615 indexed
CAPECCAPEC attack patterns
615 MITRE CAPEC entries — attack patterns at meta, standard, and detailed abstraction levels. Filter by abstraction. Authored by Adam Lundqvist.
Showing 101–150 of 197 in Standard · page 3 of 4
| ID | Title | Summary |
|---|---|---|
| CAPEC-481 | Contradictory Destinations in Traffic Routing Schemes | Adversaries can provide contradictory destinations when sending messages. Traffic is routed in networks using the domain names in various headers available at … |
| CAPEC-482 | TCP Flood | An adversary may execute a flooding attack using the TCP protocol with the intent to deny legitimate users access to a service. These attacks exploit the weakn… |
| CAPEC-484 | DEPRECATED: XML Client-Side Attack | This attack pattern has been deprecated as it a generalization of CAPEC-230: XML Nested Payloads and CAPEC-231: XML Oversized Payloads. Please refer to these C… |
| CAPEC-486 | UDP Flood | An adversary may execute a flooding attack using the UDP protocol with the intent to deny legitimate users access to a service by consuming the available netwo… |
| CAPEC-487 | ICMP Flood | An adversary may execute a flooding attack using the ICMP protocol with the intent to deny legitimate users access to a service by consuming the available netw… |
| CAPEC-488 | HTTP Flood | An adversary may execute a flooding attack using the HTTP protocol with the intent to deny legitimate users access to a service by consuming resources at the a… |
| CAPEC-489 | SSL Flood | An adversary may execute a flooding attack using the SSL protocol with the intent to deny legitimate users access to a service by consuming all the available r… |
| CAPEC-49 | Password Brute Forcing | An adversary tries every possible value for a password until they succeed. A brute force attack, if feasible computationally, will always be successful because… |
| CAPEC-490 | Amplification | An adversary may execute an amplification where the size of a response is far greater than that of the request that generates it. The goal of this attack is to… |
| CAPEC-492 | Regular Expression Exponential Blowup | An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situatio… |
| CAPEC-493 | SOAP Array Blowup | An adversary may execute an attack on a web service that uses SOAP messages in communication. By sending a very large SOAP array declaration to the web service… |
| CAPEC-494 | TCP Fragmentation | An adversary may execute a TCP Fragmentation attack against a target with the intention of avoiding filtering rules of network controls, by attempting to fragm… |
| CAPEC-495 | UDP Fragmentation | An attacker may execute a UDP Fragmentation attack against a target server in an attempt to consume resources such as bandwidth and CPU. IP fragmentation occur… |
| CAPEC-496 | ICMP Fragmentation | An attacker may execute a ICMP Fragmentation attack against a target with the intention of consuming resources or causing a crash. The attacker crafts a large … |
| CAPEC-497 | File Discovery | An adversary engages in probing and exploration activities to determine if common key files exists. Such files often contain configuration and security paramet… |
| CAPEC-499 | Android Intent Intercept | An adversary, through a previously installed malicious application, intercepts messages from a trusted Android-based application in an attempt to achieve a var… |
| CAPEC-50 | Password Recovery Exploitation | An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same… |
| CAPEC-502 | Intent Spoof | An adversary, through a previously installed malicious application, issues an intent directed toward a specific trusted application's component in an attempt t… |
| CAPEC-503 | WebView Exposure | An adversary, through a malicious web page, accesses application specific functionality by leveraging interfaces registered through WebView's addJavascriptInte… |
| CAPEC-504 | Task Impersonation | An adversary, through a previously installed malicious application, impersonates an expected or routine task in an attempt to steal sensitive information or le… |
| CAPEC-506 | Tapjacking | An adversary, through a previously installed malicious application, displays an interface that misleads the user and convinces them to tap on an attacker desir… |
| CAPEC-510 | SaaS User Request Forgery | An adversary, through a previously installed malicious application, performs malicious actions against a third-party Software as a Service (SaaS) application (… |
| CAPEC-522 | Malicious Hardware Component Replacement | An adversary replaces legitimate hardware in the system with faulty counterfeit or tampered hardware in the supply chain distribution channel, with purpose of … |
| CAPEC-523 | Malicious Software Implanted | An attacker implants malicious software into the system in the supply chain distribution channel, with purpose of causing malicious disruption or allowing for … |
| CAPEC-524 | Rogue Integration Procedures | An attacker alters or establishes rogue processes in an integration facility in order to insert maliciously altered components into the system. The attacker wo… |
| CAPEC-528 | XML Flood | An adversary may execute a flooding attack using XML messages with the intent to deny legitimate users access to a web service. These attacks are accomplished … |
| CAPEC-529 | Malware-Directed Internal Reconnaissance | Adversary uses malware or a similarly controlled application installed inside an organizational perimeter to gather information about the composition, configur… |
| CAPEC-534 | Malicious Hardware Update | An adversary introduces malicious hardware during an update or replacement procedure, allowing for additional compromise or site disruption at the victim locat… |
| CAPEC-536 | Data Injected During Configuration | An attacker with access to data files and processes on a victim's system injects malicious data into critical operational data during configuration or recalibr… |
| CAPEC-54 | Query System for Information | An adversary, aware of an application's location (and possibly authorized to use the application), probes an application's structure and evaluates its robustne… |
| CAPEC-540 | Overread Buffers | An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value… |
| CAPEC-541 | Application Fingerprinting | An adversary engages in fingerprinting activities to determine the type or version of an application installed on a remote target. Metadata: standard CAPEC pa… |
| CAPEC-542 | Targeted Malware | An adversary develops targeted malware that takes advantage of a known vulnerability in an organizational information technology environment. The malware craft… |
| CAPEC-545 | Pull Data from System Resources | An adversary who is authorized or has the ability to search known system resources, does so with the intention of gathering useful information. System resource… |
| CAPEC-547 | Physical Destruction of Device or Component | An adversary conducts a physical attack a device or component, destroying it such that it no longer functions as intended. Metadata: standard CAPEC pattern, s… |
| CAPEC-555 | Remote Services with Stolen Credentials | This pattern of attack involves an adversary that uses stolen credentials to leverage remote services such as RDP, telnet, SSH, and VNC to log into a system. O… |
| CAPEC-56 | DEPRECATED: Removing/short-circuiting 'guard logic' | This attack pattern has been deprecated as it is a duplicate of CAPEC-207 : Removing Important Client Functionality. Please refer to this other pattern going f… |
| CAPEC-567 | DEPRECATED: Obtain Data via Utilities | This CAPEC has been deprecated because it is not directly related to a weakness, social engineering, supply chains, or a physical-based attack. Metadata: stan… |
| CAPEC-569 | Collect Data as Provided by Users | An attacker leverages a tool, device, or program to obtain specific information as provided by a user of the target system. This information is often needed by… |
| CAPEC-571 | Block Logging to Central Repository | Metadata: standard CAPEC pattern, status draft, severity low. Mapped ATT&CK techniques: [object Object], [object Object], [object Object], [object Object]. Rel… |
| CAPEC-572 | Artificially Inflate File Sizes | Metadata: standard CAPEC pattern, status draft, likelihood high, severity medium. Mapped ATT&CK technique: [object Object]. Related CAPEC pattern: [object Obje… |
| CAPEC-573 | Process Footprinting | An adversary exploits functionality meant to identify information about the currently running processes on the target system to an authorized user. By knowing … |
| CAPEC-574 | Services Footprinting | An adversary exploits functionality meant to identify information about the services on the target system to an authorized user. By knowing what services are r… |
| CAPEC-575 | Account Footprinting | An adversary exploits functionality meant to identify information about the domain accounts and their permissions on the target system to an authorized user. B… |
| CAPEC-576 | Group Permission Footprinting | An adversary exploits functionality meant to identify information about user groups and their permissions on the target system to an authorized user. By knowin… |
| CAPEC-577 | Owner Footprinting | An adversary exploits functionality meant to identify information about the primary users on the target system to an authorized user. They may do this, for exa… |
| CAPEC-578 | Disable Security Software | An adversary exploits a weakness in access control to disable security tools so that detection does not occur. This can take the form of killing processes, del… |
| CAPEC-580 | System Footprinting | An adversary engages in active probing and exploration activities to determine security information about a remote target system. Often times adversaries will … |
| CAPEC-582 | Route Disabling | An adversary disables the network route between two targets. The goal is to completely sever the communications channel between two entities. This is often the… |
| CAPEC-593 | Session Hijacking | This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to s… |