that … |
| CAPEC-451 | DEPRECATED: Malware Propagation via Infected Peripheral Device | This attack pattern has been deprecated as it is a duplicate of CAPEC-448 : Malware Infection into Product Software. Please refer to this other pattern going f… |
| CAPEC-454 | DEPRECATED: Modification of Existing Components with Counterfeit Hardware | This attack pattern has been deprecated as it is a duplicate of CAPEC-452 : Malicious Logic Insertion into Product Hardware. Please refer to this other pattern… |
| CAPEC-455 | DEPRECATED: Malicious Logic Insertion via Inclusion of Counterfeit Hardware Components | This attack pattern has been deprecated as it is a duplicate of CAPEC-457 : Malicious Logic Insertion into Product Hardware. Please refer to this other pattern… |
| CAPEC-457 | USB Memory Attacks | An adversary loads malicious code onto a USB memory stick in order to infect any system which the device is plugged in to. USB drives present a significant sec… |
| CAPEC-458 | Flash Memory Attacks | An adversary inserts malicious logic into a product or technology via flashing the on-board memory with a code-base that contains malicious logic. Various atta… |
| CAPEC-459 | Creating a Rogue Certification Authority Certificate | An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that co… |
| CAPEC-46 | Overflow Variables and Tags | This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The adversary crafts a malicious HTML … |
| CAPEC-460 | HTTP Parameter Pollution (HPP) | An adversary adds duplicate HTTP GET/POST parameters by injecting query string delimiters. Via HPP it may be possible to override existing hardcoded HTTP param… |
| CAPEC-462 | Cross-Domain Search Timing | An attacker initiates cross domain HTTP / GET requests and times the server responses. The timing of these responses may leak important information on what is … |
| CAPEC-463 | Padding Oracle Crypto Attack | An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened wh… |
| CAPEC-467 | Cross Site Identification | An attacker harvests identifying information about a victim via an active session that the victim's browser has with a social networking site. A victim may hav… |
| CAPEC-47 | Buffer Overflow via Parameter Expansion | In this attack, the target software is given input that the adversary knows will be modified and expanded in size during processing. This attack relies on the … |
| CAPEC-470 | Expanding Control over the Operating System from the Database | An attacker is able to leverage access gained to the database to read / write data to the file system, compromise the operating system, create a tunnel for acc… |
| CAPEC-471 | Search Order Hijacking | An adversary exploits a weakness in an application's specification of external libraries to exploit the functionality of the loader where the process loading t… |
| CAPEC-472 | Browser Fingerprinting | An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need… |
| CAPEC-474 | Signature Spoofing by Key Theft | An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer t… |
| CAPEC-475 | Signature Spoofing by Improper Validation | An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key. M… |
| CAPEC-476 | Signature Spoofing by Misrepresentation | An attacker exploits a weakness in the parsing or display code of the recipient software to generate a data blob containing a supposedly valid signature, but t… |
| CAPEC-477 | Signature Spoofing by Mixing Signed and Unsigned Content | An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as … |
| CAPEC-478 | Modification of Windows Service Configuration | An adversary exploits a weakness in access control to modify the execution parameters of a Windows service. The goal of this attack is to execute a malicious b… |
| CAPEC-479 | Malicious Root Certificate | An adversary exploits a weakness in authorization and installs a new root certificate on a compromised system. Certificates are commonly used for establishing … |
| CAPEC-485 | Signature Spoofing by Key Recreation | An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudoran… |
| CAPEC-491 | Quadratic Data Expansion | An adversary exploits macro-like substitution to cause a denial of service situation due to excessive memory being allocated to fully expand the data. The resu… |
| CAPEC-498 | Probe iOS Screenshots | An adversary examines screenshot images created by iOS in an attempt to obtain sensitive information. This attack targets temporary screenshots created by the … |
| CAPEC-5 | Blue Boxing | Metadata: detailed CAPEC pattern, status obsolete, likelihood medium, severity very high. Underlying weakness: CWE-285. Related CAPEC pattern: [object Object].… |
| CAPEC-500 | WebView Injection | An adversary, through a previously installed malicious application, injects code into the context of a web page displayed by a WebView component. Through the i… |
| CAPEC-501 | Android Activity Hijack | An adversary intercepts an implicit intent sent to launch a Android-based trusted activity and instead launches a counterfeit activity in its place. The malici… |
| CAPEC-505 | Scheme Squatting | An adversary, through a previously installed malicious application, registers for a URL scheme intended for a target application that has not been installed. T… |
| CAPEC-508 | Shoulder Surfing | In a shoulder surfing attack, an adversary observes an unaware individual's keystrokes, screen content, or conversations with the goal of obtaining sensitive i… |