615 indexed
CAPECCAPEC attack patterns
615 MITRE CAPEC entries — attack patterns at meta, standard, and detailed abstraction levels. Filter by abstraction. Authored by Adam Lundqvist.
Showing 151–197 of 197 in Standard · page 4 of 4
| ID | Title | Summary |
|---|---|---|
| CAPEC-595 | Connection Reset | In this attack pattern, an adversary injects a connection reset packet to one or both ends of a target's connection. The attacker is therefore able to have the… |
| CAPEC-6 | Argument Injection | An attacker changes the behavior or state of a targeted application through injecting data or command syntax through the targets use of non-validated and non-f… |
| CAPEC-600 | Credential Stuffing | Metadata: standard CAPEC pattern, status stable, likelihood high, severity high. Underlying weaknesses: CWE-522, CWE-307, CWE-308, CWE-309, CWE-262 (and 2 more… |
| CAPEC-601 | Jamming | An adversary uses radio noise or signals in an attempt to disrupt communications. By intentionally overwhelming system resources with illegitimate traffic, ser… |
| CAPEC-603 | Blockage | An adversary blocks the delivery of an important system resource causing the system to fail or stop working. Metadata: standard CAPEC pattern, status draft, l… |
| CAPEC-610 | Cellular Data Injection | Adversaries inject data into mobile technology traffic (data flows or signaling data) to disrupt communications or conduct additional surveillance operations. … |
| CAPEC-616 | Establish Rogue Location | An adversary provides a malicious version of a resource at a location that is similar to the expected location of a legitimate resource. After establishing the… |
| CAPEC-62 | Cross Site Request Forgery | An attacker crafts malicious web links and distributes them (via web pages, email, etc.), typically in a targeted manner, hoping to induce users to click on th… |
| CAPEC-620 | Drop Encryption Level | An attacker forces the encryption level to be lowered, thus enabling a successful attack against the encrypted data. Metadata: standard CAPEC pattern, status … |
| CAPEC-625 | Mobile Device Fault Injection | Fault injection attacks against mobile devices use disruptive signals or events (e.g. electromagnetic pulses, laser pulses, clock glitches, etc.) to cause faul… |
| CAPEC-627 | Counterfeit GPS Signals | An adversary attempts to deceive a GPS receiver by broadcasting counterfeit GPS signals, structured to resemble a set of normal GPS signals. These spoofed sign… |
| CAPEC-629 | DEPRECATED: Unauthorized Use of Device Resources | This attack pattern has been deprecated. Metadata: standard CAPEC pattern, status deprecated. Metadata: standard CAPEC pattern, status deprecated. |
| CAPEC-63 | Cross-Site Scripting (XSS) | An adversary embeds malicious scripts in content that will be served to web browsers. The goal of the attack is for the target software, the client-side browse… |
| CAPEC-635 | Alternative Execution Due to Deceptive Filenames | The extension of a file name is often used in various contexts to determine the application that is used to open and use it. If an attacker can cause an altern… |
| CAPEC-636 | Hiding Malicious Data or Code within Files | Files on various operating systems can have a complex format which allows for the storage of other data, in addition to its contents. Often this is metadata ab… |
| CAPEC-646 | Peripheral Footprinting | Adversaries may attempt to obtain information about attached peripheral devices and components connected to a computer system. Examples may include discovering… |
| CAPEC-651 | Eavesdropping | An adversary intercepts a form of communication (e.g. text, audio, video) by way of software (e.g., microphone and audio recording application), hardware (e.g.… |
| CAPEC-652 | Use of Known Kerberos Credentials | An adversary obtains (i.e. steals or purchases) legitimate Kerberos credentials (e.g. Kerberos service account userID/password or Kerberos Tickets) with the go… |
| CAPEC-653 | Use of Known Operating System Credentials | An adversary guesses or obtains (i.e. steals or purchases) legitimate operating system credentials (e.g. userID/password) to achieve authentication and to perf… |
| CAPEC-66 | SQL Injection | This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software cons… |
| CAPEC-662 | Adversary in the Browser (AiTB) | Metadata: standard CAPEC pattern, status stable, likelihood high, severity very high. Underlying weaknesses: CWE-300, CWE-494. Mapped ATT&CK technique: [object… |
| CAPEC-663 | Exploitation of Transient Instruction Execution | An adversary exploits a hardware design flaw in a CPU implementation of transient instruction execution to expose sensitive data and bypass/subvert access cont… |
| CAPEC-664 | Server Side Request Forgery | Metadata: standard CAPEC pattern, status stable, likelihood high, severity high. Underlying weaknesses: CWE-918, CWE-20. Related CAPEC pattern: [object Object]… |
| CAPEC-666 | BlueSmacking | An adversary uses Bluetooth flooding to transfer large packets to Bluetooth enabled devices over the L2CAP protocol with the goal of creating a DoS. This attac… |
| CAPEC-668 | Key Negotiation of Bluetooth Attack (KNOB) | An adversary can exploit a flaw in Bluetooth key negotiation allowing them to decrypt information sent between two devices communicating via Bluetooth. The adv… |
| CAPEC-669 | Alteration of a Software Update | Metadata: standard CAPEC pattern, status draft, likelihood medium, severity high. Mapped ATT&CK technique: [object Object]. Related CAPEC patterns: [object Obj… |
| CAPEC-675 | Retrieve Data from Decommissioned Devices | Metadata: standard CAPEC pattern, status stable, likelihood medium, severity medium. Underlying weakness: CWE-1266. Mapped ATT&CK technique: [object Object]. R… |
| CAPEC-676 | NoSQL Injection | Metadata: standard CAPEC pattern, status stable, likelihood high, severity high. Underlying weaknesses: CWE-943, CWE-1286. Related CAPEC pattern: [object Objec… |
| CAPEC-68 | Subvert Code-signing Facilities | Many languages use code signing facilities to vouch for code's identity and to thus tie code to its assigned privileges within an environment. Subverting this … |
| CAPEC-682 | Exploitation of Firmware or ROM Code with Unpatchable Vulnerabilities | An adversary may exploit vulnerable code (i.e., firmware or ROM) that is unpatchable. Unpatchable devices exist due to manufacturers intentionally or inadverte… |
| CAPEC-69 | Target Programs with Elevated Privileges | This attack targets programs running with elevated privileges. The adversary tries to leverage a vulnerability in the running program and get arbitrary code to… |
| CAPEC-691 | Spoof Open-Source Software Metadata | Metadata: standard CAPEC pattern, status stable, likelihood medium, severity high. Underlying weakness: CWE-494. Mapped ATT&CK techniques: [object Object], [ob… |
| CAPEC-694 | System Location Discovery | Metadata: standard CAPEC pattern, status stable, likelihood high, severity very low. Underlying weakness: CWE-497. Mapped ATT&CK technique: [object Object]. Re… |
| CAPEC-697 | DHCP Spoofing | Metadata: standard CAPEC pattern, status stable, likelihood low, severity high. Underlying weakness: CWE-923. Mapped ATT&CK technique: [object Object]. Related… |
| CAPEC-700 | Network Boundary Bridging | An adversary which has gained elevated access to network boundary devices may use these devices to create a channel to bridge trusted and untrusted networks. B… |
| CAPEC-701 | Browser in the Middle (BiTM) | An adversary exploits the inherent functionalities of a web browser, in order to establish an unnoticed remote desktop connection in the victim's browser to th… |
| CAPEC-73 | User-Controlled Filename | An attack of this type involves an adversary inserting malicious characters (such as a XSS redirection) into a filename, directly or indirectly that is then us… |
| CAPEC-75 | Manipulating Writeable Configuration Files | Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files,… |
| CAPEC-77 | Manipulating User-Controlled Variables | This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted que… |
| CAPEC-82 | DEPRECATED: Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS)) | This attack pattern has been deprecated as it a generalization of CAPEC-230: XML Nested Payloads, CAPEC-231: XML Oversized Payloads, and CAPEC-147: XML Ping of… |
| CAPEC-87 | Forceful Browsing | An attacker employs forceful browsing (direct URL entry) to access portions of a website that are otherwise unreachable. Usually, a front controller or similar… |
| CAPEC-88 | OS Command Injection | In this type of an attack, an adversary injects operating system commands into existing application functions. An application that uses untrusted input to buil… |
| CAPEC-89 | Pharming | A pharming attack occurs when the victim is fooled into entering sensitive data into supposedly trusted locations, such as an online bank site or a trading pla… |
| CAPEC-90 | Reflection Attack in Authentication Protocol | An adversary can abuse an authentication protocol susceptible to reflection attack in order to defeat it. Doing so allows the adversary illegitimate access to … |
| CAPEC-97 | Cryptanalysis | Cryptanalysis is a process of finding weaknesses in cryptographic algorithms and using these weaknesses to decipher the ciphertext without knowing the secret k… |
| CAPEC-98 | Phishing | Phishing is a social engineering technique where an attacker masquerades as a legitimate entity with which the victim might do business in order to prompt the … |
| CAPEC-99 | DEPRECATED: XML Parser Attack | This attack pattern has been deprecated as it a generalization of CAPEC-230: XML Nested Payloads and CAPEC-231: XML Oversized Payloads. Please refer to these C… |