615 indexed
CAPECCAPEC attack patterns
615 MITRE CAPEC entries — attack patterns at meta, standard, and detailed abstraction levels. Filter by abstraction. Authored by Adam Lundqvist.
Showing 201–250 of 615 · page 5 of 13
| ID | Title | Summary |
|---|---|---|
| CAPEC-294 | ICMP Address Mask Request | An adversary sends an ICMP Type 17 Address Mask Request to gather information about a target's networking configuration. ICMP Address Mask Requests are defined… |
| CAPEC-295 | Timestamp Request | This pattern of attack leverages standard requests to learn the exact time associated with a target system. An adversary may be able to use the timestamp retur… |
| CAPEC-296 | ICMP Information Request | An adversary sends an ICMP Information Request to a host to determine if it will respond to this deprecated mechanism. ICMP Information Requests are a deprecat… |
| CAPEC-297 | TCP ACK Ping | An adversary sends a TCP segment with the ACK flag set to a remote host for the purpose of determining if the host is alive. This is one of several TCP 'ping' … |
| CAPEC-298 | UDP Ping | An adversary sends a UDP datagram to the remote host to determine if the host is alive. If a UDP datagram is sent to an open UDP port there is very often no re… |
| CAPEC-299 | TCP SYN Ping | An adversary uses TCP SYN packets as a means towards host discovery. Typical RFC 793 behavior specifies that when a TCP port is open, a host must respond to an… |
| CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters | Some APIs will strip certain leading characters from a string of parameters. An adversary can intentionally introduce leading "ghost" characters (extra charact… |
| CAPEC-30 | Hijacking a Privileged Thread of Execution | An adversary hijacks a privileged thread of execution by injecting malicious code into a running process. By using a privleged thread to do their bidding, adve… |
| CAPEC-300 | Port Scanning | An adversary uses a combination of techniques to determine the state of the ports on a remote target. Any service or application available for TCP or UDP netwo… |
| CAPEC-301 | TCP Connect Scan | An adversary uses full TCP connection attempts to determine if a port is open on the target system. The scanning process involves completing a 'three-way hands… |
| CAPEC-302 | TCP FIN Scan | An adversary uses a TCP FIN scan to determine if ports are closed on the target machine. This scan type is accomplished by sending TCP segments with the FIN bi… |
| CAPEC-303 | TCP Xmas Scan | An adversary uses a TCP XMAS scan to determine if ports are closed on the target machine. This scan type is accomplished by sending TCP segments with all possi… |
| CAPEC-304 | TCP Null Scan | An adversary uses a TCP NULL scan to determine if ports are closed on the target machine. This scan type is accomplished by sending TCP segments with no flags … |
| CAPEC-305 | TCP ACK Scan | An adversary uses TCP ACK segments to gather information about firewall or ACL configuration. The purpose of this type of scan is to discover information about… |
| CAPEC-306 | TCP Window Scan | An adversary engages in TCP Window scanning to analyze port status and operating system type. TCP Window scanning uses the ACK scanning method but examine the … |
| CAPEC-307 | TCP RPC Scan | An adversary scans for RPC services listing on a Unix/Linux host. Metadata: detailed CAPEC pattern, status stable, severity low. Underlying weakness: CWE-200.… |
| CAPEC-308 | UDP Scan | An adversary engages in UDP scanning to gather information about UDP port status on the target system. UDP scanning methods involve sending a UDP datagram to t… |
| CAPEC-309 | Network Topology Mapping | An adversary engages in scanning activities to map network nodes, hosts, devices, and routes. Adversaries usually perform this type of network reconnaissance d… |
| CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies | This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. There are several different fo… |
| CAPEC-310 | Scanning for Vulnerable Software | An attacker engages in scanning activity to find vulnerable software versions or types, such as operating system versions or network services. Vulnerable or ex… |
| CAPEC-311 | DEPRECATED: OS Fingerprinting | This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the standard level patterns CAPEC-312 : Active… |
| CAPEC-312 | Active OS Fingerprinting | An adversary engages in activity to detect the operating system or firmware version of a remote target by interrogating a device, server, or platform with a pr… |
| CAPEC-313 | Passive OS Fingerprinting | An adversary engages in activity to detect the version or type of OS software in a an environment by passively monitoring communication between devices, nodes,… |
| CAPEC-314 | DEPRECATED: IP Fingerprinting Probes | This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the standard level pattern CAPEC-312 : Active … |
| CAPEC-315 | DEPRECATED: TCP/IP Fingerprinting Probes | This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the standard level pattern CAPEC-312 : Active … |
| CAPEC-316 | DEPRECATED: ICMP Fingerprinting Probes | This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the standard level pattern CAPEC-312 : Active … |
| CAPEC-317 | IP ID Sequencing Probe | This OS fingerprinting probe analyzes the IP 'ID' field sequence number generation algorithm of a remote host. Operating systems generate IP 'ID' numbers diffe… |
| CAPEC-318 | IP 'ID' Echoed Byte-Order Probe | This OS fingerprinting probe tests to determine if the remote host echoes back the IP 'ID' value from the probe packet. An attacker sends a UDP datagram with a… |
| CAPEC-319 | IP (DF) 'Don't Fragment Bit' Echoing Probe | This OS fingerprinting probe tests to determine if the remote host echoes back the IP 'DF' (Don't Fragment) bit in a response packet. An attacker sends a UDP d… |
| CAPEC-32 | XSS Through HTTP Query Strings | An adversary embeds malicious script code in the parameters of an HTTP query string and convinces a victim to submit the HTTP request that contains the query s… |
| CAPEC-320 | TCP Timestamp Probe | This OS fingerprinting probe examines the remote server's implementation of TCP timestamps. Not all operating systems implement timestamps within the TCP heade… |
| CAPEC-321 | TCP Sequence Number Probe | This OS fingerprinting probe tests the target system's assignment of TCP sequence numbers. One common way to test TCP Sequence Number generation is to send a p… |
| CAPEC-322 | TCP (ISN) Greatest Common Divisor Probe | This OS fingerprinting probe sends a number of TCP SYN packets to an open port of a remote machine. The Initial Sequence Number (ISN) in each of the SYN/ACK re… |
| CAPEC-323 | TCP (ISN) Counter Rate Probe | This OS detection probe measures the average rate of initial sequence number increments during a period of time. Sequence numbers are incremented using a time-… |
| CAPEC-324 | TCP (ISN) Sequence Predictability Probe | This type of operating system probe attempts to determine an estimate for how predictable the sequence number generation algorithm is for a remote host. Statis… |
| CAPEC-325 | TCP Congestion Control Flag (ECN) Probe | This OS fingerprinting probe checks to see if the remote host supports explicit congestion notification (ECN) messaging. ECN messaging was designed to allow ro… |
| CAPEC-326 | TCP Initial Window Size Probe | This OS fingerprinting probe checks the initial TCP Window size. TCP stacks limit the range of sequence numbers allowable within a session to maintain the "con… |
| CAPEC-327 | TCP Options Probe | This OS fingerprinting probe analyzes the type and order of any TCP header options present within a response segment. Most operating systems use unique orderin… |
| CAPEC-328 | TCP 'RST' Flag Checksum Probe | This OS fingerprinting probe performs a checksum on any ASCII data contained within the data portion or a RST packet. Some operating systems will report a huma… |
| CAPEC-329 | ICMP Error Message Quoting Probe | An adversary uses a technique to generate an ICMP Error message (Port Unreachable, Destination Unreachable, Redirect, Source Quench, Time Exceeded, Parameter P… |
| CAPEC-33 | HTTP Request Smuggling | Metadata: detailed CAPEC pattern, status stable, likelihood medium, severity high. Underlying weakness: CWE-444. Related CAPEC patterns: [object Object], [obje… |
| CAPEC-330 | ICMP Error Message Echoing Integrity Probe | An adversary uses a technique to generate an ICMP Error message (Port Unreachable, Destination Unreachable, Redirect, Source Quench, Time Exceeded, Parameter P… |
| CAPEC-331 | ICMP IP Total Length Field Probe | An adversary sends a UDP packet to a closed port on the target machine to solicit an IP Header's total length field value within the echoed 'Port Unreachable" … |
| CAPEC-332 | ICMP IP 'ID' Field Error Message Probe | An adversary sends a UDP datagram having an assigned value to its internet identification field (ID) to a closed port on a target to observe the manner in whic… |
| CAPEC-34 | HTTP Response Splitting | Metadata: detailed CAPEC pattern, status stable, likelihood medium, severity high. Underlying weaknesses: CWE-74, CWE-113, CWE-138, CWE-436. Related CAPEC patt… |
| CAPEC-35 | Leverage Executable Code in Non-Executable Files | An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configur… |
| CAPEC-36 | Using Unpublished Interfaces or Functionality | An adversary searches for and invokes interfaces or functionality that the target system designers did not intend to be publicly available. If interfaces fail … |
| CAPEC-37 | Retrieve Embedded Sensitive Data | An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as accoun… |
| CAPEC-38 | Leveraging/Manipulating Configuration File Search Paths | This pattern of attack sees an adversary load a malicious resource into a program's standard path so that when a known command is executed then the system inst… |
| CAPEC-383 | Harvesting Information via API Event Monitoring | An adversary hosts an event within an application framework and then monitors the data exchanged during the course of the event for the purpose of harvesting a… |