CAPEC-1000

Name

Mechanisms of Attack

Status

Stable

Type

Graph

Publié

2014-06-23 00:00 +00:00

Dernière modif.

2017-01-09 00:00 +00:00

Liens officiels

CAPEC Mitre.org

Alerte pour un CAPEC

Restez informé de toutes modifications pour un CAPEC spécifique.

Gestion des alertes

Liste des Alertes

Alerte pour un CAPEC

Restez informé de toutes modifications pour un CAPEC spécifique.

Paramètres

Vous pouvez sécifier un titre qui sera récupéré dans les alertes qui seront envoyées.

Spécifiez le CAPEC ID que vous désirez surveiller.

Planificiations

Mois

Prochaine exécution calculée

Jour

Jour de la semaine

Heure

Minute

Date de création

Dernière exécution

Prochaine exécution

Fonctionnalité nécessitant une connexion

Cette fonctionnalité qui vous permet de recevoir des alertes, n'est active que lorsque vous êtes connecté à votre compte.

Mechanisms of Attack

This view organizes attack patterns hierarchically based on mechanisms that are frequently employed when exploiting a vulnerability. The categories that are members of this view represent the different techniques used to attack a system. They do not, however, represent the consequences or goals of the attacks. There exists the potential for some attack patterns to align with more than one category depending on one’s perspective. To counter this, emphasis was placed such that attack patterns as presented within each category use a technique not sometimes, but without exception.

Members

CAPEC-28: Fuzzing Base

CAPEC-172: Manipulate Timing and State Category

CAPEC-172: An attacker exploits weaknesses in timing or state maintaining functions to perform actions that would otherwise be prevented by the execution flow of the target code and processes. An example of a state attack might include manipulation of an application's information to change the apparent credentials or similar information, possibly allowing the application to access material it would not normally be allowed to access. A common example of a timing attack is a test-action race condition where some state information is tested and, if it passes, an action is performed. If the attacker can change the state between the time that the application performs the test and the time the action is performed, then they might be able to manipulate the outcome of the action to malicious ends.

CAPEC-25: Forced Deadlock Base

CAPEC-26: Leveraging Race Conditions Base

CAPEC-74: Manipulating State Base

CAPEC-118: Collect and Analyze Information Category

CAPEC-118: Attack patterns within this category focus on the gathering, collection, and theft of information by an adversary. The adversary may collect this information through a variety of methods including active querying as well as passive observation. By exploiting weaknesses in the design or configuration of the target and its communications, an adversary is able to get the target to reveal more information than intended. Information retrieved may aid the adversary in making inferences about potential weaknesses, vulnerabilities, or techniques that assist the adversary's objectives. This information may include details regarding the configuration or capabilities of the target, clues as to the timing or nature of activities, or otherwise sensitive information. Often this sort of attack is undertaken in preparation for some other type of attack, although the collection of information by itself may in some cases be the end goal of the adversary.

CAPEC-116: Excavation Base

CAPEC-117: Interception Base

CAPEC-169: Footprinting Base

CAPEC-224: Fingerprinting Base

CAPEC-188: Reverse Engineering Base

CAPEC-192: Protocol Analysis Base

CAPEC-410: Information Elicitation Base

CAPEC-225: Subvert Access Control Category

CAPEC-225: An attacker actively targets exploitation of weaknesses, limitations and assumptions in the mechanisms a target utilizes to manage identity and authentication as well as manage access to its resources or authorize functionality. Such exploitation can lead to the complete subversion of any trust the target system may have in the identity of any entity with which it interacts, or the complete subversion of any control the target has over its data or functionality. Weaknesses targeted by subversion of authorization controls are often due to three primary factors: 1) a fundamental dependence on authentication mechanisms being effective; 2) a lack of effective control over the separation of privilege between various entities; and 3) assumptions and over confidence in the strength or rigor of the implemented authorization mechanisms.

CAPEC-21: Exploitation of Trusted Identifiers Base

CAPEC-114: Authentication Abuse Base

CAPEC-115: Authentication Bypass Base

CAPEC-22: Exploiting Trust in Client Base

CAPEC-94: Adversary in the Middle (AiTM) Base

CAPEC-122: Privilege Abuse Base

CAPEC-233: Privilege Escalation Base

CAPEC-390: Bypassing Physical Security Base

CAPEC-507: Physical Theft Base

CAPEC-560: Use of Known Domain Credentials Base

Informations

Submission

Name	Organization	Date	Date Release
CAPEC Content Team	The MITRE Corporation	2014-06-23 +00:00

Modifications

Name	Organization	Date	Comment
CAPEC Content Team	The MITRE Corporation	2015-11-09 +00:00	Updated View_Objective
CAPEC Content Team	The MITRE Corporation	2017-01-09 +00:00	Updated Relationships, View_Objective

Listes Vulnérabilités

Classé par Année

Statistiques CVE

Vues spécifiques

Listes des Vendeurs

Listes des Produits

Listes CWE

Vues spécifiques

7 Derniers CWE

Listes CAPEC

Vues spécifiques

7 derniers CAPEC

CAPEC-1000

Alerte pour un CAPEC

Fonctionnalité nécessitant une connexion

Mechanisms of Attack

Members

CAPEC-156: Engage in Deceptive Interactions Category

CAPEC-210: Abuse Existing Functionality Category

CAPEC-255: Manipulate Data Structures Category

CAPEC-262: Manipulate System Resources Category

CAPEC-152: Inject Unexpected Items Category

CAPEC-223: Employ Probabilistic Techniques Category

CAPEC-172: Manipulate Timing and State Category

CAPEC-118: Collect and Analyze Information Category

CAPEC-225: Subvert Access Control Category

Informations

Submission

Modifications

Listes Vulnérabilités

Classé par Année

Statistiques CVE

Vues spécifiques

CVE

OWASP

CISA KEV

Listes des Vendeurs

Listes des Produits

Listes CWE

Vues spécifiques

7 Derniers CWE

Listes CAPEC

Vues spécifiques

7 derniers CAPEC

No result found

CVEFind - Alertes CVE

CAPEC-1000 View Detail

CAPEC-1000

Alerte pour un CAPEC

Mechanisms of Attack

Members

CAPEC-156: Engage in Deceptive Interactions Category

CAPEC-210: Abuse Existing Functionality Category

CAPEC-255: Manipulate Data Structures Category

CAPEC-262: Manipulate System Resources Category

CAPEC-152: Inject Unexpected Items Category

CAPEC-223: Employ Probabilistic Techniques Category

CAPEC-172: Manipulate Timing and State Category

CAPEC-118: Collect and Analyze Information Category

CAPEC-225: Subvert Access Control Category

Informations

Submission

Modifications