615 indexed
CAPECCAPEC attack patterns
615 MITRE CAPEC entries — attack patterns at meta, standard, and detailed abstraction levels. Filter by abstraction. Authored by Adam Lundqvist.
Showing 251–300 of 615 · page 6 of 13
| ID | Title | Summary |
|---|---|---|
| CAPEC-384 | Application API Message Manipulation via Man-in-the-Middle | An attacker manipulates either egress or ingress data from a client within an application framework in order to change the content of messages. Performing this… |
| CAPEC-385 | Transaction or Event Tampering via Application API Manipulation | An attacker hosts or joins an event or transaction within an application framework in order to change the content of messages or items that are being exchanged… |
| CAPEC-386 | Application API Navigation Remapping | An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of links/… |
| CAPEC-387 | Navigation Remapping To Propagate Malicious Content | An adversary manipulates either egress or ingress data from a client within an application framework in order to change the content of messages and thereby cir… |
| CAPEC-388 | Application API Button Hijacking | An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of button… |
| CAPEC-389 | Content Spoofing Via Application API Manipulation | An attacker manipulates either egress or ingress data from a client within an application framework in order to change the content of messages. Performing this… |
| CAPEC-39 | Manipulating Opaque Client-based Data Tokens | In circumstances where an application holds important data client-side in tokens (cookies, URLs, data files, and so forth) that data can be manipulated. If cli… |
| CAPEC-390 | Bypassing Physical Security | Facilities often used layered models for physical security such as traditional locks, Electronic-based card entry systems, coupled with physical alarms. Hardwa… |
| CAPEC-391 | Bypassing Physical Locks | An attacker uses techniques and methods to bypass physical security measures of a building or facility. Physical locks may range from traditional lock and key … |
| CAPEC-392 | Lock Bumping | An attacker uses a bump key to force a lock on a building or facility and gain entry. Lock Bumping is the use of a special type of key that can be tapped or bu… |
| CAPEC-393 | Lock Picking | An attacker uses lock picking tools and techniques to bypass the locks on a building or facility. Lock picking is the use of a special set of tools to manipula… |
| CAPEC-394 | Using a Snap Gun Lock to Force a Lock | An attacker uses a Snap Gun, also known as a Pick Gun, to force the lock on a building or facility. A Pick Gun is a special type of lock picking instrument tha… |
| CAPEC-395 | Bypassing Electronic Locks and Access Controls | An attacker exploits security assumptions to bypass electronic locks or other forms of access controls. Most attacks against electronic access controls follow … |
| CAPEC-396 | DEPRECATED: Bypassing Card or Badge-Based Systems | This attack pattern has been deprecated as it a generalization of CAPEC-397: Cloning Magnetic Strip Cards, CAPEC-398: Magnetic Strip Card Brute Force Attacks, … |
| CAPEC-397 | Cloning Magnetic Strip Cards | An attacker duplicates the data on a Magnetic strip card (i.e. 'swipe card' or 'magstripe') to gain unauthorized access to a physical location or a person's pr… |
| CAPEC-398 | Magnetic Strip Card Brute Force Attacks | An adversary analyzes the data on two or more magnetic strip cards and is able to generate new cards containing valid sequences that allow unauthorized access … |
| CAPEC-399 | Cloning RFID Cards or Chips | An attacker analyzes data returned by an RFID chip and uses this information to duplicate a RFID signal that responds identically to the target chip. In some c… |
| CAPEC-4 | Using Alternative IP Address Encodings | This attack relies on the adversary using unexpected formats for representing IP addresses. Networked applications may expect network location information in a… |
| CAPEC-40 | Manipulating Writeable Terminal Devices | This attack exploits terminal devices that allow themselves to be written to by other users. The attacker sends command strings to the target terminal device h… |
| CAPEC-400 | RFID Chip Deactivation or Destruction | An attacker uses methods to deactivate a passive RFID tag for the purpose of rendering the tag, badge, card, or object containing the tag unresponsive. RFID ta… |
| CAPEC-401 | Physically Hacking Hardware | An adversary exploits a weakness in access control to gain access to currently installed hardware and precedes to implement changes or secretly replace a hardw… |
| CAPEC-402 | Bypassing ATA Password Security | An adversary exploits a weakness in ATA security on a drive to gain access to the information the drive contains without supplying the proper credentials. ATA … |
| CAPEC-404 | DEPRECATED: Social Information Gathering Attacks | This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern. Please refer to CAPEC-118 : Collect and Analyze Information. M… |
| CAPEC-405 | DEPRECATED: Social Information Gathering via Research | This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern. Please refer to CAPEC-118 : Collect and Analyze Information. M… |
| CAPEC-406 | Dumpster Diving | An adversary cases an establishment and searches through trash bins, dumpsters, or areas where company information may have been accidentally discarded for inf… |
| CAPEC-407 | Pretexting | An adversary engages in pretexting behavior to solicit information from target persons, or manipulate the target into performing some action that serves the ad… |
| CAPEC-408 | DEPRECATED: Information Gathering from Traditional Sources | This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern. Please refer to CAPEC-118 : Collect and Analyze Information. M… |
| CAPEC-409 | DEPRECATED: Information Gathering from Non-Traditional Sources | This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern. Please refer to CAPEC-118 : Collect and Analyze Information. M… |
| CAPEC-41 | Using Meta-characters in E-mail Headers to Inject Malicious Payloads | This type of attack involves an attacker leveraging meta-characters in email headers to inject improper behavior into email programs. Email software has become… |
| CAPEC-410 | Information Elicitation | An adversary engages an individual using any combination of social engineering methods for the purpose of extracting information. Accurate contextual and envir… |
| CAPEC-411 | DEPRECATED: Pretexting | This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-407 : Social Information Gathering via Pretexting". Please r… |
| CAPEC-412 | Pretexting via Customer Service | An adversary engages in pretexting behavior, assuming the role of someone who works for Customer Service, to solicit information from target persons, or manipu… |
| CAPEC-413 | Pretexting via Tech Support | An adversary engages in pretexting behavior, assuming the role of a tech support worker, to solicit information from target persons, or manipulate the target i… |
| CAPEC-414 | Pretexting via Delivery Person | An adversary engages in pretexting behavior, assuming the role of a delivery person, to solicit information from target persons, or manipulate the target into … |
| CAPEC-415 | Pretexting via Phone | An adversary engages in pretexting behavior, assuming some sort of trusted role, and contacting the targeted individual or organization via phone to solicit in… |
| CAPEC-416 | Manipulate Human Behavior | An adversary exploits inherent human psychological predisposition to influence a targeted individual or group to solicit information or manipulate the target i… |
| CAPEC-417 | Influence Perception | The adversary uses social engineering to exploit the target's perception of the relationship between the adversary and themselves. This goal is to persuade the… |
| CAPEC-418 | Influence Perception of Reciprocation | An adversary uses a social engineering techniques to produce a sense of obligation in the target to perform a certain action or concede some sensitive or key p… |
| CAPEC-419 | DEPRECATED: Target Influence via Perception of Concession | This attack pattern has been deprecated as it was deemed not to be a legitimate pattern. Metadata: meta CAPEC pattern, status deprecated. Metadata: meta CAPE… |
| CAPEC-42 | MIME Conversion | An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is des… |
| CAPEC-420 | Influence Perception of Scarcity | The adversary leverages a perception of scarcity to persuade the target to perform an action or divulge information that is advantageous to the adversary. By c… |
| CAPEC-421 | Influence Perception of Authority | An adversary uses a social engineering technique to convey a sense of authority that motivates the target to reveal specific information or take specific actio… |
| CAPEC-422 | Influence Perception of Commitment and Consistency | An adversary uses social engineering to convince the target to do minor tasks as opposed to larger actions. After complying with a request, individuals are mor… |
| CAPEC-423 | Influence Perception of Liking | The adversary influences the target's actions by building a relationship where the target has a liking to the adversary. People are more likely to be influence… |
| CAPEC-424 | Influence Perception of Consensus or Social Proof | The adversary influences the target's actions by leveraging the inherent human nature to assume behavior of others is appropriate. In situations of uncertainty… |
| CAPEC-425 | Target Influence via Framing | An adversary uses framing techniques to contextualize a conversation so that the target is more likely to be influenced by the adversary's point of view. Frami… |
| CAPEC-426 | Influence via Incentives | The adversary incites a behavior from the target by manipulating something of influence. This is commonly associated with financial, social, or ideological inc… |
| CAPEC-427 | Influence via Psychological Principles | The adversary shapes the target's actions or behavior by focusing on the ways human interact and learn, leveraging such elements as cognitive and social psycho… |
| CAPEC-428 | Influence via Modes of Thinking | The adversary tailors their communication to the language and thought patterns of the target thereby weakening barriers or reluctance to communication. This me… |
| CAPEC-429 | Target Influence via Eye Cues | The adversary gains information via non-verbal means from the target through eye movements. Metadata: detailed CAPEC pattern, status draft, severity low. Rela… |