615 indexed
CAPECCAPEC attack patterns
615 MITRE CAPEC entries — attack patterns at meta, standard, and detailed abstraction levels. Filter by abstraction. Authored by Adam Lundqvist.
Showing 51–100 of 197 in Standard · page 2 of 4
| ID | Title | Summary |
|---|---|---|
| CAPEC-251 | Local Code Inclusion | The attacker forces an application to load arbitrary code files from the local machine. The attacker could use this to try to load old versions of library file… |
| CAPEC-253 | Remote Code Inclusion | The attacker forces an application to load arbitrary code files from a remote location. The attacker could use this to try to load old versions of library file… |
| CAPEC-259 | DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching | This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-65 : Sniff Application Code". Please refer to this other CAP… |
| CAPEC-267 | Leverage Alternate Encoding | An adversary leverages the possibility to encode potentially harmful input or content used by applications such that the applications are ineffective at valida… |
| CAPEC-268 | Audit Log Manipulation | The attacker injects, manipulates, deletes, or forges malicious log entries into the log file, in an attempt to mislead an audit of the log file or cover track… |
| CAPEC-271 | Schema Poisoning | An adversary corrupts or modifies the content of a schema for the purpose of undermining the security of the target. Schemas provide the structure and content … |
| CAPEC-276 | Inter-component Protocol Manipulation | Inter-component protocols are used to communicate between different software and hardware modules within a single computer. Common examples are: interrupt sign… |
| CAPEC-277 | Data Interchange Protocol Manipulation | Data Interchange Protocols are used to transmit structured data between entities. These protocols are often specific to a particular domain (B2B: purchase orde… |
| CAPEC-278 | Web Services Protocol Manipulation | An adversary manipulates a web service related protocol to cause a web application or service to react differently than intended. This can either be performed … |
| CAPEC-29 | Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions | This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file ac… |
| CAPEC-292 | Host Discovery | An adversary sends a probe to an IP address to determine if the host is alive. Host discovery is one of the earliest phases of network reconnaissance. The adve… |
| CAPEC-30 | Hijacking a Privileged Thread of Execution | An adversary hijacks a privileged thread of execution by injecting malicious code into a running process. By using a privleged thread to do their bidding, adve… |
| CAPEC-300 | Port Scanning | An adversary uses a combination of techniques to determine the state of the ports on a remote target. Any service or application available for TCP or UDP netwo… |
| CAPEC-309 | Network Topology Mapping | An adversary engages in scanning activities to map network nodes, hosts, devices, and routes. Adversaries usually perform this type of network reconnaissance d… |
| CAPEC-311 | DEPRECATED: OS Fingerprinting | This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the standard level patterns CAPEC-312 : Active… |
| CAPEC-312 | Active OS Fingerprinting | An adversary engages in activity to detect the operating system or firmware version of a remote target by interrogating a device, server, or platform with a pr… |
| CAPEC-313 | Passive OS Fingerprinting | An adversary engages in activity to detect the version or type of OS software in a an environment by passively monitoring communication between devices, nodes,… |
| CAPEC-314 | DEPRECATED: IP Fingerprinting Probes | This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the standard level pattern CAPEC-312 : Active … |
| CAPEC-315 | DEPRECATED: TCP/IP Fingerprinting Probes | This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the standard level pattern CAPEC-312 : Active … |
| CAPEC-316 | DEPRECATED: ICMP Fingerprinting Probes | This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the standard level pattern CAPEC-312 : Active … |
| CAPEC-36 | Using Unpublished Interfaces or Functionality | An adversary searches for and invokes interfaces or functionality that the target system designers did not intend to be publicly available. If interfaces fail … |
| CAPEC-384 | Application API Message Manipulation via Man-in-the-Middle | An attacker manipulates either egress or ingress data from a client within an application framework in order to change the content of messages. Performing this… |
| CAPEC-386 | Application API Navigation Remapping | An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of links/… |
| CAPEC-39 | Manipulating Opaque Client-based Data Tokens | In circumstances where an application holds important data client-side in tokens (cookies, URLs, data files, and so forth) that data can be manipulated. If cli… |
| CAPEC-391 | Bypassing Physical Locks | An attacker uses techniques and methods to bypass physical security measures of a building or facility. Physical locks may range from traditional lock and key … |
| CAPEC-395 | Bypassing Electronic Locks and Access Controls | An attacker exploits security assumptions to bypass electronic locks or other forms of access controls. Most attacks against electronic access controls follow … |
| CAPEC-396 | DEPRECATED: Bypassing Card or Badge-Based Systems | This attack pattern has been deprecated as it a generalization of CAPEC-397: Cloning Magnetic Strip Cards, CAPEC-398: Magnetic Strip Card Brute Force Attacks, … |
| CAPEC-40 | Manipulating Writeable Terminal Devices | This attack exploits terminal devices that allow themselves to be written to by other users. The attacker sends command strings to the target terminal device h… |
| CAPEC-401 | Physically Hacking Hardware | An adversary exploits a weakness in access control to gain access to currently installed hardware and precedes to implement changes or secretly replace a hardw… |
| CAPEC-407 | Pretexting | An adversary engages in pretexting behavior to solicit information from target persons, or manipulate the target into performing some action that serves the ad… |
| CAPEC-417 | Influence Perception | The adversary uses social engineering to exploit the target's perception of the relationship between the adversary and themselves. This goal is to persuade the… |
| CAPEC-425 | Target Influence via Framing | An adversary uses framing techniques to contextualize a conversation so that the target is more likely to be influenced by the adversary's point of view. Frami… |
| CAPEC-426 | Influence via Incentives | The adversary incites a behavior from the target by manipulating something of influence. This is commonly associated with financial, social, or ideological inc… |
| CAPEC-427 | Influence via Psychological Principles | The adversary shapes the target's actions or behavior by focusing on the ways human interact and learn, leveraging such elements as cognitive and social psycho… |
| CAPEC-442 | Infected Software | An adversary adds malicious logic, often in the form of a computer virus, to otherwise benign software. This logic is often hidden from the user of the softwar… |
| CAPEC-444 | Development Alteration | An adversary modifies a technology, product, or component during its development to acheive a negative impact once the system is deployed. The goal of the adve… |
| CAPEC-447 | Design Alteration | An adversary modifies the design of a technology, product, or component to acheive a negative impact once the system is deployed. In this type of attack, the g… |
| CAPEC-450 | DEPRECATED: Malware Propagation via USB U3 Autorun | This attack pattern has been deprecated as it is a duplicate of CAPEC-448 : Embed Virus into DLL. Please refer to this other pattern going forward. Metadata: … |
| CAPEC-452 | Infected Hardware | An adversary inserts malicious logic into hardware, typically in the form of a computer virus or rootkit. This logic is often hidden from the user of the hardw… |
| CAPEC-453 | DEPRECATED: Malicious Logic Insertion via Counterfeit Hardware | This attack pattern has been deprecated as it is a duplicate of CAPEC-452 : Malicious Logic Insertion into Product Hardware. Please refer to this other pattern… |
| CAPEC-456 | Infected Memory | An adversary inserts malicious logic into memory enabling them to achieve a negative impact. This logic is often hidden from the user of the system and works b… |
| CAPEC-461 | Web Services API Signature Forgery Leveraging Hash Function Extension Weakness | An adversary utilizes a hash function extension/padding weakness, to modify the parameters passed to the web service requesting authentication by generating th… |
| CAPEC-464 | Evercookie | An attacker creates a very persistent cookie that stays present even after the user thinks it has been removed. The cookie is stored on the victim's machine in… |
| CAPEC-465 | Transparent Proxy Abuse | A transparent proxy serves as an intermediate between the client and the internet at large. It intercepts all requests originating from the client and forwards… |
| CAPEC-466 | Leveraging Active Adversary in the Middle Attacks to Bypass Same Origin Policy | An attacker leverages an adversary in the middle attack (CAPEC-94) in order to bypass the same origin policy protection in the victim's browser. This active ad… |
| CAPEC-468 | Generic Cross-Browser Cross-Domain Theft | An attacker makes use of Cascading Style Sheets (CSS) injection to steal data cross domain from the victim's browser. The attack works by abusing the standards… |
| CAPEC-469 | HTTP DoS | An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This den… |
| CAPEC-473 | Signature Spoof | An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by a… |
| CAPEC-48 | Passing Local Filenames to Functions That Expect a URL | This attack relies on client side code to access local files and resources instead of URLs. When the client browser is expecting a URL string, but instead rece… |
| CAPEC-480 | Escaping Virtualization | An adversary gains access to an application, service, or device with the privileges of an authorized or privileged user by escaping the confines of a virtualiz… |