615 indexed
CAPECCAPEC attack patterns
615 MITRE CAPEC entries — attack patterns at meta, standard, and detailed abstraction levels. Filter by abstraction. Authored by Adam Lundqvist.
Showing 501–550 of 615 · page 11 of 13
| ID | Title | Summary |
|---|---|---|
| CAPEC-62 | Cross Site Request Forgery | An attacker crafts malicious web links and distributes them (via web pages, email, etc.), typically in a targeted manner, hoping to induce users to click on th… |
| CAPEC-620 | Drop Encryption Level | An attacker forces the encryption level to be lowered, thus enabling a successful attack against the encrypted data. Metadata: standard CAPEC pattern, status … |
| CAPEC-621 | Analysis of Packet Timing and Sizes | An attacker may intercept and log encrypted transmissions for the purpose of analyzing metadata such as packet timing and sizes. Although the actual data may b… |
| CAPEC-622 | Electromagnetic Side-Channel Attack | In this attack scenario, the attacker passively monitors electromagnetic emanations that are produced by the targeted electronic device as an unintentional sid… |
| CAPEC-623 | Compromising Emanations Attack | Compromising Emanations (CE) are defined as unintentional signals which an attacker may intercept and analyze to disclose the information processed by the targ… |
| CAPEC-624 | Hardware Fault Injection | The adversary uses disruptive signals or events, or alters the physical environment a device operates in, to cause faulty behavior in electronic devices. This … |
| CAPEC-625 | Mobile Device Fault Injection | Fault injection attacks against mobile devices use disruptive signals or events (e.g. electromagnetic pulses, laser pulses, clock glitches, etc.) to cause faul… |
| CAPEC-626 | Smudge Attack | Attacks that reveal the password/passcode pattern on a touchscreen device by detecting oil smudges left behind by the user’s fingers. Metadata: detailed CAPEC… |
| CAPEC-627 | Counterfeit GPS Signals | An adversary attempts to deceive a GPS receiver by broadcasting counterfeit GPS signals, structured to resemble a set of normal GPS signals. These spoofed sign… |
| CAPEC-628 | Carry-Off GPS Attack | A common form of a GPS spoofing attack, commonly termed a carry-off attack begins with an adversary broadcasting signals synchronized with the genuine signals … |
| CAPEC-629 | DEPRECATED: Unauthorized Use of Device Resources | This attack pattern has been deprecated. Metadata: standard CAPEC pattern, status deprecated. Metadata: standard CAPEC pattern, status deprecated. |
| CAPEC-63 | Cross-Site Scripting (XSS) | An adversary embeds malicious scripts in content that will be served to web browsers. The goal of the attack is for the target software, the client-side browse… |
| CAPEC-630 | TypoSquatting | An adversary registers a domain name with at least one character different than a trusted domain. A TypoSquatting attack takes advantage of instances where a u… |
| CAPEC-631 | SoundSquatting | An adversary registers a domain name that sounds the same as a trusted domain, but has a different spelling. A SoundSquatting attack takes advantage of a user'… |
| CAPEC-632 | Homograph Attack via Homoglyphs | An adversary registers a domain name containing a homoglyph, leading the registered domain to appear the same as a trusted domain. A homograph attack leverages… |
| CAPEC-633 | Token Impersonation | An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a proces… |
| CAPEC-634 | Probe Audio and Video Peripherals | The adversary exploits the target system's audio and video functionalities through malware or scheduled tasks. The goal is to capture sensitive information abo… |
| CAPEC-635 | Alternative Execution Due to Deceptive Filenames | The extension of a file name is often used in various contexts to determine the application that is used to open and use it. If an attacker can cause an altern… |
| CAPEC-636 | Hiding Malicious Data or Code within Files | Files on various operating systems can have a complex format which allows for the storage of other data, in addition to its contents. Often this is metadata ab… |
| CAPEC-637 | Collect Data from Clipboard | The adversary exploits an application that allows for the copying of sensitive data or information by collecting information copied to the clipboard. Data copi… |
| CAPEC-638 | Altered Component Firmware | An adversary exploits systems features and/or improperly protected firmware of hardware components, such as Hard Disk Drives (HDD), with the goal of executing … |
| CAPEC-639 | Probe System Files | An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected… |
| CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic | This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple ways of encoding… |
| CAPEC-640 | Inclusion of Code in Existing Process | The adversary takes advantage of a bug in an application failing to verify the integrity of the running process to execute arbitrary code in the address space … |
| CAPEC-641 | DLL Side-Loading | An adversary places a malicious version of a Dynamic-Link Library (DLL) in the Windows Side-by-Side (WinSxS) directory to trick the operating system into loadi… |
| CAPEC-642 | Replace Binaries | Adversaries know that certain binaries will be regularly executed as part of normal processing. If these binaries are not protected with the appropriate file s… |
| CAPEC-643 | Identify Shared Files/Directories on System | An adversary discovers connections between systems by exploiting the target system's standard practice of revealing them in searchable, common areas. Through t… |
| CAPEC-644 | Use of Captured Hashes (Pass The Hash) | An adversary obtains (i.e. steals or purchases) legitimate Windows domain credential hash values to access systems within the domain that leverage the Lan Man … |
| CAPEC-645 | Use of Captured Tickets (Pass The Ticket) | An adversary uses stolen Kerberos tickets to access systems/resources that leverage the Kerberos authentication protocol. The Kerberos authentication protocol … |
| CAPEC-646 | Peripheral Footprinting | Adversaries may attempt to obtain information about attached peripheral devices and components connected to a computer system. Examples may include discovering… |
| CAPEC-647 | Collect Data from Registries | An adversary exploits a weakness in authorization to gather system-specific data and sensitive information within a registry (e.g., Windows Registry, Mac plist… |
| CAPEC-648 | Collect Data from Screen Capture | An adversary gathers sensitive information by exploiting the system's screen capture functionality. Through screenshots, the adversary aims to see what happens… |
| CAPEC-649 | Adding a Space to a File Extension | An adversary adds a space character to the end of a file extension and takes advantage of an application that does not properly neutralize trailing special ele… |
| CAPEC-65 | Sniff Application Code | An adversary passively sniffs network communications and captures application code bound for an authorized client. Once obtained, they can use it as-is, or thr… |
| CAPEC-650 | Upload a Web Shell to a Web Server | By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can hav… |
| CAPEC-651 | Eavesdropping | An adversary intercepts a form of communication (e.g. text, audio, video) by way of software (e.g., microphone and audio recording application), hardware (e.g.… |
| CAPEC-652 | Use of Known Kerberos Credentials | An adversary obtains (i.e. steals or purchases) legitimate Kerberos credentials (e.g. Kerberos service account userID/password or Kerberos Tickets) with the go… |
| CAPEC-653 | Use of Known Operating System Credentials | An adversary guesses or obtains (i.e. steals or purchases) legitimate operating system credentials (e.g. userID/password) to achieve authentication and to perf… |
| CAPEC-654 | Credential Prompt Impersonation | An adversary, through a previously installed malicious application, impersonates a credential prompt in an attempt to steal a user's credentials. Metadata: de… |
| CAPEC-655 | Avoid Security Tool Identification by Adding Data | Metadata: detailed CAPEC pattern, status draft, likelihood high, severity high. Mapped ATT&CK technique: [object Object]. Related CAPEC pattern: [object Object… |
| CAPEC-656 | Voice Phishing | An adversary targets users with a phishing attack for the purpose of soliciting account passwords or sensitive information from the user. Voice Phishing is a v… |
| CAPEC-657 | Malicious Automated Software Update via Spoofing | An attackers uses identify or content spoofing to trick a client into performing an automated software update from a malicious source. A malicious automated so… |
| CAPEC-66 | SQL Injection | This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software cons… |
| CAPEC-660 | Root/Jailbreak Detection Evasion via Hooking | An adversary forces a non-restricted mobile application to load arbitrary code or code files, via Hooking, with the goal of evading Root/Jailbreak detection. M… |
| CAPEC-661 | Root/Jailbreak Detection Evasion via Debugging | An adversary inserts a debugger into the program entry point of a mobile application to modify the application binary, with the goal of evading Root/Jailbreak … |
| CAPEC-662 | Adversary in the Browser (AiTB) | Metadata: standard CAPEC pattern, status stable, likelihood high, severity very high. Underlying weaknesses: CWE-300, CWE-494. Mapped ATT&CK technique: [object… |
| CAPEC-663 | Exploitation of Transient Instruction Execution | An adversary exploits a hardware design flaw in a CPU implementation of transient instruction execution to expose sensitive data and bypass/subvert access cont… |
| CAPEC-664 | Server Side Request Forgery | Metadata: standard CAPEC pattern, status stable, likelihood high, severity high. Underlying weaknesses: CWE-918, CWE-20. Related CAPEC pattern: [object Object]… |
| CAPEC-665 | Exploitation of Thunderbolt Protection Flaws | Metadata: detailed CAPEC pattern, status stable, likelihood low, severity very high. Underlying weaknesses: CWE-345, CWE-353, CWE-288, CWE-1188, CWE-862. Mappe… |
| CAPEC-666 | BlueSmacking | An adversary uses Bluetooth flooding to transfer large packets to Bluetooth enabled devices over the L2CAP protocol with the goal of creating a DoS. This attac… |