615 indexed
CAPECCAPEC attack patterns
615 MITRE CAPEC entries — attack patterns at meta, standard, and detailed abstraction levels. Filter by abstraction. Authored by Adam Lundqvist.
Showing 201–250 of 341 in Detailed · page 5 of 7
| ID | Title | Summary |
|---|---|---|
| CAPEC-509 | Kerberoasting | Through the exploitation of how service accounts leverage Kerberos authentication with Service Principal Names (SPNs), the adversary obtains and subsequently c… |
| CAPEC-51 | Poison Web Service Registry | SOA and Web Services often use a registry to perform look up, get schema information, and metadata about services. A poisoned registry can redirect (think phis… |
| CAPEC-511 | Infiltration of Software Development Environment | An attacker uses common delivery mechanisms such as email attachments or removable media to infiltrate the IDE (Integrated Development Environment) of a victim… |
| CAPEC-516 | Hardware Component Substitution During Baselining | An adversary with access to system components during allocated baseline development can substitute a maliciously altered hardware component for a baseline comp… |
| CAPEC-517 | Documentation Alteration to Circumvent Dial-down | An attacker with access to a manufacturer's documentation, which include descriptions of advanced technology and/or specific components' criticality, alters th… |
| CAPEC-518 | Documentation Alteration to Produce Under-performing Systems | An attacker with access to a manufacturer's documentation alters the descriptions of system capabilities with the intent of causing errors in derived system re… |
| CAPEC-519 | Documentation Alteration to Cause Errors in System Design | An attacker with access to a manufacturer's documentation containing requirements allocation and software design processes maliciously alters the documentation… |
| CAPEC-52 | Embedding NULL Bytes | An adversary embeds one or more null bytes in input to the target software. This attack relies on the usage of a null-valued byte as a string terminator in man… |
| CAPEC-520 | Counterfeit Hardware Component Inserted During Product Assembly | An adversary with either direct access to the product assembly process or to the supply of subcomponents used in the product assembly process introduces counte… |
| CAPEC-521 | Hardware Design Specifications Are Altered | An attacker with access to a manufacturer's hardware manufacturing process documentation alters the design specifications, which introduces flaws advantageous … |
| CAPEC-53 | Postfix, Null Terminate, and Backslash | If a string is passed through a filter of some kind, then a terminal NULL may not be valid. Using alternate representation of NULL allows an adversary to embed… |
| CAPEC-530 | Provide Counterfeit Component | An attacker provides a counterfeit component during the procurement process of a lower-tier component supplier to a sub-system developer or integrator, which i… |
| CAPEC-531 | Hardware Component Substitution | An attacker substitutes out a tested and approved hardware component for a maliciously-altered hardware component. This type of attack is carried out directly … |
| CAPEC-532 | Altered Installed BIOS | An attacker with access to download and update system software sends a maliciously altered BIOS to the victim or victim supplier/integrator, which when install… |
| CAPEC-533 | Malicious Manual Software Update | An attacker introduces malicious code to the victim's system by altering the payload of a software update, allowing for additional compromise or site disruptio… |
| CAPEC-535 | Malicious Gray Market Hardware | An attacker maliciously alters hardware components that will be sold on the gray market, allowing for victim disruption and compromise when the victim needs re… |
| CAPEC-537 | Infiltration of Hardware Development Environment | An adversary, leveraging the ability to manipulate components of primary support systems and tools within the development and production environments, inserts … |
| CAPEC-538 | Open-Source Library Manipulation | Adversaries implant malicious code in open source software (OSS) libraries to have it widely distributed, as OSS is commonly downloaded by developers and other… |
| CAPEC-539 | ASIC With Malicious Functionality | An attacker with access to the development environment process of an application-specific integrated circuit (ASIC) for a victim system being developed or main… |
| CAPEC-543 | Counterfeit Websites | Adversary creates duplicates of legitimate websites. When users visit a counterfeit site, the site can gather information or upload malware. Metadata: detaile… |
| CAPEC-544 | Counterfeit Organizations | An adversary creates a false front organizations with the appearance of a legitimate supplier in the critical life cycle path that then injects corrupted/malic… |
| CAPEC-546 | Incomplete Data Deletion in a Multi-Tenant Environment | An adversary obtains unauthorized information due to insecure or incomplete data deletion in a multi-tenant environment. If a cloud provider fails to completel… |
| CAPEC-55 | Rainbow Table Password Cracking | An attacker gets access to the database table where hashes of passwords are stored. They then use a rainbow table of pre-computed hash chains to attempt to loo… |
| CAPEC-550 | Install New Service | When an operating system starts, it also starts programs called services or daemons. Adversaries may install a new service which will be executed at startup (o… |
| CAPEC-551 | Modify Existing Service | When an operating system starts, it also starts programs called services or daemons. Modifying existing services may break existing services or may enable serv… |
| CAPEC-552 | Install Rootkit | An adversary exploits a weakness in authentication to install malware that alters the functionality and information provide by targeted operating system API ca… |
| CAPEC-556 | Replace File Extension Handlers | When a file is opened, its file handler is checked to determine which program opens the file. File handlers are configuration properties of many operating syst… |
| CAPEC-557 | DEPRECATED: Schedule Software To Run | This CAPEC has been deprecated because it is not directly related to a weakness, social engineering, supply chains, or a physical-based attack. Metadata: deta… |
| CAPEC-558 | Replace Trusted Executable | An adversary exploits weaknesses in privilege management or access control to replace a trusted executable with a malicious version and enable the execution of… |
| CAPEC-559 | Orbital Jamming | In this attack pattern, the adversary sends disruptive signals at a target satellite using a rogue uplink station to disrupt the intended transmission. Those w… |
| CAPEC-561 | Windows Admin Shares with Stolen Credentials | An adversary guesses or obtains (i.e. steals or purchases) legitimate Windows administrator credentials (e.g. userID/password) to access Windows Admin Shares o… |
| CAPEC-562 | Modify Shared File | An adversary manipulates the files in a shared location by adding malicious programs, scripts, or exploit code to valid content. Once a user opens the shared c… |
| CAPEC-563 | Add Malicious File to Shared Webroot | An adversaries may add malicious content to a website through the open file share and then browse to that content with a web browser to cause the server to exe… |
| CAPEC-564 | Run Software at Logon | Operating system allows logon scripts to be run whenever a specific user or users logon to a system. If adversaries can access these scripts, they may insert a… |
| CAPEC-565 | Password Spraying | Metadata: detailed CAPEC pattern, status draft, likelihood high, severity high. Underlying weaknesses: CWE-521, CWE-262, CWE-263, CWE-654, CWE-307 (and 2 more)… |
| CAPEC-566 | DEPRECATED: Dump Password Hashes | This CAPEC has been deprecated because of is not directly related to a weakness, social engineering, supply chains, or a physical-based attack. Metadata: deta… |
| CAPEC-568 | Capture Credentials via Keylogger | An adversary deploys a keylogger in an effort to obtain credentials directly from a system's user. After capturing all the keystrokes made by a user, the adver… |
| CAPEC-57 | Utilizing REST's Trust in the System Resource to Obtain Sensitive Data | This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SS… |
| CAPEC-570 | DEPRECATED: Signature-Based Avoidance | This CAPEC has been deprecated because it is not directly related to a weakness, social engineering, supply chains, or a physical-based attack. Metadata: deta… |
| CAPEC-579 | Replace Winlogon Helper DLL | Winlogon is a part of Windows that performs logon actions. In Windows systems prior to Windows Vista, a registry key can be modified that causes Winlogon to lo… |
| CAPEC-58 | Restful Privilege Elevation | An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack … |
| CAPEC-581 | Security Software Footprinting | Adversaries may attempt to get a listing of security tools that are installed on the system and their configurations. This may include security related system … |
| CAPEC-583 | Disabling Network Hardware | In this attack pattern, an adversary physically disables networking hardware by powering it down or disconnecting critical equipment. Disabling or shutting off… |
| CAPEC-584 | BGP Route Disabling | An adversary suppresses the Border Gateway Protocol (BGP) advertisement for a route so as to render the underlying network inaccessible. The BGP protocol helps… |
| CAPEC-585 | DNS Domain Seizure | In this attack pattern, an adversary influences a target's web-hosting company to disable a target domain. The goal is to prevent access to the targeted servic… |
| CAPEC-587 | Cross Frame Scripting (XFS) | This attack pattern combines malicious Javascript and a legitimate webpage loaded into a concealed iframe. The malicious Javascript is then able to interact wi… |
| CAPEC-588 | DOM-Based XSS | This type of attack is a form of Cross-Site Scripting (XSS) where a malicious script is inserted into the client-side HTML being parsed by a web browser. Conte… |
| CAPEC-589 | DNS Blocking | An adversary intercepts traffic and intentionally drops DNS requests based on content in the request. In this way, the adversary can deny the availability of s… |
| CAPEC-59 | Session Credential Falsification through Prediction | This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing a… |
| CAPEC-590 | IP Address Blocking | An adversary performing this type of attack drops packets destined for a target IP address. The aim is to prevent access to the service hosted at the target IP… |