615 indexed
CAPECCAPEC attack patterns
615 MITRE CAPEC entries — attack patterns at meta, standard, and detailed abstraction levels. Filter by abstraction. Authored by Adam Lundqvist.
Showing 401–450 of 615 · page 9 of 13
| ID | Title | Summary |
|---|---|---|
| CAPEC-529 | Malware-Directed Internal Reconnaissance | Adversary uses malware or a similarly controlled application installed inside an organizational perimeter to gather information about the composition, configur… |
| CAPEC-53 | Postfix, Null Terminate, and Backslash | If a string is passed through a filter of some kind, then a terminal NULL may not be valid. Using alternate representation of NULL allows an adversary to embed… |
| CAPEC-530 | Provide Counterfeit Component | An attacker provides a counterfeit component during the procurement process of a lower-tier component supplier to a sub-system developer or integrator, which i… |
| CAPEC-531 | Hardware Component Substitution | An attacker substitutes out a tested and approved hardware component for a maliciously-altered hardware component. This type of attack is carried out directly … |
| CAPEC-532 | Altered Installed BIOS | An attacker with access to download and update system software sends a maliciously altered BIOS to the victim or victim supplier/integrator, which when install… |
| CAPEC-533 | Malicious Manual Software Update | An attacker introduces malicious code to the victim's system by altering the payload of a software update, allowing for additional compromise or site disruptio… |
| CAPEC-534 | Malicious Hardware Update | An adversary introduces malicious hardware during an update or replacement procedure, allowing for additional compromise or site disruption at the victim locat… |
| CAPEC-535 | Malicious Gray Market Hardware | An attacker maliciously alters hardware components that will be sold on the gray market, allowing for victim disruption and compromise when the victim needs re… |
| CAPEC-536 | Data Injected During Configuration | An attacker with access to data files and processes on a victim's system injects malicious data into critical operational data during configuration or recalibr… |
| CAPEC-537 | Infiltration of Hardware Development Environment | An adversary, leveraging the ability to manipulate components of primary support systems and tools within the development and production environments, inserts … |
| CAPEC-538 | Open-Source Library Manipulation | Adversaries implant malicious code in open source software (OSS) libraries to have it widely distributed, as OSS is commonly downloaded by developers and other… |
| CAPEC-539 | ASIC With Malicious Functionality | An attacker with access to the development environment process of an application-specific integrated circuit (ASIC) for a victim system being developed or main… |
| CAPEC-54 | Query System for Information | An adversary, aware of an application's location (and possibly authorized to use the application), probes an application's structure and evaluates its robustne… |
| CAPEC-540 | Overread Buffers | An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value… |
| CAPEC-541 | Application Fingerprinting | An adversary engages in fingerprinting activities to determine the type or version of an application installed on a remote target. Metadata: standard CAPEC pa… |
| CAPEC-542 | Targeted Malware | An adversary develops targeted malware that takes advantage of a known vulnerability in an organizational information technology environment. The malware craft… |
| CAPEC-543 | Counterfeit Websites | Adversary creates duplicates of legitimate websites. When users visit a counterfeit site, the site can gather information or upload malware. Metadata: detaile… |
| CAPEC-544 | Counterfeit Organizations | An adversary creates a false front organizations with the appearance of a legitimate supplier in the critical life cycle path that then injects corrupted/malic… |
| CAPEC-545 | Pull Data from System Resources | An adversary who is authorized or has the ability to search known system resources, does so with the intention of gathering useful information. System resource… |
| CAPEC-546 | Incomplete Data Deletion in a Multi-Tenant Environment | An adversary obtains unauthorized information due to insecure or incomplete data deletion in a multi-tenant environment. If a cloud provider fails to completel… |
| CAPEC-547 | Physical Destruction of Device or Component | An adversary conducts a physical attack a device or component, destroying it such that it no longer functions as intended. Metadata: standard CAPEC pattern, s… |
| CAPEC-548 | Contaminate Resource | An adversary contaminates organizational information systems (including devices and networks) by causing them to handle information of a classification/sensiti… |
| CAPEC-549 | Local Execution of Code | An adversary installs and executes malicious code on the target system in an effort to achieve a negative technical impact. Examples include rootkits, ransomwa… |
| CAPEC-55 | Rainbow Table Password Cracking | An attacker gets access to the database table where hashes of passwords are stored. They then use a rainbow table of pre-computed hash chains to attempt to loo… |
| CAPEC-550 | Install New Service | When an operating system starts, it also starts programs called services or daemons. Adversaries may install a new service which will be executed at startup (o… |
| CAPEC-551 | Modify Existing Service | When an operating system starts, it also starts programs called services or daemons. Modifying existing services may break existing services or may enable serv… |
| CAPEC-552 | Install Rootkit | An adversary exploits a weakness in authentication to install malware that alters the functionality and information provide by targeted operating system API ca… |
| CAPEC-554 | Functionality Bypass | An adversary attacks a system by bypassing some or all functionality intended to protect it. Often, a system user will think that protection is in place, but t… |
| CAPEC-555 | Remote Services with Stolen Credentials | This pattern of attack involves an adversary that uses stolen credentials to leverage remote services such as RDP, telnet, SSH, and VNC to log into a system. O… |
| CAPEC-556 | Replace File Extension Handlers | When a file is opened, its file handler is checked to determine which program opens the file. File handlers are configuration properties of many operating syst… |
| CAPEC-557 | DEPRECATED: Schedule Software To Run | This CAPEC has been deprecated because it is not directly related to a weakness, social engineering, supply chains, or a physical-based attack. Metadata: deta… |
| CAPEC-558 | Replace Trusted Executable | An adversary exploits weaknesses in privilege management or access control to replace a trusted executable with a malicious version and enable the execution of… |
| CAPEC-559 | Orbital Jamming | In this attack pattern, the adversary sends disruptive signals at a target satellite using a rogue uplink station to disrupt the intended transmission. Those w… |
| CAPEC-56 | DEPRECATED: Removing/short-circuiting 'guard logic' | This attack pattern has been deprecated as it is a duplicate of CAPEC-207 : Removing Important Client Functionality. Please refer to this other pattern going f… |
| CAPEC-560 | Use of Known Domain Credentials | Metadata: meta CAPEC pattern, status stable, likelihood high, severity high. Underlying weaknesses: CWE-522, CWE-307, CWE-308, CWE-309, CWE-262 (and 3 more). M… |
| CAPEC-561 | Windows Admin Shares with Stolen Credentials | An adversary guesses or obtains (i.e. steals or purchases) legitimate Windows administrator credentials (e.g. userID/password) to access Windows Admin Shares o… |
| CAPEC-562 | Modify Shared File | An adversary manipulates the files in a shared location by adding malicious programs, scripts, or exploit code to valid content. Once a user opens the shared c… |
| CAPEC-563 | Add Malicious File to Shared Webroot | An adversaries may add malicious content to a website through the open file share and then browse to that content with a web browser to cause the server to exe… |
| CAPEC-564 | Run Software at Logon | Operating system allows logon scripts to be run whenever a specific user or users logon to a system. If adversaries can access these scripts, they may insert a… |
| CAPEC-565 | Password Spraying | Metadata: detailed CAPEC pattern, status draft, likelihood high, severity high. Underlying weaknesses: CWE-521, CWE-262, CWE-263, CWE-654, CWE-307 (and 2 more)… |
| CAPEC-566 | DEPRECATED: Dump Password Hashes | This CAPEC has been deprecated because of is not directly related to a weakness, social engineering, supply chains, or a physical-based attack. Metadata: deta… |
| CAPEC-567 | DEPRECATED: Obtain Data via Utilities | This CAPEC has been deprecated because it is not directly related to a weakness, social engineering, supply chains, or a physical-based attack. Metadata: stan… |
| CAPEC-568 | Capture Credentials via Keylogger | An adversary deploys a keylogger in an effort to obtain credentials directly from a system's user. After capturing all the keystrokes made by a user, the adver… |
| CAPEC-569 | Collect Data as Provided by Users | An attacker leverages a tool, device, or program to obtain specific information as provided by a user of the target system. This information is often needed by… |
| CAPEC-57 | Utilizing REST's Trust in the System Resource to Obtain Sensitive Data | This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SS… |
| CAPEC-570 | DEPRECATED: Signature-Based Avoidance | This CAPEC has been deprecated because it is not directly related to a weakness, social engineering, supply chains, or a physical-based attack. Metadata: deta… |
| CAPEC-571 | Block Logging to Central Repository | Metadata: standard CAPEC pattern, status draft, severity low. Mapped ATT&CK techniques: [object Object], [object Object], [object Object], [object Object]. Rel… |
| CAPEC-572 | Artificially Inflate File Sizes | Metadata: standard CAPEC pattern, status draft, likelihood high, severity medium. Mapped ATT&CK technique: [object Object]. Related CAPEC pattern: [object Obje… |
| CAPEC-573 | Process Footprinting | An adversary exploits functionality meant to identify information about the currently running processes on the target system to an authorized user. By knowing … |
| CAPEC-574 | Services Footprinting | An adversary exploits functionality meant to identify information about the services on the target system to an authorized user. By knowing what services are r… |