615 indexed
CAPECCAPEC attack patterns
615 MITRE CAPEC entries — attack patterns at meta, standard, and detailed abstraction levels. Filter by abstraction. Authored by Adam Lundqvist.
Showing 301–350 of 615 · page 7 of 13
| ID | Title | Summary |
|---|---|---|
| CAPEC-43 | Exploiting Multiple Input Interpretation Layers | An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit … |
| CAPEC-430 | DEPRECATED: Target Influence via Micro-Expressions | This attack pattern has been deprecated. Metadata: detailed CAPEC pattern, status deprecated. Metadata: detailed CAPEC pattern, status deprecated. |
| CAPEC-431 | DEPRECATED: Target Influence via Neuro-Linguistic Programming (NLP) | This attack pattern has been deprecated. Metadata: detailed CAPEC pattern, status deprecated. Metadata: detailed CAPEC pattern, status deprecated. |
| CAPEC-432 | DEPRECATED: Target Influence via Voice in NLP | This attack pattern has been deprecated. Metadata: detailed CAPEC pattern, status deprecated. Metadata: detailed CAPEC pattern, status deprecated. |
| CAPEC-433 | Target Influence via The Human Buffer Overflow | An attacker utilizes a technique to insinuate commands to the subconscious mind of the target via communication patterns. The human buffer overflow methodology… |
| CAPEC-434 | Target Influence via Interview and Interrogation | Metadata: detailed CAPEC pattern, status draft, severity low. Related CAPEC pattern: [object Object]. Metadata: detailed CAPEC pattern, status draft, severity… |
| CAPEC-435 | Target Influence via Instant Rapport | Metadata: detailed CAPEC pattern, status draft, severity low. Related CAPEC pattern: [object Object]. Metadata: detailed CAPEC pattern, status draft, severity… |
| CAPEC-438 | Modification During Manufacture | An attacker modifies a technology, product, or component during a stage in its manufacture for the purpose of carrying out an attack against some entity involv… |
| CAPEC-439 | Manipulation During Distribution | An attacker undermines the integrity of a product, software, or technology at some stage of the distribution channel. The core threat of modification or manipu… |
| CAPEC-44 | Overflow Binary Resource File | An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image f… |
| CAPEC-440 | Hardware Integrity Attack | An adversary exploits a weakness in the system maintenance process and causes a change to be made to a technology, product, component, or sub-component or a ne… |
| CAPEC-441 | Malicious Logic Insertion | An adversary installs or adds malicious logic (also known as malware) into a seemingly benign component of a fielded system. This logic is often hidden from th… |
| CAPEC-442 | Infected Software | An adversary adds malicious logic, often in the form of a computer virus, to otherwise benign software. This logic is often hidden from the user of the softwar… |
| CAPEC-443 | Malicious Logic Inserted Into Product by Authorized Developer | An adversary uses their privileged position within an authorized development organization to inject malicious logic into a codebase or product. Metadata: deta… |
| CAPEC-444 | Development Alteration | An adversary modifies a technology, product, or component during its development to acheive a negative impact once the system is deployed. The goal of the adve… |
| CAPEC-445 | Malicious Logic Insertion into Product Software via Configuration Management Manipulation | Metadata: detailed CAPEC pattern, status stable, likelihood medium, severity high. Mapped ATT&CK technique: [object Object]. Related CAPEC pattern: [object Obj… |
| CAPEC-446 | Malicious Logic Insertion into Product via Inclusion of Third-Party Component | Metadata: detailed CAPEC pattern, status stable, likelihood medium, severity high. Mapped ATT&CK technique: [object Object]. Related CAPEC pattern: [object Obj… |
| CAPEC-447 | Design Alteration | An adversary modifies the design of a technology, product, or component to acheive a negative impact once the system is deployed. In this type of attack, the g… |
| CAPEC-448 | Embed Virus into DLL | An adversary tampers with a DLL and embeds a computer virus into gaps between legitimate machine instructions. These gaps may be the result of compiler optimiz… |
| CAPEC-449 | DEPRECATED: Malware Propagation via USB Stick | This attack pattern has been deprecated as it is a duplicate of CAPEC-448 : Malware Infection into Product Software. Please refer to this other pattern going f… |
| CAPEC-45 | Buffer Overflow via Symbolic Links | This type of attack leverages the use of symbolic links to cause buffer overflows. An adversary can try to create or manipulate a symbolic link file such that … |
| CAPEC-450 | DEPRECATED: Malware Propagation via USB U3 Autorun | This attack pattern has been deprecated as it is a duplicate of CAPEC-448 : Embed Virus into DLL. Please refer to this other pattern going forward. Metadata: … |
| CAPEC-451 | DEPRECATED: Malware Propagation via Infected Peripheral Device | This attack pattern has been deprecated as it is a duplicate of CAPEC-448 : Malware Infection into Product Software. Please refer to this other pattern going f… |
| CAPEC-452 | Infected Hardware | An adversary inserts malicious logic into hardware, typically in the form of a computer virus or rootkit. This logic is often hidden from the user of the hardw… |
| CAPEC-453 | DEPRECATED: Malicious Logic Insertion via Counterfeit Hardware | This attack pattern has been deprecated as it is a duplicate of CAPEC-452 : Malicious Logic Insertion into Product Hardware. Please refer to this other pattern… |
| CAPEC-454 | DEPRECATED: Modification of Existing Components with Counterfeit Hardware | This attack pattern has been deprecated as it is a duplicate of CAPEC-452 : Malicious Logic Insertion into Product Hardware. Please refer to this other pattern… |
| CAPEC-455 | DEPRECATED: Malicious Logic Insertion via Inclusion of Counterfeit Hardware Components | This attack pattern has been deprecated as it is a duplicate of CAPEC-457 : Malicious Logic Insertion into Product Hardware. Please refer to this other pattern… |
| CAPEC-456 | Infected Memory | An adversary inserts malicious logic into memory enabling them to achieve a negative impact. This logic is often hidden from the user of the system and works b… |
| CAPEC-457 | USB Memory Attacks | An adversary loads malicious code onto a USB memory stick in order to infect any system which the device is plugged in to. USB drives present a significant sec… |
| CAPEC-458 | Flash Memory Attacks | An adversary inserts malicious logic into a product or technology via flashing the on-board memory with a code-base that contains malicious logic. Various atta… |
| CAPEC-459 | Creating a Rogue Certification Authority Certificate | An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that co… |
| CAPEC-46 | Overflow Variables and Tags | This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The adversary crafts a malicious HTML … |
| CAPEC-460 | HTTP Parameter Pollution (HPP) | An adversary adds duplicate HTTP GET/POST parameters by injecting query string delimiters. Via HPP it may be possible to override existing hardcoded HTTP param… |
| CAPEC-461 | Web Services API Signature Forgery Leveraging Hash Function Extension Weakness | An adversary utilizes a hash function extension/padding weakness, to modify the parameters passed to the web service requesting authentication by generating th… |
| CAPEC-462 | Cross-Domain Search Timing | An attacker initiates cross domain HTTP / GET requests and times the server responses. The timing of these responses may leak important information on what is … |
| CAPEC-463 | Padding Oracle Crypto Attack | An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened wh… |
| CAPEC-464 | Evercookie | An attacker creates a very persistent cookie that stays present even after the user thinks it has been removed. The cookie is stored on the victim's machine in… |
| CAPEC-465 | Transparent Proxy Abuse | A transparent proxy serves as an intermediate between the client and the internet at large. It intercepts all requests originating from the client and forwards… |
| CAPEC-466 | Leveraging Active Adversary in the Middle Attacks to Bypass Same Origin Policy | An attacker leverages an adversary in the middle attack (CAPEC-94) in order to bypass the same origin policy protection in the victim's browser. This active ad… |
| CAPEC-467 | Cross Site Identification | An attacker harvests identifying information about a victim via an active session that the victim's browser has with a social networking site. A victim may hav… |
| CAPEC-468 | Generic Cross-Browser Cross-Domain Theft | An attacker makes use of Cascading Style Sheets (CSS) injection to steal data cross domain from the victim's browser. The attack works by abusing the standards… |
| CAPEC-469 | HTTP DoS | An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This den… |
| CAPEC-47 | Buffer Overflow via Parameter Expansion | In this attack, the target software is given input that the adversary knows will be modified and expanded in size during processing. This attack relies on the … |
| CAPEC-470 | Expanding Control over the Operating System from the Database | An attacker is able to leverage access gained to the database to read / write data to the file system, compromise the operating system, create a tunnel for acc… |
| CAPEC-471 | Search Order Hijacking | An adversary exploits a weakness in an application's specification of external libraries to exploit the functionality of the loader where the process loading t… |
| CAPEC-472 | Browser Fingerprinting | An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need… |
| CAPEC-473 | Signature Spoof | An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by a… |
| CAPEC-474 | Signature Spoofing by Key Theft | An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer t… |
| CAPEC-475 | Signature Spoofing by Improper Validation | An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key. M… |
| CAPEC-476 | Signature Spoofing by Misrepresentation | An attacker exploits a weakness in the parsing or display code of the recipient software to generate a data blob containing a supposedly valid signature, but t… |