Home > CAPEC List > CAPEC-284: Detailed Abstractions (Version 2.9)  

CAPEC VIEW: Detailed Abstractions

 
Detailed Abstractions
Definition in a New Window Definition in a New Window
View ID: 284
Structure: Implicit Slice
Status: Draft
+ View Objective

This view (slice) covers detailed abstraction attack patterns.

+ Relationships
Detailed Attack PatternDetailed Attack Pattern Absolute Path Traversal - (597)
Detailed Attack PatternDetailed Attack Pattern Accessing/Intercepting/Modifying HTTP Cookies - (31)
Detailed Attack PatternDetailed Attack Pattern Account Footprinting - (575)
Detailed Attack PatternDetailed Attack Pattern Activity Hijack - (501)
Detailed Attack PatternDetailed Attack Pattern Add Malicious File to Shared Webroot - (563)
Detailed Attack PatternDetailed Attack Pattern AJAX Fingerprinting - (85)
Detailed Attack PatternDetailed Attack Pattern Altered Installed BIOS - (532)
Detailed Attack PatternDetailed Attack Pattern Analysis of Packet Timing and Sizes - (621)
Detailed Attack PatternDetailed Attack Pattern Artificially Inflate File Sizes - (572)
Detailed Attack PatternDetailed Attack Pattern ASIC With Malicious Functionality - (539)
Detailed Attack PatternDetailed Attack Pattern BitSquatting - (611)
Detailed Attack PatternDetailed Attack Pattern Blind SQL Injection - (7)
Detailed Attack PatternDetailed Attack Pattern Block Access to Libraries - (96)
Detailed Attack PatternDetailed Attack Pattern Blue Boxing - (5)
Detailed Attack PatternDetailed Attack Pattern Browser Fingerprinting - (472)
Detailed Attack PatternDetailed Attack Pattern Buffer Overflow in an API Call - (8)
Detailed Attack PatternDetailed Attack Pattern Buffer Overflow in Local Command-Line Utilities - (9)
Detailed Attack PatternDetailed Attack Pattern Buffer Overflow via Environment Variables - (10)
Detailed Attack PatternDetailed Attack Pattern Buffer Overflow via Parameter Expansion - (47)
Detailed Attack PatternDetailed Attack Pattern Buffer Overflow via Symbolic Links - (45)
Detailed Attack PatternDetailed Attack Pattern Bypassing ATA Password Security - (402)
Detailed Attack PatternDetailed Attack Pattern Capture Credentials via Keylogger - (568)
Detailed Attack PatternDetailed Attack Pattern Carry-Off GPS Attack - (628)
Detailed Attack PatternDetailed Attack Pattern Catching exception throw/signal from privileged block - (236)
Detailed Attack PatternDetailed Attack Pattern Cellular Broadcast Message Request - (618)
Detailed Attack PatternDetailed Attack Pattern Cellular Data Injection - (610)
Detailed Attack PatternDetailed Attack Pattern Cellular Jamming - (605)
Detailed Attack PatternDetailed Attack Pattern Cellular Rogue Base Station - (617)
Detailed Attack PatternDetailed Attack Pattern Cellular Traffic Intercept - (609)
Detailed Attack PatternDetailed Attack Pattern Checksum Spoofing - (145)
Detailed Attack PatternDetailed Attack Pattern Client-side Injection-induced Buffer Overflow - (14)
Detailed Attack PatternDetailed Attack Pattern Command Line Execution through SQL Injection - (108)
Detailed Attack PatternDetailed Attack Pattern Compromising Emanations Attack - (623)
Detailed Attack PatternDetailed Attack Pattern Counterfeit GPS Signals - (627)
Detailed Attack PatternDetailed Attack Pattern Counterfeit Hardware Component Inserted During Product Assembly - (520)
Detailed Attack PatternDetailed Attack Pattern Counterfeit Organizations - (544)
Detailed Attack PatternDetailed Attack Pattern Counterfeit Websites - (543)
Detailed Attack PatternDetailed Attack Pattern Creating a Rogue Certificate Authority Certificate - (459)
Detailed Attack PatternDetailed Attack Pattern Cross Site Identification - (467)
Detailed Attack PatternDetailed Attack Pattern Cross-Domain Search Timing - (462)
Detailed Attack PatternDetailed Attack Pattern Cross-Site Flashing - (178)
Detailed Attack PatternDetailed Attack Pattern Cross-Site Scripting in Attributes - (243)
Detailed Attack PatternDetailed Attack Pattern Cross-Site Scripting Using Doubled Characters, e.g. %3C%3Cscript - (245)
Detailed Attack PatternDetailed Attack Pattern Cross-Site Scripting Using Flash - (246)
Detailed Attack PatternDetailed Attack Pattern Cross-Site Scripting with Masking through Invalid Characters in Identifiers - (247)
Detailed Attack PatternDetailed Attack Pattern Cryptanalysis of Cellular Encryption - (608)
Detailed Attack PatternDetailed Attack Pattern Data Injected During Configuration - (536)
DeprecatedDeprecated DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update - (258)
DeprecatedDeprecated DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution - (260)
Detailed Attack PatternDetailed Attack Pattern Detect Unpublicized Web Pages - (143)
Detailed Attack PatternDetailed Attack Pattern Detect Unpublicized Web Services - (144)
Detailed Attack PatternDetailed Attack Pattern Dictionary-based Password Attack - (16)
Detailed Attack PatternDetailed Attack Pattern Directory Indexing - (127)
Detailed Attack PatternDetailed Attack Pattern DLL Search Order Hijacking - (471)
Detailed Attack PatternDetailed Attack Pattern DNS Cache Poisoning - (142)
Detailed Attack PatternDetailed Attack Pattern DNS Spoofing - (598)
Detailed Attack PatternDetailed Attack Pattern DNS Zone Transfers - (291)
Detailed Attack PatternDetailed Attack Pattern Documentation Alteration to Cause Errors in System Design - (519)
Detailed Attack PatternDetailed Attack Pattern Documentation Alteration to Circumvent Dial-down - (517)
Detailed Attack PatternDetailed Attack Pattern Documentation Alteration to Produce Under-performing Systems - (518)
Detailed Attack PatternDetailed Attack Pattern Double Encoding - (120)
Detailed Attack PatternDetailed Attack Pattern DTD Injection - (228)
DeprecatedDeprecated DTD Injection in a SOAP Message - (254)
Detailed Attack PatternDetailed Attack Pattern Dump Password Hashes - (566)
Detailed Attack PatternDetailed Attack Pattern Electromagnetic Side-Channel Attack - (622)
Detailed Attack PatternDetailed Attack Pattern Embedding NULL Bytes - (52)
Detailed Attack PatternDetailed Attack Pattern Embedding Script (XSS) in HTTP Headers - (86)
Detailed Attack PatternDetailed Attack Pattern Embedding Scripts in HTTP Query Strings - (32)
Detailed Attack PatternDetailed Attack Pattern Enumerate Mail Exchange (MX) Records - (290)
Detailed Attack PatternDetailed Attack Pattern Evil Twin Wi-Fi Attack - (615)
Detailed Attack PatternDetailed Attack Pattern Expanding Control over the Operating System from the Database - (470)
Detailed Attack PatternDetailed Attack Pattern Exploiting Multiple Input Interpretation Layers - (43)
Detailed Attack PatternDetailed Attack Pattern Explore for Predictable Temporary File Names - (149)
Detailed Attack PatternDetailed Attack Pattern Filter Failure through Buffer Overflow - (24)
Detailed Attack PatternDetailed Attack Pattern Flash File Overlay - (181)
Detailed Attack PatternDetailed Attack Pattern Flash Memory Attacks - (458)
Detailed Attack PatternDetailed Attack Pattern Force the System to Reset Values - (166)
Detailed Attack PatternDetailed Attack Pattern Forced Integer Overflow - (92)
Detailed Attack PatternDetailed Attack Pattern Fuzzing and observing application log data/errors for application mapping - (215)
Detailed Attack PatternDetailed Attack Pattern Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping - (214)
Detailed Attack PatternDetailed Attack Pattern Fuzzing for garnering other adjacent user/sensitive data - (261)
Detailed Attack PatternDetailed Attack Pattern Group Permission Footprinting - (576)
Detailed Attack PatternDetailed Attack Pattern Hardware Component Substitution - (531)
Detailed Attack PatternDetailed Attack Pattern Hardware Component Substitution During Baselining - (516)
Detailed Attack PatternDetailed Attack Pattern Hardware Design Specifications Are Altered - (521)
Detailed Attack PatternDetailed Attack Pattern Harvesting Usernames or UserIDs via Application API Event Monitoring - (383)
Detailed Attack PatternDetailed Attack Pattern HTTP Parameter Pollution (HPP) - (460)
Detailed Attack PatternDetailed Attack Pattern HTTP Request Smuggling - (33)
Detailed Attack PatternDetailed Attack Pattern HTTP Response Smuggling - (273)
Detailed Attack PatternDetailed Attack Pattern HTTP Response Splitting - (34)
Detailed Attack PatternDetailed Attack Pattern HTTP Verb Tampering - (274)
Detailed Attack PatternDetailed Attack Pattern ICMP Address Mask Request - (294)
Detailed Attack PatternDetailed Attack Pattern ICMP Echo Request Ping - (285)
Detailed Attack PatternDetailed Attack Pattern ICMP Error Message Echoing Integrity Probe - (330)
Detailed Attack PatternDetailed Attack Pattern ICMP Error Message Quoting Probe - (329)
Detailed Attack PatternDetailed Attack Pattern ICMP Information Request - (296)
Detailed Attack PatternDetailed Attack Pattern ICMP IP 'ID' Field Error Message Probe - (332)
Detailed Attack PatternDetailed Attack Pattern ICMP IP Total Length Field Probe - (331)
Detailed Attack PatternDetailed Attack Pattern ICMP Timestamp Request - (295)
Detailed Attack PatternDetailed Attack Pattern iFrame Overlay - (222)
Detailed Attack PatternDetailed Attack Pattern Implementing a callback to system routine (old AWT Queue) - (235)
Detailed Attack PatternDetailed Attack Pattern Infiltration of Hardware Development Environment - (537)
Detailed Attack PatternDetailed Attack Pattern Infiltration of Software Development Environment - (511)
Detailed Attack PatternDetailed Attack Pattern Install New Service - (550)
Detailed Attack PatternDetailed Attack Pattern Install Rootkit - (552)
Detailed Attack PatternDetailed Attack Pattern IP 'ID' Echoed Byte-Order Probe - (318)
Detailed Attack PatternDetailed Attack Pattern IP (DF) 'Don't Fragment Bit' Echoing Probe - (319)
Detailed Attack PatternDetailed Attack Pattern IP ID Sequencing Probe - (317)
Detailed Attack PatternDetailed Attack Pattern JSON Hijacking (aka JavaScript Hijacking) - (111)
Detailed Attack PatternDetailed Attack Pattern Leveraging Race Conditions via Symbolic Links - (27)
Detailed Attack PatternDetailed Attack Pattern Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions - (29)
DeprecatedDeprecated Leveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change application behavior - (211)
Detailed Attack PatternDetailed Attack Pattern Leveraging/Manipulating Configuration File Search Paths - (38)
DeprecatedDeprecated Lifting credential(s)/key material embedded in client distributions (thick or thin) - (205)
Detailed Attack PatternDetailed Attack Pattern Lifting Sensitive Data Embedded in Cache - (204)
Detailed Attack PatternDetailed Attack Pattern Log Injection-Tampering-Forging - (93)
Detailed Attack PatternDetailed Attack Pattern Malicious Automated Software Update - (187)
Detailed Attack PatternDetailed Attack Pattern Malicious Gray Market Hardware - (535)
Detailed Attack PatternDetailed Attack Pattern Malicious Logic Inserted Into Product Software by Authorized Developer - (443)
Detailed Attack PatternDetailed Attack Pattern Malicious Logic Insertion into Product Software via Configuration Management Manipulation - (445)
Detailed Attack PatternDetailed Attack Pattern Malicious Logic Insertion into Product Software via Inclusion of 3rd Party Component Dependency - (446)
DeprecatedDeprecated Malicious Logic Insertion via Inclusion of Counterfeit Hardware Components - (455)
Detailed Attack PatternDetailed Attack Pattern Malicious Manual Software Update - (533)
Detailed Attack PatternDetailed Attack Pattern Malware Infection into Product Software - (448)
DeprecatedDeprecated Malware Propagation via Infected Peripheral Device - (451)
DeprecatedDeprecated Malware Propagation via USB Stick - (449)
Detailed Attack PatternDetailed Attack Pattern Manipulating Hidden Fields - (162)
Detailed Attack PatternDetailed Attack Pattern Manipulating Web Input to File System Calls - (76)
Detailed Attack PatternDetailed Attack Pattern Manipulating Writeable Terminal Devices - (40)
Detailed Attack PatternDetailed Attack Pattern MIME Conversion - (42)
Detailed Attack PatternDetailed Attack Pattern Mobile Device Fault Injection - (625)
Detailed Attack PatternDetailed Attack Pattern Mobile Phishing - (164)
DeprecatedDeprecated Modification of Existing Components with Counterfeit Hardware - (454)
Detailed Attack PatternDetailed Attack Pattern Modification of Registry Run Keys - (270)
Detailed Attack PatternDetailed Attack Pattern Modify Existing Service - (551)
Detailed Attack PatternDetailed Attack Pattern Modify Shared File - (562)
Detailed Attack PatternDetailed Attack Pattern Object Relational Mapping Injection - (109)
Detailed Attack PatternDetailed Attack Pattern Open Source Libraries Altered - (538)
Detailed Attack PatternDetailed Attack Pattern Overflow Binary Resource File - (44)
Detailed Attack PatternDetailed Attack Pattern Overflow Variables and Tags - (46)
Detailed Attack PatternDetailed Attack Pattern Owner Footprinting - (577)
Detailed Attack PatternDetailed Attack Pattern Padding Oracle Crypto Attack - (463)
Detailed Attack PatternDetailed Attack Pattern Passing Local Filenames to Functions That Expect a URL - (48)
Detailed Attack PatternDetailed Attack Pattern PHP Local File Inclusion - (252)
Detailed Attack PatternDetailed Attack Pattern PHP Remote File Inclusion - (193)
Detailed Attack PatternDetailed Attack Pattern Poison Web Service Registry - (51)
Detailed Attack PatternDetailed Attack Pattern Postfix, Null Terminate, and Backslash - (53)
Detailed Attack PatternDetailed Attack Pattern Probe Application Memory - (546)
Detailed Attack PatternDetailed Attack Pattern Probe iOS Screenshots - (498)
Detailed Attack PatternDetailed Attack Pattern Process Footprinting - (573)
Detailed Attack PatternDetailed Attack Pattern Provide Counterfeit Component - (530)
Detailed Attack PatternDetailed Attack Pattern Read Sensitive Strings Within an Executable - (191)
Detailed Attack PatternDetailed Attack Pattern Relative Path Traversal - (139)
Detailed Attack PatternDetailed Attack Pattern Remote Services with Stolen Credentials - (555)
Detailed Attack PatternDetailed Attack Pattern Removal of filters: Input filters, output filters, data masking - (200)
Detailed Attack PatternDetailed Attack Pattern Removing/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements - (208)
Detailed Attack PatternDetailed Attack Pattern Replace File Extension Handlers - (556)
Detailed Attack PatternDetailed Attack Pattern Replace Trusted Executable - (558)
Detailed Attack PatternDetailed Attack Pattern Replace Winlogon Helper DLL - (579)
Detailed Attack PatternDetailed Attack Pattern Restful Privilege Elevation - (58)
Detailed Attack PatternDetailed Attack Pattern Retrieve Embedded Sensitive Data - (37)
Detailed Attack PatternDetailed Attack Pattern Reverse Engineer an Executable to Expose Assumed Hidden Functionality or Content - (190)
Detailed Attack PatternDetailed Attack Pattern Rooting SIM Cards - (614)
Detailed Attack PatternDetailed Attack Pattern Run Software at Logon - (564)
Detailed Attack PatternDetailed Attack Pattern Scanning for Vulnerable Software - (310)
Detailed Attack PatternDetailed Attack Pattern Schedule Software To Run - (557)
Detailed Attack PatternDetailed Attack Pattern Scheme Squatting - (505)
Detailed Attack PatternDetailed Attack Pattern Screen Temporary Files for Sensitive Information - (155)
Detailed Attack PatternDetailed Attack Pattern Security Software Footprinting - (581)
Detailed Attack PatternDetailed Attack Pattern Server Side Include (SSI) Injection - (101)
Detailed Attack PatternDetailed Attack Pattern Services Footprinting - (574)
Detailed Attack PatternDetailed Attack Pattern Session Credential Falsification through Manipulation - (226)
Detailed Attack PatternDetailed Attack Pattern Session Credential Falsification through Prediction - (59)
Detailed Attack PatternDetailed Attack Pattern Signal Strength Tracking - (619)
Detailed Attack PatternDetailed Attack Pattern Signature Spoofing by Improper Validation - (475)
Detailed Attack PatternDetailed Attack Pattern Signature Spoofing by Key Recreation - (485)
Detailed Attack PatternDetailed Attack Pattern Signature Spoofing by Key Theft - (474)
Detailed Attack PatternDetailed Attack Pattern Signature Spoofing by Misrepresentation - (476)
Detailed Attack PatternDetailed Attack Pattern Signature Spoofing by Mixing Signed and Unsigned Content - (477)
Detailed Attack PatternDetailed Attack Pattern Signature-Based Avoidance - (570)
Detailed Attack PatternDetailed Attack Pattern Smudge Attack - (626)
Detailed Attack PatternDetailed Attack Pattern Sniff Application Code - (65)
Detailed Attack PatternDetailed Attack Pattern Sniffing Network Traffic - (158)
Detailed Attack PatternDetailed Attack Pattern SOAP Array Overflow - (256)
Detailed Attack PatternDetailed Attack Pattern SOAP Parameter Tampering - (280)
Detailed Attack PatternDetailed Attack Pattern Spear Phishing - (163)
Detailed Attack PatternDetailed Attack Pattern Spoofing of UDDI/ebXML Messages - (218)
Detailed Attack PatternDetailed Attack Pattern SQL Injection through SOAP Parameter Tampering - (110)
Detailed Attack PatternDetailed Attack Pattern String Format Overflow in syslog() - (67)
Detailed Attack PatternDetailed Attack Pattern Subversion of authorization checks: cache filtering, programmatic security, etc. - (239)
Detailed Attack PatternDetailed Attack Pattern Subverting Environment Variable Values - (13)
Detailed Attack PatternDetailed Attack Pattern Symlink Attack - (132)
Detailed Attack PatternDetailed Attack Pattern Task Impersonation - (504)
Detailed Attack PatternDetailed Attack Pattern TCP 'RST' Flag Checksum Probe - (328)
Detailed Attack PatternDetailed Attack Pattern TCP (ISN) Counter Rate Probe - (323)
Detailed Attack PatternDetailed Attack Pattern TCP (ISN) Greatest Common Divisor Probe - (322)
Detailed Attack PatternDetailed Attack Pattern TCP (ISN) Sequence Predictability Probe - (324)
Detailed Attack PatternDetailed Attack Pattern TCP ACK Ping - (297)
Detailed Attack PatternDetailed Attack Pattern TCP ACK Scan - (305)
Detailed Attack PatternDetailed Attack Pattern TCP Congestion Control Flag (ECN) Probe - (325)
Detailed Attack PatternDetailed Attack Pattern TCP Connect Scan - (301)
Detailed Attack PatternDetailed Attack Pattern TCP FIN scan - (302)
Detailed Attack PatternDetailed Attack Pattern TCP Initial Window Size Probe - (326)
Detailed Attack PatternDetailed Attack Pattern TCP Null Scan - (304)
Detailed Attack PatternDetailed Attack Pattern TCP Options Probe - (327)
Detailed Attack PatternDetailed Attack Pattern TCP RPC Scan - (307)
Detailed Attack PatternDetailed Attack Pattern TCP RST Injection - (596)
Detailed Attack PatternDetailed Attack Pattern TCP Sequence Number Probe - (321)
Detailed Attack PatternDetailed Attack Pattern TCP SYN Ping - (299)
Detailed Attack PatternDetailed Attack Pattern TCP SYN Scan - (287)
Detailed Attack PatternDetailed Attack Pattern TCP Timestamp Probe - (320)
Detailed Attack PatternDetailed Attack Pattern TCP Window Scan - (306)
Detailed Attack PatternDetailed Attack Pattern TCP Xmas Scan - (303)
Detailed Attack PatternDetailed Attack Pattern Traceroute Route Enumeration - (293)
Detailed Attack PatternDetailed Attack Pattern Transparent Proxy Abuse - (465)
Detailed Attack PatternDetailed Attack Pattern Try Common(default) Usernames and Passwords - (70)
Detailed Attack PatternDetailed Attack Pattern UDP Ping - (298)
Detailed Attack PatternDetailed Attack Pattern UDP Scan - (308)
Detailed Attack PatternDetailed Attack Pattern Unauthorized Use of Device Resources - (629)
Detailed Attack PatternDetailed Attack Pattern URL Encoding - (72)
Detailed Attack PatternDetailed Attack Pattern USB Memory Attacks - (457)
Detailed Attack PatternDetailed Attack Pattern Using Alternative IP Address Encodings - (4)
Detailed Attack PatternDetailed Attack Pattern Using Escaped Slashes in Alternate Encoding - (78)
Detailed Attack PatternDetailed Attack Pattern Using Leading 'Ghost' Character Sequences to Bypass Input Filters - (3)
Detailed Attack PatternDetailed Attack Pattern Using Meta-characters in E-mail Headers to Inject Malicious Payloads - (41)
Detailed Attack PatternDetailed Attack Pattern Using Slashes and URL Encoding Combined to Bypass Validation Logic - (64)
Detailed Attack PatternDetailed Attack Pattern Using Slashes in Alternate Encoding - (79)
Detailed Attack PatternDetailed Attack Pattern Using Unicode Encoding to Bypass Validation Logic - (71)
Detailed Attack PatternDetailed Attack Pattern Using URL/codebase / G.A.C. (code source) to convince sandbox of privilege - (238)
Detailed Attack PatternDetailed Attack Pattern Using UTF-8 Encoding to Bypass Validation Logic - (80)
Detailed Attack PatternDetailed Attack Pattern Utilizing REST's Trust in the System Resource to Register Man in the Middle - (57)
Detailed Attack PatternDetailed Attack Pattern Weakening of Cellular Encryption - (606)
Detailed Attack PatternDetailed Attack Pattern Web Application Fingerprinting - (170)
Detailed Attack PatternDetailed Attack Pattern Web Logs Tampering - (81)
Detailed Attack PatternDetailed Attack Pattern WebView Injection - (500)
Detailed Attack PatternDetailed Attack Pattern Wi-Fi Jamming - (604)
Detailed Attack PatternDetailed Attack Pattern WiFi MAC Address Tracking - (612)
Detailed Attack PatternDetailed Attack Pattern WiFi SSID Tracking - (613)
Detailed Attack PatternDetailed Attack Pattern Windows Admin Shares with Stolen Credentials - (561)
Detailed Attack PatternDetailed Attack Pattern WSDL Scanning - (95)
Detailed Attack PatternDetailed Attack Pattern XML Attribute Blowup - (229)
Detailed Attack PatternDetailed Attack Pattern XML Entity Blowup - (201)
Detailed Attack PatternDetailed Attack Pattern XML Entity Expansion - (197)
Detailed Attack PatternDetailed Attack Pattern XML Ping of the Death - (147)
Detailed Attack PatternDetailed Attack Pattern XML Quadratic Expansion - (491)
Detailed Attack PatternDetailed Attack Pattern XML Schema Poisoning - (146)
Detailed Attack PatternDetailed Attack Pattern XPath Injection - (83)
Detailed Attack PatternDetailed Attack Pattern XQuery Injection - (84)
Detailed Attack PatternDetailed Attack Pattern XSS in IMG Tags - (91)
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team

Filter Used: .//@Pattern_Abstraction='Detailed'

CAPECs in this viewTotal CAPECs
Total249out of609
Views0out of9
Categories0out of72
Attack Patterns249out of528

More information is available — Please select a different filter.
Page Last Updated or Reviewed: December 07, 2015