615 indexed
CAPECCAPEC attack patterns
615 MITRE CAPEC entries — attack patterns at meta, standard, and detailed abstraction levels. Filter by abstraction. Authored by Adam Lundqvist.
Showing 51–77 of 77 in Meta · page 2 of 2
| ID | Title | Summary |
|---|---|---|
| CAPEC-390 | Bypassing Physical Security | Facilities often used layered models for physical security such as traditional locks, Electronic-based card entry systems, coupled with physical alarms. Hardwa… |
| CAPEC-404 | DEPRECATED: Social Information Gathering Attacks | This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern. Please refer to CAPEC-118 : Collect and Analyze Information. M… |
| CAPEC-405 | DEPRECATED: Social Information Gathering via Research | This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern. Please refer to CAPEC-118 : Collect and Analyze Information. M… |
| CAPEC-408 | DEPRECATED: Information Gathering from Traditional Sources | This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern. Please refer to CAPEC-118 : Collect and Analyze Information. M… |
| CAPEC-409 | DEPRECATED: Information Gathering from Non-Traditional Sources | This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern. Please refer to CAPEC-118 : Collect and Analyze Information. M… |
| CAPEC-410 | Information Elicitation | An adversary engages an individual using any combination of social engineering methods for the purpose of extracting information. Accurate contextual and envir… |
| CAPEC-411 | DEPRECATED: Pretexting | This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-407 : Social Information Gathering via Pretexting". Please r… |
| CAPEC-416 | Manipulate Human Behavior | An adversary exploits inherent human psychological predisposition to influence a targeted individual or group to solicit information or manipulate the target i… |
| CAPEC-419 | DEPRECATED: Target Influence via Perception of Concession | This attack pattern has been deprecated as it was deemed not to be a legitimate pattern. Metadata: meta CAPEC pattern, status deprecated. Metadata: meta CAPE… |
| CAPEC-438 | Modification During Manufacture | An attacker modifies a technology, product, or component during a stage in its manufacture for the purpose of carrying out an attack against some entity involv… |
| CAPEC-439 | Manipulation During Distribution | An attacker undermines the integrity of a product, software, or technology at some stage of the distribution channel. The core threat of modification or manipu… |
| CAPEC-440 | Hardware Integrity Attack | An adversary exploits a weakness in the system maintenance process and causes a change to be made to a technology, product, component, or sub-component or a ne… |
| CAPEC-441 | Malicious Logic Insertion | An adversary installs or adds malicious logic (also known as malware) into a seemingly benign component of a fielded system. This logic is often hidden from th… |
| CAPEC-507 | Physical Theft | An adversary gains physical access to a system or device through theft of the item. Possession of a system or device enables a number of unique attacks to be e… |
| CAPEC-548 | Contaminate Resource | An adversary contaminates organizational information systems (including devices and networks) by causing them to handle information of a classification/sensiti… |
| CAPEC-549 | Local Execution of Code | An adversary installs and executes malicious code on the target system in an effort to achieve a negative technical impact. Examples include rootkits, ransomwa… |
| CAPEC-554 | Functionality Bypass | An adversary attacks a system by bypassing some or all functionality intended to protect it. Often, a system user will think that protection is in place, but t… |
| CAPEC-560 | Use of Known Domain Credentials | Metadata: meta CAPEC pattern, status stable, likelihood high, severity high. Underlying weaknesses: CWE-522, CWE-307, CWE-308, CWE-309, CWE-262 (and 3 more). M… |
| CAPEC-586 | Object Injection | An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage ser… |
| CAPEC-594 | Traffic Injection | An adversary injects traffic into the target's network connection. The adversary is therefore able to degrade or disrupt the connection, and potentially modify… |
| CAPEC-602 | DEPRECATED: Degradation | This attack pattern has been deprecated. Metadata: meta CAPEC pattern, status deprecated. Metadata: meta CAPEC pattern, status deprecated. |
| CAPEC-607 | Obstruction | An attacker obstructs the interactions between system components. By interrupting or disabling these interactions, an adversary can often force the system into… |
| CAPEC-624 | Hardware Fault Injection | The adversary uses disruptive signals or events, or alters the physical environment a device operates in, to cause faulty behavior in electronic devices. This … |
| CAPEC-690 | Metadata Spoofing | Metadata: meta CAPEC pattern, status stable, likelihood medium, severity high. Metadata: meta CAPEC pattern, status stable, likelihood medium, severity high. |
| CAPEC-699 | Eavesdropping on a Monitor | An Adversary can eavesdrop on the content of an external monitor through the air without modifying any cable or installing software, just capturing this signal… |
| CAPEC-74 | Manipulating State | Metadata: meta CAPEC pattern, status stable, likelihood medium, severity high. Underlying weaknesses: CWE-372, CWE-315, CWE-353, CWE-693, CWE-1245 (and 3 more)… |
| CAPEC-94 | Adversary in the Middle (AiTM) | Metadata: meta CAPEC pattern, status stable, likelihood high, severity very high. Underlying weaknesses: CWE-300, CWE-290, CWE-593, CWE-287, CWE-294. Mapped AT… |