615 indexed
CAPECCAPEC attack patterns
615 MITRE CAPEC entries — attack patterns at meta, standard, and detailed abstraction levels. Filter by abstraction. Authored by Adam Lundqvist.
Showing 251–300 of 341 in Detailed · page 6 of 7
| ID | Title | Summary |
|---|---|---|
| CAPEC-591 | Reflected XSS | This type of attack is a form of Cross-Site Scripting (XSS) where a malicious script is "reflected" off a vulnerable web application and then executed by a vic… |
| CAPEC-592 | Stored XSS | An adversary utilizes a form of Cross-site Scripting (XSS) where a malicious script is persistently "stored" within the data storage of a vulnerable web applic… |
| CAPEC-596 | TCP RST Injection | An adversary injects one or more TCP RST packets to a target after the target has made a HTTP GET request. The goal of this attack is to have the target and/or… |
| CAPEC-597 | Absolute Path Traversal | An adversary with access to file system resources, either directly or via application logic, will use various file absolute paths and navigation mechanisms suc… |
| CAPEC-598 | DNS Spoofing | An adversary sends a malicious ("NXDOMAIN" ("No such domain") code, or DNS A record) response to a target's route request before a legitimate resolver can. Thi… |
| CAPEC-599 | Terrestrial Jamming | In this attack pattern, the adversary transmits disruptive signals in the direction of the target's consumer-level satellite dish (as opposed to the satellite … |
| CAPEC-60 | Reusing Session IDs (aka Session Replay) | This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used … |
| CAPEC-604 | Wi-Fi Jamming | In this attack scenario, the attacker actively transmits on the Wi-Fi channel to prevent users from transmitting or receiving data from the targeted Wi-Fi netw… |
| CAPEC-605 | Cellular Jamming | In this attack scenario, the attacker actively transmits signals to overpower and disrupt the communication between a cellular user device and a cell tower. Se… |
| CAPEC-606 | Weakening of Cellular Encryption | An attacker, with control of a Cellular Rogue Base Station or through cooperation with a Malicious Mobile Network Operator can force the mobile device (e.g., t… |
| CAPEC-608 | Cryptanalysis of Cellular Encryption | The use of cryptanalytic techniques to derive cryptographic keys or otherwise effectively defeat cellular encryption to reveal traffic content. Some cellular e… |
| CAPEC-609 | Cellular Traffic Intercept | Cellular traffic for voice and data from mobile devices and retransmission devices can be intercepted via numerous methods. Malicious actors can deploy their o… |
| CAPEC-61 | Session Fixation | The attacker induces a client to establish a session with the target software using a session identifier provided by the attacker. Once the user successfully a… |
| CAPEC-611 | BitSquatting | An adversary registers a domain name one bit different than a trusted domain. A BitSquatting attack leverages random errors in memory to direct Internet traffi… |
| CAPEC-612 | WiFi MAC Address Tracking | In this attack scenario, the attacker passively listens for WiFi messages and logs the associated Media Access Control (MAC) addresses. These addresses are int… |
| CAPEC-613 | WiFi SSID Tracking | In this attack scenario, the attacker passively listens for WiFi management frame messages containing the Service Set Identifier (SSID) for the WiFi network. T… |
| CAPEC-614 | Rooting SIM Cards | SIM cards are the de facto trust anchor of mobile devices worldwide. The cards protect the mobile identity of subscribers, associate devices with phone numbers… |
| CAPEC-615 | Evil Twin Wi-Fi Attack | Adversaries install Wi-Fi equipment that acts as a legitimate Wi-Fi network access point. When a device connects to this access point, Wi-Fi data traffic is in… |
| CAPEC-617 | Cellular Rogue Base Station | In this attack scenario, the attacker imitates a cellular base station with their own "rogue" base station equipment. Since cellular devices connect to whateve… |
| CAPEC-618 | Cellular Broadcast Message Request | In this attack scenario, the attacker uses knowledge of the target’s mobile phone number (i.e., the number associated with the SIM used in the retransmission d… |
| CAPEC-619 | Signal Strength Tracking | In this attack scenario, the attacker passively monitors the signal strength of the target’s cellular RF signal or WiFi RF signal and uses the strength of the … |
| CAPEC-621 | Analysis of Packet Timing and Sizes | An attacker may intercept and log encrypted transmissions for the purpose of analyzing metadata such as packet timing and sizes. Although the actual data may b… |
| CAPEC-622 | Electromagnetic Side-Channel Attack | In this attack scenario, the attacker passively monitors electromagnetic emanations that are produced by the targeted electronic device as an unintentional sid… |
| CAPEC-623 | Compromising Emanations Attack | Compromising Emanations (CE) are defined as unintentional signals which an attacker may intercept and analyze to disclose the information processed by the targ… |
| CAPEC-626 | Smudge Attack | Attacks that reveal the password/passcode pattern on a touchscreen device by detecting oil smudges left behind by the user’s fingers. Metadata: detailed CAPEC… |
| CAPEC-628 | Carry-Off GPS Attack | A common form of a GPS spoofing attack, commonly termed a carry-off attack begins with an adversary broadcasting signals synchronized with the genuine signals … |
| CAPEC-630 | TypoSquatting | An adversary registers a domain name with at least one character different than a trusted domain. A TypoSquatting attack takes advantage of instances where a u… |
| CAPEC-631 | SoundSquatting | An adversary registers a domain name that sounds the same as a trusted domain, but has a different spelling. A SoundSquatting attack takes advantage of a user'… |
| CAPEC-632 | Homograph Attack via Homoglyphs | An adversary registers a domain name containing a homoglyph, leading the registered domain to appear the same as a trusted domain. A homograph attack leverages… |
| CAPEC-633 | Token Impersonation | An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a proces… |
| CAPEC-634 | Probe Audio and Video Peripherals | The adversary exploits the target system's audio and video functionalities through malware or scheduled tasks. The goal is to capture sensitive information abo… |
| CAPEC-637 | Collect Data from Clipboard | The adversary exploits an application that allows for the copying of sensitive data or information by collecting information copied to the clipboard. Data copi… |
| CAPEC-638 | Altered Component Firmware | An adversary exploits systems features and/or improperly protected firmware of hardware components, such as Hard Disk Drives (HDD), with the goal of executing … |
| CAPEC-639 | Probe System Files | An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected… |
| CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic | This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple ways of encoding… |
| CAPEC-640 | Inclusion of Code in Existing Process | The adversary takes advantage of a bug in an application failing to verify the integrity of the running process to execute arbitrary code in the address space … |
| CAPEC-641 | DLL Side-Loading | An adversary places a malicious version of a Dynamic-Link Library (DLL) in the Windows Side-by-Side (WinSxS) directory to trick the operating system into loadi… |
| CAPEC-642 | Replace Binaries | Adversaries know that certain binaries will be regularly executed as part of normal processing. If these binaries are not protected with the appropriate file s… |
| CAPEC-643 | Identify Shared Files/Directories on System | An adversary discovers connections between systems by exploiting the target system's standard practice of revealing them in searchable, common areas. Through t… |
| CAPEC-644 | Use of Captured Hashes (Pass The Hash) | An adversary obtains (i.e. steals or purchases) legitimate Windows domain credential hash values to access systems within the domain that leverage the Lan Man … |
| CAPEC-645 | Use of Captured Tickets (Pass The Ticket) | An adversary uses stolen Kerberos tickets to access systems/resources that leverage the Kerberos authentication protocol. The Kerberos authentication protocol … |
| CAPEC-647 | Collect Data from Registries | An adversary exploits a weakness in authorization to gather system-specific data and sensitive information within a registry (e.g., Windows Registry, Mac plist… |
| CAPEC-648 | Collect Data from Screen Capture | An adversary gathers sensitive information by exploiting the system's screen capture functionality. Through screenshots, the adversary aims to see what happens… |
| CAPEC-649 | Adding a Space to a File Extension | An adversary adds a space character to the end of a file extension and takes advantage of an application that does not properly neutralize trailing special ele… |
| CAPEC-65 | Sniff Application Code | An adversary passively sniffs network communications and captures application code bound for an authorized client. Once obtained, they can use it as-is, or thr… |
| CAPEC-650 | Upload a Web Shell to a Web Server | By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can hav… |
| CAPEC-654 | Credential Prompt Impersonation | An adversary, through a previously installed malicious application, impersonates a credential prompt in an attempt to steal a user's credentials. Metadata: de… |
| CAPEC-655 | Avoid Security Tool Identification by Adding Data | Metadata: detailed CAPEC pattern, status draft, likelihood high, severity high. Mapped ATT&CK technique: [object Object]. Related CAPEC pattern: [object Object… |
| CAPEC-656 | Voice Phishing | An adversary targets users with a phishing attack for the purpose of soliciting account passwords or sensitive information from the user. Voice Phishing is a v… |
| CAPEC-657 | Malicious Automated Software Update via Spoofing | An attackers uses identify or content spoofing to trick a client into performing an automated software update from a malicious source. A malicious automated so… |