Home > CAPEC List > CAPEC-573: Process Footprinting (Version 2.9)  

CAPEC-573: Process Footprinting

 
Process Footprinting
Definition in a New Window Definition in a New Window
Attack Pattern ID: 573
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

Adversaries may attempt to get information about running processes. An example Windows command that would display information about processes is "tasklist".

+ Solutions and Mitigations

Identify programs that may be used to acquire process information and block them by using a software restriction policy or tools that restrict program execution by process whitelisting.

+ References
[R.573.1] ATT&CK Project. "Process enumeration (1057)". MITRE. <https://attack.mitre.org/wiki/Process_enumeration>.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2015-11-09Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: December 07, 2015