Home > CAPEC List > VIEW GRAPH: CAPEC-1000: Mechanisms of Attack (Version 2.5)  

CAPEC-1000: Mechanisms of Attack

 
Mechanisms of Attack
Definition in a New Window Definition in a New Window
View ID: 1000
Structure: Graph
Status: Draft
+ Objective

This view organizes attack patterns hierarchically based on mechanisms that are frequently employed when exploiting a vulnerability.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
HasMemberCategoryCategory118Gather Information
Mechanisms of Attack1000
HasMemberCategoryCategory119Deplete Resources
Mechanisms of Attack1000
HasMemberCategoryCategory152Injection
Mechanisms of Attack1000
HasMemberCategoryCategory156Deceptive Interactions
Mechanisms of Attack1000
HasMemberCategoryCategory172Manipulate Timing and State
Mechanisms of Attack1000
HasMemberCategoryCategory210Abuse of Functionality
Mechanisms of Attack1000
HasMemberCategoryCategory223Probabilistic Techniques
Mechanisms of Attack1000
HasMemberCategoryCategory225Exploitation of Authentication
Mechanisms of Attack1000
HasMemberCategoryCategory232Exploitation of Privilege/Trust
Mechanisms of Attack1000
HasMemberCategoryCategory255Manipulate Data Structures
Mechanisms of Attack1000
HasMemberCategoryCategory262Manipulate Resources
Mechanisms of Attack1000
HasMemberCategoryCategory281Analyze Target
Mechanisms of Attack1000
HasMemberCategoryCategory436Gain Physical Access
Mechanisms of Attack1000
HasMemberCategoryCategory526Alter System Components
Mechanisms of Attack1000
HasMemberCategoryCategory527Manipulate System Users
Mechanisms of Attack1000
+ Content History
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2013-06-21Updated View_ObjectiveInternal
CAPEC Content TeamThe MITRE Corporation2014-04-10Updated RelationshipsInternal
Previous Entry Names
DatePrevious Entry Name
2014-04-10Mechanism of Attack
CAPECs in this viewTotal CAPECs
Total464out of536
Views0out of8
Categories20out of75
Attack Patterns451out of453
1000 - Mechanisms of Attack
+CategoryCategoryGather Information - (118)Gather Information - (118)
+Attack PatternAttack PatternExcavation - (116)Excavation - (116)
+Attack PatternAttack PatternInterception - (117)Interception - (117)
+Attack PatternAttack PatternFootprinting - (169)Footprinting - (169)
+Attack PatternAttack PatternHost Discovery - (292)Host Discovery - (292)
*Attack PatternAttack PatternICMP Echo Request Ping - (285)ICMP Echo Request Ping - (285)
*Attack PatternAttack PatternICMP Timestamp Request - (295)ICMP Timestamp Request - (295)
*Attack PatternAttack PatternTCP ACK Ping - (297)TCP ACK Ping - (297)
*Attack PatternAttack PatternUDP Ping - (298)UDP Ping - (298)
*Attack PatternAttack PatternTCP SYN Ping - (299)TCP SYN Ping - (299)
+Attack PatternAttack PatternPort Scanning - (300)Port Scanning - (300)
*Attack PatternAttack PatternTCP SYN Scan - (287)TCP SYN Scan - (287)
*Attack PatternAttack PatternTCP Connect Scan - (301)TCP Connect Scan - (301)
*Attack PatternAttack PatternTCP FIN scan - (302)TCP FIN scan - (302)
*Attack PatternAttack PatternTCP Xmas Scan - (303)TCP Xmas Scan - (303)
*Attack PatternAttack PatternTCP Null Scan - (304)TCP Null Scan - (304)
*Attack PatternAttack PatternTCP ACK Scan - (305)TCP ACK Scan - (305)
*Attack PatternAttack PatternTCP Window Scan - (306)TCP Window Scan - (306)
*Attack PatternAttack PatternTCP RPC Scan - (307)TCP RPC Scan - (307)
*Attack PatternAttack PatternUDP Scan - (308)UDP Scan - (308)
+Attack PatternAttack PatternFingerprinting - (224)Fingerprinting - (224)
+Attack PatternAttack PatternOS Fingerprinting - (311)OS Fingerprinting - (311)
+Attack PatternAttack PatternActive OS Fingerprinting - (312)Active OS Fingerprinting - (312)
+Attack PatternAttack PatternTCP/IP Fingerprinting Probes - (315)TCP/IP Fingerprinting Probes - (315)
+Attack PatternAttack PatternSocial Information Gathering Attacks - (404)Social Information Gathering Attacks - (404)
+CategoryCategoryDeplete Resources - (119)Deplete Resources - (119)
+Attack PatternAttack PatternFlooding - (125)Flooding - (125)
*Attack PatternAttack PatternTCP Flood - (482)TCP Flood - (482)
*Attack PatternAttack PatternUDP Flood - (486)UDP Flood - (486)
*Attack PatternAttack PatternICMP Flood - (487)ICMP Flood - (487)
*Attack PatternAttack PatternHTTP Flood - (488)HTTP Flood - (488)
*Attack PatternAttack PatternSSL Flood - (489)SSL Flood - (489)
+Attack PatternAttack PatternXML Flood - (528)XML Flood - (528)
*Attack PatternAttack PatternXML Ping of the Death - (147)XML Ping of the Death - (147)
+Attack PatternAttack PatternExcessive Allocation - (130)Excessive Allocation - (130)
*Attack PatternAttack PatternResource Leak Exposure - (131)Resource Leak Exposure - (131)
+Attack PatternAttack PatternSustained Client Engagement - (227)Sustained Client Engagement - (227)
*Attack PatternAttack PatternHTTP DoS - (469)HTTP DoS - (469)
*Attack PatternAttack PatternAmplification - (490)Amplification - (490)
+CategoryCategoryInjection - (152)Injection - (152)
*Attack PatternAttack PatternDirectory Indexing - (127)Directory Indexing - (127)
*Attack PatternAttack PatternLDAP Injection - (136)LDAP Injection - (136)
*Attack PatternAttack PatternReflection Injection - (138)Reflection Injection - (138)
+Attack PatternAttack PatternFlash Injection - (182)Flash Injection - (182)
+Attack PatternAttack PatternScript Injection - (242)Script Injection - (242)
+Attack PatternAttack PatternEmbedding Scripts in Non-Script Elements - (18)Embedding Scripts in Non-Script Elements - (18)
+Attack PatternAttack PatternSimple Script Injection - (63)Simple Script Injection - (63)
+Attack PatternAttack PatternEmbedding Scripts in Non-Script Elements - (18)Embedding Scripts in Non-Script Elements - (18)
+Attack PatternAttack PatternXML Injection - (250)XML Injection - (250)
*Attack PatternAttack PatternXPath Injection - (83)XPath Injection - (83)
*Attack PatternAttack PatternXPath Injection - (83)XPath Injection - (83)
*Attack PatternAttack PatternXQuery Injection - (84)XQuery Injection - (84)
*Attack PatternAttack PatternXQuery Injection - (84)XQuery Injection - (84)
+CategoryCategoryDeceptive Interactions - (156)Deceptive Interactions - (156)
+Attack PatternAttack PatternIdentity Spoofing - (151)Identity Spoofing - (151)
*Attack PatternAttack PatternPrincipal Spoofing - (195)Principal Spoofing - (195)
+Attack PatternAttack PatternClient-Server Protocol Manipulation - (220)Client-Server Protocol Manipulation - (220)
*Attack PatternAttack PatternPharming - (89)Pharming - (89)
+Attack PatternAttack PatternPhishing - (98)Phishing - (98)
+Attack PatternAttack PatternAction Spoofing - (173)Action Spoofing - (173)
+Attack PatternAttack PatternClickjacking - (103)Clickjacking - (103)
*Attack PatternAttack PatternFlash File Overlay - (181)Flash File Overlay - (181)
*Attack PatternAttack PatterniFrame Overlay - (222)iFrame Overlay - (222)
*Attack PatternAttack PatternActivity Hijack - (501)Activity Hijack - (501)
*Attack PatternAttack PatternTask Impersonation - (504)Task Impersonation - (504)
*Attack PatternAttack PatternScheme Squatting - (505)Scheme Squatting - (505)
*Attack PatternAttack PatternTapjacking - (506)Tapjacking - (506)
+CategoryCategoryManipulate Timing and State - (172)Manipulate Timing and State - (172)
+CategoryCategoryAbuse of Functionality - (210)Abuse of Functionality - (210)
+Attack PatternAttack PatternCache Poisoning - (141)Cache Poisoning - (141)
*Attack PatternAttack PatternDNS Cache Poisoning - (142)DNS Cache Poisoning - (142)
+Attack PatternAttack PatternSoftware Integrity Attacks - (184)Software Integrity Attacks - (184)
*Attack PatternAttack PatternDirectory Traversal - (213)Directory Traversal - (213)
*Attack PatternAttack PatternWSDL Scanning - (95)WSDL Scanning - (95)
+CategoryCategoryProbabilistic Techniques - (223)Probabilistic Techniques - (223)
+CategoryCategoryExploitation of Authentication - (225)Exploitation of Authentication - (225)
+Attack PatternAttack PatternExploitation of Session Variables, Resource IDs and other Trusted Credentials - (21)Exploitation of Session Variables, Resource IDs and other Trusted Credentials - (21)
+CategoryCategoryExploitation of Privilege/Trust - (232)Exploitation of Privilege/Trust - (232)
+Attack PatternAttack PatternExploitation of Authorization - (122)Exploitation of Authorization - (122)
+Attack PatternAttack PatternExploiting Trust in Client (aka Make the Client Invisible) - (22)Exploiting Trust in Client (aka Make the Client Invisible) - (22)
+Attack PatternAttack PatternClient-Server Protocol Manipulation - (220)Client-Server Protocol Manipulation - (220)
+Attack PatternAttack PatternManipulating User-Controlled Variables - (77)Manipulating User-Controlled Variables - (77)
+Attack PatternAttack PatternMan in the Middle Attack - (94)Man in the Middle Attack - (94)
+CategoryCategoryManipulate Data Structures - (255)Manipulate Data Structures - (255)
+Attack PatternAttack PatternBuffer Manipulation - (123)Buffer Manipulation - (123)
+Attack PatternAttack PatternOverflow Buffers - (100)Overflow Buffers - (100)
*Attack PatternAttack PatternSOAP Array Overflow - (256)SOAP Array Overflow - (256)
*Attack PatternAttack PatternMIME Conversion - (42)MIME Conversion - (42)
*Attack PatternAttack PatternOverread Buffers - (540)Overread Buffers - (540)
+Attack PatternAttack PatternInteger Attacks - (128)Integer Attacks - (128)
*Attack PatternAttack PatternPointer Attack - (129)Pointer Attack - (129)
+CategoryCategoryManipulate Resources - (262)Manipulate Resources - (262)
+Attack PatternAttack PatternInput Data Manipulation - (153)Input Data Manipulation - (153)
+Attack PatternAttack PatternLeverage Alternate Encoding - (267)Leverage Alternate Encoding - (267)
*Attack PatternAttack PatternDouble Encoding - (120)Double Encoding - (120)
+Attack PatternAttack PatternResource Location Attacks - (154)Resource Location Attacks - (154)
+Attack PatternAttack PatternInfrastructure Manipulation - (161)Infrastructure Manipulation - (161)
*Attack PatternAttack PatternDNS Cache Poisoning - (142)DNS Cache Poisoning - (142)
*Attack PatternAttack PatternPharming - (89)Pharming - (89)
+Attack PatternAttack PatternFile Manipulation - (165)File Manipulation - (165)
+Attack PatternAttack PatternVariable Manipulation - (171)Variable Manipulation - (171)
+Attack PatternAttack PatternGlobal variable manipulation - (265)Global variable manipulation - (265)
+Attack PatternAttack PatternSchema Poisoning - (271)Schema Poisoning - (271)
*Attack PatternAttack PatternXML Schema Poisoning - (146)XML Schema Poisoning - (146)
+Attack PatternAttack PatternProtocol Manipulation - (272)Protocol Manipulation - (272)
+Attack PatternAttack PatternClient-Server Protocol Manipulation - (220)Client-Server Protocol Manipulation - (220)
*Attack PatternAttack PatternDNS Rebinding - (275)DNS Rebinding - (275)
+CategoryCategoryAnalyze Target - (281)Analyze Target - (281)
+Attack PatternAttack PatternReverse Engineering - (188)Reverse Engineering - (188)
+Attack PatternAttack PatternSoftware Reverse Engineering - (189)Software Reverse Engineering - (189)
+Attack PatternAttack PatternLifting Sensitive Data from the Client - (167)Lifting Sensitive Data from the Client - (167)
+Attack PatternAttack PatternCryptanalysis - (97)Cryptanalysis - (97)
+CategoryCategoryGain Physical Access - (436)Gain Physical Access - (436)
+CategoryCategoryManipulate System Users - (527)Manipulate System Users - (527)
+Attack PatternAttack PatternTarget Influence via Social Engineering - (416)Target Influence via Social Engineering - (416)
+Attack PatternAttack PatternTarget Influence via Psychological Principles - (427)Target Influence via Psychological Principles - (427)

Page Last Updated: May 07, 2014