CAPEC-1000

Naam

Mechanisms of Attack

Status

Stable

Type

Graph

Gepubliceerd

2014-06-23
00h00 +00:00

Gewijzigd

2017-01-09
00h00 +00:00

Officiële links

CAPEC Mitre.org

Melding voor een CAPEC

Blijf op de hoogte van wijzigingen voor een specifieke CAPEC.

Meldingen beheren

Aangepaste meldingen

Activeer uw gepersonaliseerde meldingen!

Om uw meldingen te activeren hoeft u alleen maar ingelogd te zijn op uw gratis account. Als u nog niet bent ingelogd, kies dan een van de onderstaande opties.

Inloggen op uw account Maak een gratis account aan

Melding voor een CAPEC

Blijf op de hoogte van wijzigingen voor een specifieke CAPEC.

Parameters

U kunt een titel opgeven die wordt gebruikt in de meldingen die worden verzonden.

Geef het CAPEC-ID op dat u wilt monitoren.

Planning

Maand

Berekening volgende run

Dag

Weekdag

Uur

Minuut

Aanmakingsdatum

Laatste uitvoering

Volgende uitvoering

Naam: Mechanisms of Attack

This view organizes attack patterns hierarchically based on mechanisms that are frequently employed when exploiting a vulnerability. The categories that are members of this view represent the different techniques used to attack a system. They do not, however, represent the consequences or goals of the attacks. There exists the potential for some attack patterns to align with more than one category depending on one’s perspective. To counter this, emphasis was placed such that attack patterns as presented within each category use a technique not sometimes, but without exception.

CAPEC-leden

CAPEC-28: Fuzzing Base

CAPEC-172: Manipulate Timing and State Category

CAPEC-172: An attacker exploits weaknesses in timing or state maintaining functions to perform actions that would otherwise be prevented by the execution flow of the target code and processes. An example of a state attack might include manipulation of an application's information to change the apparent credentials or similar information, possibly allowing the application to access material it would not normally be allowed to access. A common example of a timing attack is a test-action race condition where some state information is tested and, if it passes, an action is performed. If the attacker can change the state between the time that the application performs the test and the time the action is performed, then they might be able to manipulate the outcome of the action to malicious ends.

CAPEC-25: Forced Deadlock Base

CAPEC-26: Leveraging Race Conditions Base

CAPEC-74: Manipulating State Base

CAPEC-118: Collect and Analyze Information Category

CAPEC-118: Attack patterns within this category focus on the gathering, collection, and theft of information by an adversary. The adversary may collect this information through a variety of methods including active querying as well as passive observation. By exploiting weaknesses in the design or configuration of the target and its communications, an adversary is able to get the target to reveal more information than intended. Information retrieved may aid the adversary in making inferences about potential weaknesses, vulnerabilities, or techniques that assist the adversary's objectives. This information may include details regarding the configuration or capabilities of the target, clues as to the timing or nature of activities, or otherwise sensitive information. Often this sort of attack is undertaken in preparation for some other type of attack, although the collection of information by itself may in some cases be the end goal of the adversary.

CAPEC-116: Excavation Base

CAPEC-117: Interception Base

CAPEC-169: Footprinting Base

CAPEC-224: Fingerprinting Base

CAPEC-188: Reverse Engineering Base

CAPEC-192: Protocol Analysis Base

CAPEC-410: Information Elicitation Base

CAPEC-225: Subvert Access Control Category

CAPEC-225: An attacker actively targets exploitation of weaknesses, limitations and assumptions in the mechanisms a target utilizes to manage identity and authentication as well as manage access to its resources or authorize functionality. Such exploitation can lead to the complete subversion of any trust the target system may have in the identity of any entity with which it interacts, or the complete subversion of any control the target has over its data or functionality. Weaknesses targeted by subversion of authorization controls are often due to three primary factors: 1) a fundamental dependence on authentication mechanisms being effective; 2) a lack of effective control over the separation of privilege between various entities; and 3) assumptions and over confidence in the strength or rigor of the implemented authorization mechanisms.

CAPEC-21: Exploitation of Trusted Identifiers Base

CAPEC-114: Authentication Abuse Base

CAPEC-115: Authentication Bypass Base

CAPEC-22: Exploiting Trust in Client Base

CAPEC-94: Adversary in the Middle (AiTM) Base

CAPEC-122: Privilege Abuse Base

CAPEC-233: Privilege Escalation Base

CAPEC-390: Bypassing Physical Security Base

CAPEC-507: Physical Theft Base

CAPEC-560: Use of Known Domain Credentials Base

Informatie CAPEC

Indiening

Naam	Organisatie	Datum	Releasedatum
CAPEC Content Team	The MITRE Corporation	2014-06-23 +00:00

Wijzigingen

Naam	Organisatie	Datum	Opmerking
CAPEC Content Team	The MITRE Corporation	2015-11-09 +00:00	Updated View_Objective
CAPEC Content Team	The MITRE Corporation	2017-01-09 +00:00	Updated Relationships, View_Objective

CAPEC-1000 Weergavedetail

CAPEC-1000

Naam: Mechanisms of Attack

CAPEC-leden

CAPEC-156: Engage in Deceptive Interactions Category

CAPEC-210: Abuse Existing Functionality Category

CAPEC-255: Manipulate Data Structures Category

CAPEC-262: Manipulate System Resources Category

CAPEC-152: Inject Unexpected Items Category

CAPEC-223: Employ Probabilistic Techniques Category