CAPEC-1000

Nombre

Mechanisms of Attack

Estado

Stable

Tipo

Graph

Publicado

2014-06-23
00h00 +00:00

Modificado

2017-01-09
00h00 +00:00

Enlaces oficiales

CAPEC Mitre.org

Alerta para un CAPEC

Manténgase informado sobre cualquier cambio en un CAPEC específico.

Gestionar notificaciones

Alertas personalizadas

¡Active sus alertas personalizadas!

Para activar sus alertas, solo necesita iniciar sesión en su cuenta gratuita. Si aún no ha iniciado sesión, elija una de las opciones a continuación.

Iniciar sesión en su cuenta Crear una cuenta gratuita

Alerta para un CAPEC

Manténgase informado sobre cualquier cambio en un CAPEC específico.

Parámetros

Puede especificar un título que se recuperará en las alertas que se enviarán.

Especifique el ID de CAPEC que desea monitorear.

Planificación

Mes

Cálculo de la próxima ejecución

Día

Día de la semana

Hora

Minuto

Fecha de creación

Última ejecución

Próxima ejecución

Nombre: Mechanisms of Attack

This view organizes attack patterns hierarchically based on mechanisms that are frequently employed when exploiting a vulnerability. The categories that are members of this view represent the different techniques used to attack a system. They do not, however, represent the consequences or goals of the attacks. There exists the potential for some attack patterns to align with more than one category depending on one’s perspective. To counter this, emphasis was placed such that attack patterns as presented within each category use a technique not sometimes, but without exception.

Miembros CAPEC

CAPEC-28: Fuzzing Base

CAPEC-172: Manipulate Timing and State Category

CAPEC-172: An attacker exploits weaknesses in timing or state maintaining functions to perform actions that would otherwise be prevented by the execution flow of the target code and processes. An example of a state attack might include manipulation of an application's information to change the apparent credentials or similar information, possibly allowing the application to access material it would not normally be allowed to access. A common example of a timing attack is a test-action race condition where some state information is tested and, if it passes, an action is performed. If the attacker can change the state between the time that the application performs the test and the time the action is performed, then they might be able to manipulate the outcome of the action to malicious ends.

CAPEC-25: Forced Deadlock Base

CAPEC-26: Leveraging Race Conditions Base

CAPEC-74: Manipulating State Base

CAPEC-118: Collect and Analyze Information Category

CAPEC-118: Attack patterns within this category focus on the gathering, collection, and theft of information by an adversary. The adversary may collect this information through a variety of methods including active querying as well as passive observation. By exploiting weaknesses in the design or configuration of the target and its communications, an adversary is able to get the target to reveal more information than intended. Information retrieved may aid the adversary in making inferences about potential weaknesses, vulnerabilities, or techniques that assist the adversary's objectives. This information may include details regarding the configuration or capabilities of the target, clues as to the timing or nature of activities, or otherwise sensitive information. Often this sort of attack is undertaken in preparation for some other type of attack, although the collection of information by itself may in some cases be the end goal of the adversary.

CAPEC-116: Excavation Base

CAPEC-117: Interception Base

CAPEC-169: Footprinting Base

CAPEC-224: Fingerprinting Base

CAPEC-188: Reverse Engineering Base

CAPEC-192: Protocol Analysis Base

CAPEC-410: Information Elicitation Base

CAPEC-225: Subvert Access Control Category

CAPEC-225: An attacker actively targets exploitation of weaknesses, limitations and assumptions in the mechanisms a target utilizes to manage identity and authentication as well as manage access to its resources or authorize functionality. Such exploitation can lead to the complete subversion of any trust the target system may have in the identity of any entity with which it interacts, or the complete subversion of any control the target has over its data or functionality. Weaknesses targeted by subversion of authorization controls are often due to three primary factors: 1) a fundamental dependence on authentication mechanisms being effective; 2) a lack of effective control over the separation of privilege between various entities; and 3) assumptions and over confidence in the strength or rigor of the implemented authorization mechanisms.

CAPEC-21: Exploitation of Trusted Identifiers Base

CAPEC-114: Authentication Abuse Base

CAPEC-115: Authentication Bypass Base

CAPEC-22: Exploiting Trust in Client Base

CAPEC-94: Adversary in the Middle (AiTM) Base

CAPEC-122: Privilege Abuse Base

CAPEC-233: Privilege Escalation Base

CAPEC-390: Bypassing Physical Security Base

CAPEC-507: Physical Theft Base

CAPEC-560: Use of Known Domain Credentials Base

Informaciones CAPEC

Envío

Nombre	Organización	Fecha	Fecha de lanzamiento
CAPEC Content Team	The MITRE Corporation	2014-06-23 +00:00

Modificaciones

Nombre	Organización	Fecha	Comentario
CAPEC Content Team	The MITRE Corporation	2015-11-09 +00:00	Updated View_Objective
CAPEC Content Team	The MITRE Corporation	2017-01-09 +00:00	Updated Relationships, View_Objective

Detalle de vista CAPEC-1000

CAPEC-1000

Nombre: Mechanisms of Attack

Miembros CAPEC

CAPEC-156: Engage in Deceptive Interactions Category

CAPEC-210: Abuse Existing Functionality Category

CAPEC-255: Manipulate Data Structures Category

CAPEC-262: Manipulate System Resources Category

CAPEC-152: Inject Unexpected Items Category

CAPEC-223: Employ Probabilistic Techniques Category