CAPEC-1000 Détail

CAPEC-1000

Nom

Mechanisms of Attack

Statut

Stable

Type

Graph

Publié

2014-06-23
00h00 +00:00

Modifié

2017-01-09
00h00 +00:00

Liens officiels

CAPEC Mitre.org

Alerte pour un CAPEC

Restez informé de toutes modifications pour un CAPEC spécifique.

Gestion des notifications

Liste des Notifications

Alerte pour un CAPEC

Restez informé de toutes modifications pour un CAPEC spécifique.

Paramètres

Vous pouvez spécifier un titre qui sera récupéré dans les alertes qui seront envoyées.

Spécifiez le CAPEC ID que vous désirez surveiller.

Planifications

Mois

Prochaine exécution calculée

Jour

Jour de la semaine

Heure

Minute

Date de création

Dernière exécution

Prochaine exécution

Fonctionnalité nécessitant une connexion

Cette fonctionnalité qui vous permet de recevoir des alertes, n'est active que lorsque vous êtes connecté à votre compte.

Nom: Mechanisms of Attack

This view organizes attack patterns hierarchically based on mechanisms that are frequently employed when exploiting a vulnerability. The categories that are members of this view represent the different techniques used to attack a system. They do not, however, represent the consequences or goals of the attacks. There exists the potential for some attack patterns to align with more than one category depending on one’s perspective. To counter this, emphasis was placed such that attack patterns as presented within each category use a technique not sometimes, but without exception.

Membres CAPEC

CAPEC-28: Fuzzing Base

CAPEC-172: Manipulate Timing and State Category

CAPEC-172: An attacker exploits weaknesses in timing or state maintaining functions to perform actions that would otherwise be prevented by the execution flow of the target code and processes. An example of a state attack might include manipulation of an application's information to change the apparent credentials or similar information, possibly allowing the application to access material it would not normally be allowed to access. A common example of a timing attack is a test-action race condition where some state information is tested and, if it passes, an action is performed. If the attacker can change the state between the time that the application performs the test and the time the action is performed, then they might be able to manipulate the outcome of the action to malicious ends.

CAPEC-25: Forced Deadlock Base

CAPEC-26: Leveraging Race Conditions Base

CAPEC-74: Manipulating State Base

CAPEC-118: Collect and Analyze Information Category

CAPEC-118: Attack patterns within this category focus on the gathering, collection, and theft of information by an adversary. The adversary may collect this information through a variety of methods including active querying as well as passive observation. By exploiting weaknesses in the design or configuration of the target and its communications, an adversary is able to get the target to reveal more information than intended. Information retrieved may aid the adversary in making inferences about potential weaknesses, vulnerabilities, or techniques that assist the adversary's objectives. This information may include details regarding the configuration or capabilities of the target, clues as to the timing or nature of activities, or otherwise sensitive information. Often this sort of attack is undertaken in preparation for some other type of attack, although the collection of information by itself may in some cases be the end goal of the adversary.

CAPEC-116: Excavation Base

CAPEC-117: Interception Base

CAPEC-169: Footprinting Base

CAPEC-224: Fingerprinting Base

CAPEC-188: Reverse Engineering Base

CAPEC-192: Protocol Analysis Base

CAPEC-410: Information Elicitation Base

CAPEC-225: Subvert Access Control Category

CAPEC-225: An attacker actively targets exploitation of weaknesses, limitations and assumptions in the mechanisms a target utilizes to manage identity and authentication as well as manage access to its resources or authorize functionality. Such exploitation can lead to the complete subversion of any trust the target system may have in the identity of any entity with which it interacts, or the complete subversion of any control the target has over its data or functionality. Weaknesses targeted by subversion of authorization controls are often due to three primary factors: 1) a fundamental dependence on authentication mechanisms being effective; 2) a lack of effective control over the separation of privilege between various entities; and 3) assumptions and over confidence in the strength or rigor of the implemented authorization mechanisms.

CAPEC-21: Exploitation of Trusted Identifiers Base

CAPEC-114: Authentication Abuse Base

CAPEC-115: Authentication Bypass Base

CAPEC-22: Exploiting Trust in Client Base

CAPEC-94: Adversary in the Middle (AiTM) Base

CAPEC-122: Privilege Abuse Base

CAPEC-233: Privilege Escalation Base

CAPEC-390: Bypassing Physical Security Base

CAPEC-507: Physical Theft Base

CAPEC-560: Use of Known Domain Credentials Base

Informations du CAPEC

Soumission

Nom	Organisation	Date	Date de publication
CAPEC Content Team	The MITRE Corporation	2014-06-23 +00:00

Modifications

Nom	Organisation	Date	Commentaire
CAPEC Content Team	The MITRE Corporation	2015-11-09 +00:00	Updated View_Objective
CAPEC Content Team	The MITRE Corporation	2017-01-09 +00:00	Updated Relationships, View_Objective

Détail de la vue CAPEC-1000

CAPEC-1000

Nom: Mechanisms of Attack

Membres CAPEC

CAPEC-156: Engage in Deceptive Interactions Category

CAPEC-210: Abuse Existing Functionality Category

CAPEC-255: Manipulate Data Structures Category

CAPEC-262: Manipulate System Resources Category

CAPEC-152: Inject Unexpected Items Category

CAPEC-223: Employ Probabilistic Techniques Category