615 indexed
CAPECCAPEC attack patterns
615 MITRE CAPEC entries — attack patterns at meta, standard, and detailed abstraction levels. Filter by abstraction. Authored by Adam Lundqvist.
Showing 301–341 of 341 in Detailed · page 7 of 7
| ID | Title | Summary |
|---|---|---|
| CAPEC-660 | Root/Jailbreak Detection Evasion via Hooking | An adversary forces a non-restricted mobile application to load arbitrary code or code files, via Hooking, with the goal of evading Root/Jailbreak detection. M… |
| CAPEC-661 | Root/Jailbreak Detection Evasion via Debugging | An adversary inserts a debugger into the program entry point of a mobile application to modify the application binary, with the goal of evading Root/Jailbreak … |
| CAPEC-665 | Exploitation of Thunderbolt Protection Flaws | Metadata: detailed CAPEC pattern, status stable, likelihood low, severity very high. Underlying weaknesses: CWE-345, CWE-353, CWE-288, CWE-1188, CWE-862. Mappe… |
| CAPEC-667 | Bluetooth Impersonation AttackS (BIAS) | An adversary disguises the MAC address of their Bluetooth enabled device to one for which there exists an active and trusted connection and authenticates succe… |
| CAPEC-67 | String Format Overflow in syslog() | This attack targets applications and software that uses the syslog() function insecurely. If an application does not explicitely use a format string parameter … |
| CAPEC-670 | Software Development Tools Maliciously Altered | An adversary with the ability to alter tools used in a development environment causes software to be developed with maliciously modified tools. Such tools incl… |
| CAPEC-671 | Requirements for ASIC Functionality Maliciously Altered | An adversary with access to functional requirements for an application specific integrated circuit (ASIC), a chip designed/customized for a singular particular… |
| CAPEC-672 | Malicious Code Implanted During Chip Programming | Metadata: detailed CAPEC pattern, status draft, likelihood low, severity high. Mapped ATT&CK technique: [object Object]. Related CAPEC pattern: [object Object]… |
| CAPEC-673 | Developer Signing Maliciously Altered Software | Metadata: detailed CAPEC pattern, status draft, likelihood medium, severity high. Mapped ATT&CK technique: [object Object]. Related CAPEC pattern: [object Obje… |
| CAPEC-674 | Design for FPGA Maliciously Altered | Metadata: detailed CAPEC pattern, status stable, likelihood low, severity high. Mapped ATT&CK technique: [object Object]. Related CAPEC pattern: [object Object… |
| CAPEC-677 | Server Motherboard Compromise | Metadata: detailed CAPEC pattern, status draft, likelihood low, severity high. Mapped ATT&CK technique: [object Object]. Related CAPEC pattern: [object Object]… |
| CAPEC-678 | System Build Data Maliciously Altered | Metadata: detailed CAPEC pattern, status draft, likelihood low, severity high. Mapped ATT&CK technique: [object Object]. Related CAPEC pattern: [object Object]… |
| CAPEC-679 | Exploitation of Improperly Configured or Implemented Memory Protections | Metadata: detailed CAPEC pattern, status draft, likelihood medium, severity very high. Underlying weaknesses: CWE-1222, CWE-1252, CWE-1257, CWE-1260, CWE-1274 … |
| CAPEC-680 | Exploitation of Improperly Controlled Registers | Metadata: detailed CAPEC pattern, status draft, likelihood medium, severity high. Underlying weaknesses: CWE-1224, CWE-1231, CWE-1233, CWE-1262, CWE-1283. Rela… |
| CAPEC-681 | Exploitation of Improperly Controlled Hardware Security Identifiers | Metadata: detailed CAPEC pattern, status draft, likelihood medium, severity very high. Underlying weaknesses: CWE-1259, CWE-1267, CWE-1270, CWE-1294, CWE-1302.… |
| CAPEC-692 | Spoof Version Control System Commit Metadata | Metadata: detailed CAPEC pattern, status stable, likelihood medium, severity high. Underlying weakness: CWE-494. Related CAPEC pattern: [object Object]. Metad… |
| CAPEC-693 | StarJacking | Metadata: detailed CAPEC pattern, status stable, likelihood medium, severity high. Underlying weakness: CWE-494. Related CAPEC pattern: [object Object]. Metad… |
| CAPEC-695 | Repo Jacking | Metadata: detailed CAPEC pattern, status stable, likelihood medium, severity high. Underlying weaknesses: CWE-494, CWE-829. Mapped ATT&CK technique: [object Ob… |
| CAPEC-696 | Load Value Injection | An adversary exploits a hardware design flaw in a CPU implementation of transient instruction execution in which a faulting or assisted load instruction transi… |
| CAPEC-698 | Install Malicious Extension | Metadata: detailed CAPEC pattern, status stable, likelihood medium, severity high. Underlying weaknesses: CWE-507, CWE-829. Mapped ATT&CK techniques: [object O… |
| CAPEC-7 | Blind SQL Injection | Blind SQL Injection results from an insufficient mitigation for SQL Injection. Although suppressing database error messages are considered best practice, the s… |
| CAPEC-70 | Try Common or Default Usernames and Passwords | An adversary may try certain common or default usernames and passwords to gain access into the system and perform unauthorized actions. An adversary may try an… |
| CAPEC-702 | Exploiting Incorrect Chaining or Granularity of Hardware Debug Components | Metadata: detailed CAPEC pattern, status draft, likelihood low, severity medium. Underlying weakness: CWE-1296. Related CAPEC pattern: [object Object]. Metada… |
| CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic | An attacker may provide a Unicode string to a system component that is not Unicode aware and use that to circumvent the filter or cause the classifying mechani… |
| CAPEC-72 | URL Encoding | This attack targets the encoding of the URL. An adversary can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. M… |
| CAPEC-76 | Manipulating Web Input to File System Calls | An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perha… |
| CAPEC-78 | Using Escaped Slashes in Alternate Encoding | This attack targets the use of the backslash in alternate encoding. An adversary can provide a backslash as a leading character and causes a parser to believe … |
| CAPEC-79 | Using Slashes in Alternate Encoding | This attack targets the encoding of the Slash characters. An adversary would try to exploit common filtering problems related to the use of the slashes charact… |
| CAPEC-8 | Buffer Overflow in an API Call | This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An adversary who has knowledge of known vulnerable librar… |
| CAPEC-80 | Using UTF-8 Encoding to Bypass Validation Logic | This attack is a specific variation on leveraging alternate encodings to bypass validation logic. This attack leverages the possibility to encode potentially h… |
| CAPEC-81 | Web Server Logs Tampering | Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking o… |
| CAPEC-83 | XPath Injection | An attacker can craft special user-controllable input consisting of XPath expressions to inject the XML database and bypass authentication or glean information… |
| CAPEC-84 | XQuery Injection | This attack utilizes XQuery to probe and attack server systems; in a similar manner that SQL Injection allows an attacker to exploit SQL calls to RDBMS, XQuery… |
| CAPEC-85 | AJAX Footprinting | This attack utilizes the frequent client-server roundtrips in Ajax conversation to scan a system. While Ajax does not open up new vulnerabilities per se, it do… |
| CAPEC-86 | XSS Through HTTP Headers | An adversary exploits web applications that generate web content, such as links in a HTML page, based on unvalidated or improperly validated data submitted by … |
| CAPEC-9 | Buffer Overflow in Local Command-Line Utilities | This attack targets command-line utilities available in a number of shells. An adversary can leverage a vulnerability found in a command-line utility to escala… |
| CAPEC-91 | DEPRECATED: XSS in IMG Tags | This attack pattern has been deprecated as it is contained in the existing attack pattern "CAPEC-18 : XSS Targeting Non-Script Elements". Please refer to this … |
| CAPEC-92 | Forced Integer Overflow | This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The … |
| CAPEC-93 | Log Injection-Tampering-Forging | This attack targets the log files of the target host. The attacker injects, manipulates or forges malicious log entries in the log file, allowing them to misle… |
| CAPEC-95 | WSDL Scanning | This attack targets the WSDL interface made available by a web service. The attacker may scan the WSDL interface to reveal sensitive information about invocati… |
| CAPEC-96 | Block Access to Libraries | An application typically makes calls to functions that are a part of libraries external to the application. These libraries may be part of the operating system… |