Home > CAPEC List > VIEW GRAPH: CAPEC-1000: Mechanisms of Attack (Version 2.6)  

CAPEC-1000: Mechanisms of Attack

 
Mechanisms of Attack
Definition in a New Window Definition in a New Window
View ID: 1000
Structure: Graph
Status: Draft
+ Objective

This view organizes attack patterns hierarchically based on mechanisms that are frequently employed when exploiting a vulnerability.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
HasMemberCategoryCategory118Gather Information
Mechanisms of Attack1000
HasMemberCategoryCategory119Deplete Resources
Mechanisms of Attack1000
HasMemberCategoryCategory152Injection
Mechanisms of Attack1000
HasMemberCategoryCategory156Deceptive Interactions
Mechanisms of Attack1000
HasMemberCategoryCategory172Manipulate Timing and State
Mechanisms of Attack1000
HasMemberCategoryCategory210Abuse of Functionality
Mechanisms of Attack1000
HasMemberCategoryCategory223Probabilistic Techniques
Mechanisms of Attack1000
HasMemberCategoryCategory225Exploitation of Authentication
Mechanisms of Attack1000
HasMemberCategoryCategory232Exploitation of Authorization
Mechanisms of Attack1000
HasMemberCategoryCategory255Manipulate Data Structures
Mechanisms of Attack1000
HasMemberCategoryCategory262Manipulate Resources
Mechanisms of Attack1000
HasMemberCategoryCategory281Analyze Target
Mechanisms of Attack1000
HasMemberCategoryCategory436Gain Physical Access
Mechanisms of Attack1000
HasMemberCategoryCategory525Malicious Code Execution
Mechanisms of Attack1000
HasMemberCategoryCategory526Alter System Components
Mechanisms of Attack1000
HasMemberCategoryCategory527Manipulate System Users
Mechanisms of Attack1000
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
CAPECs in this viewTotal CAPECs
Total473out of544
Views0out of8
Categories18out of73
Attack Patterns462out of463
1000 - Mechanisms of Attack
+CategoryCategoryGather Information - (118)Gather Information - (118)
+Attack PatternAttack PatternExcavation - (116)Excavation - (116)
+Attack PatternAttack PatternInterception - (117)Interception - (117)
+Attack PatternAttack PatternFootprinting - (169)Footprinting - (169)
+Attack PatternAttack PatternHost Discovery - (292)Host Discovery - (292)
*Attack PatternAttack PatternICMP Echo Request Ping - (285)ICMP Echo Request Ping - (285)
*Attack PatternAttack PatternICMP Timestamp Request - (295)ICMP Timestamp Request - (295)
*Attack PatternAttack PatternTCP ACK Ping - (297)TCP ACK Ping - (297)
*Attack PatternAttack PatternUDP Ping - (298)UDP Ping - (298)
*Attack PatternAttack PatternTCP SYN Ping - (299)TCP SYN Ping - (299)
+Attack PatternAttack PatternPort Scanning - (300)Port Scanning - (300)
*Attack PatternAttack PatternTCP SYN Scan - (287)TCP SYN Scan - (287)
*Attack PatternAttack PatternTCP Connect Scan - (301)TCP Connect Scan - (301)
*Attack PatternAttack PatternTCP FIN scan - (302)TCP FIN scan - (302)
*Attack PatternAttack PatternTCP Xmas Scan - (303)TCP Xmas Scan - (303)
*Attack PatternAttack PatternTCP Null Scan - (304)TCP Null Scan - (304)
*Attack PatternAttack PatternTCP ACK Scan - (305)TCP ACK Scan - (305)
*Attack PatternAttack PatternTCP Window Scan - (306)TCP Window Scan - (306)
*Attack PatternAttack PatternTCP RPC Scan - (307)TCP RPC Scan - (307)
*Attack PatternAttack PatternUDP Scan - (308)UDP Scan - (308)
+Attack PatternAttack PatternFingerprinting - (224)Fingerprinting - (224)
+Attack PatternAttack PatternOS Fingerprinting - (311)OS Fingerprinting - (311)
+Attack PatternAttack PatternActive OS Fingerprinting - (312)Active OS Fingerprinting - (312)
+Attack PatternAttack PatternTCP/IP Fingerprinting Probes - (315)TCP/IP Fingerprinting Probes - (315)
+Attack PatternAttack PatternSocial Information Gathering Attacks - (404)Social Information Gathering Attacks - (404)
+CategoryCategoryDeplete Resources - (119)Deplete Resources - (119)
+Attack PatternAttack PatternFlooding - (125)Flooding - (125)
*Attack PatternAttack PatternTCP Flood - (482)TCP Flood - (482)
*Attack PatternAttack PatternUDP Flood - (486)UDP Flood - (486)
*Attack PatternAttack PatternICMP Flood - (487)ICMP Flood - (487)
*Attack PatternAttack PatternHTTP Flood - (488)HTTP Flood - (488)
*Attack PatternAttack PatternSSL Flood - (489)SSL Flood - (489)
+Attack PatternAttack PatternXML Flood - (528)XML Flood - (528)
*Attack PatternAttack PatternXML Ping of the Death - (147)XML Ping of the Death - (147)
+Attack PatternAttack PatternExcessive Allocation - (130)Excessive Allocation - (130)
+Attack PatternAttack PatternXML Nested Payloads - (230)XML Nested Payloads - (230)
*Attack PatternAttack PatternXML Entity Expansion - (197)XML Entity Expansion - (197)
+Attack PatternAttack PatternXML Oversized Payloads - (231)XML Oversized Payloads - (231)
*Attack PatternAttack PatternXML Entity Blowup - (201)XML Entity Blowup - (201)
*Attack PatternAttack PatternXML Attribute Blowup - (229)XML Attribute Blowup - (229)
*Attack PatternAttack PatternSOAP Array Blowup - (493)SOAP Array Blowup - (493)
*Attack PatternAttack PatternTCP Fragmentation - (494)TCP Fragmentation - (494)
*Attack PatternAttack PatternUDP Fragmentation - (495)UDP Fragmentation - (495)
*Attack PatternAttack PatternICMP Fragmentation - (496)ICMP Fragmentation - (496)
*Attack PatternAttack PatternResource Leak Exposure - (131)Resource Leak Exposure - (131)
+Attack PatternAttack PatternSustained Client Engagement - (227)Sustained Client Engagement - (227)
*Attack PatternAttack PatternHTTP DoS - (469)HTTP DoS - (469)
*Attack PatternAttack PatternAmplification - (490)Amplification - (490)
+CategoryCategoryInjection - (152)Injection - (152)
+Attack PatternAttack PatternParameter Injection - (137)Parameter Injection - (137)
+Attack PatternAttack PatternCode Inclusion - (175)Code Inclusion - (175)
+Attack PatternAttack PatternCode Injection - (242)Code Injection - (242)
+Attack PatternAttack PatternEmbedding Scripts in Non-Script Elements - (18)Embedding Scripts in Non-Script Elements - (18)
+Attack PatternAttack PatternSimple Script Injection - (63)Simple Script Injection - (63)
+Attack PatternAttack PatternEmbedding Scripts in Non-Script Elements - (18)Embedding Scripts in Non-Script Elements - (18)
+Attack PatternAttack PatternCommand Injection - (248)Command Injection - (248)
+CategoryCategoryDeceptive Interactions - (156)Deceptive Interactions - (156)
+Attack PatternAttack PatternContent Spoofing - (148)Content Spoofing - (148)
*Attack PatternAttack PatternChecksum Spoofing - (145)Checksum Spoofing - (145)
*Attack PatternAttack PatternIntent Spoof - (502)Intent Spoof - (502)
+Attack PatternAttack PatternIdentity Spoofing - (151)Identity Spoofing - (151)
+Attack PatternAttack PatternAction Spoofing - (173)Action Spoofing - (173)
+Attack PatternAttack PatternClickjacking - (103)Clickjacking - (103)
*Attack PatternAttack PatternFlash File Overlay - (181)Flash File Overlay - (181)
*Attack PatternAttack PatterniFrame Overlay - (222)iFrame Overlay - (222)
*Attack PatternAttack PatternActivity Hijack - (501)Activity Hijack - (501)
*Attack PatternAttack PatternTask Impersonation - (504)Task Impersonation - (504)
*Attack PatternAttack PatternScheme Squatting - (505)Scheme Squatting - (505)
*Attack PatternAttack PatternTapjacking - (506)Tapjacking - (506)
+CategoryCategoryManipulate Timing and State - (172)Manipulate Timing and State - (172)
+CategoryCategoryAbuse of Functionality - (210)Abuse of Functionality - (210)
+Attack PatternAttack PatternCache Poisoning - (141)Cache Poisoning - (141)
*Attack PatternAttack PatternDNS Cache Poisoning - (142)DNS Cache Poisoning - (142)
+Attack PatternAttack PatternSoftware Integrity Attacks - (184)Software Integrity Attacks - (184)
*Attack PatternAttack PatternDirectory Traversal - (213)Directory Traversal - (213)
*Attack PatternAttack PatternWSDL Scanning - (95)WSDL Scanning - (95)
+CategoryCategoryProbabilistic Techniques - (223)Probabilistic Techniques - (223)
+CategoryCategoryExploitation of Authentication - (225)Exploitation of Authentication - (225)
+Attack PatternAttack PatternExploitation of Session Variables, Resource IDs and other Trusted Credentials - (21)Exploitation of Session Variables, Resource IDs and other Trusted Credentials - (21)
+CategoryCategoryExploitation of Authorization - (232)Exploitation of Authorization - (232)
+Attack PatternAttack PatternExploiting Trust in Client (aka Make the Client Invisible) - (22)Exploiting Trust in Client (aka Make the Client Invisible) - (22)
+Attack PatternAttack PatternMan in the Middle Attack - (94)Man in the Middle Attack - (94)
+CategoryCategoryManipulate Data Structures - (255)Manipulate Data Structures - (255)
+Attack PatternAttack PatternBuffer Manipulation - (123)Buffer Manipulation - (123)
+Attack PatternAttack PatternOverflow Buffers - (100)Overflow Buffers - (100)
*Attack PatternAttack PatternSOAP Array Overflow - (256)SOAP Array Overflow - (256)
*Attack PatternAttack PatternMIME Conversion - (42)MIME Conversion - (42)
*Attack PatternAttack PatternOverread Buffers - (540)Overread Buffers - (540)
+Attack PatternAttack PatternInteger Attacks - (128)Integer Attacks - (128)
*Attack PatternAttack PatternPointer Attack - (129)Pointer Attack - (129)
+CategoryCategoryManipulate Resources - (262)Manipulate Resources - (262)
+Attack PatternAttack PatternInput Data Manipulation - (153)Input Data Manipulation - (153)
+Attack PatternAttack PatternLeverage Alternate Encoding - (267)Leverage Alternate Encoding - (267)
*Attack PatternAttack PatternDouble Encoding - (120)Double Encoding - (120)
+Attack PatternAttack PatternInfrastructure Manipulation - (161)Infrastructure Manipulation - (161)
*Attack PatternAttack PatternDNS Cache Poisoning - (142)DNS Cache Poisoning - (142)
*Attack PatternAttack PatternPharming - (89)Pharming - (89)
+Attack PatternAttack PatternFile Manipulation - (165)File Manipulation - (165)
+Attack PatternAttack PatternVariable Manipulation - (171)Variable Manipulation - (171)
+Attack PatternAttack PatternSchema Poisoning - (271)Schema Poisoning - (271)
*Attack PatternAttack PatternXML Schema Poisoning - (146)XML Schema Poisoning - (146)
+Attack PatternAttack PatternProtocol Manipulation - (272)Protocol Manipulation - (272)
+Attack PatternAttack PatternClient-Server Protocol Manipulation - (220)Client-Server Protocol Manipulation - (220)
*Attack PatternAttack PatternDNS Rebinding - (275)DNS Rebinding - (275)
*Attack PatternAttack PatternContaminate Resource - (548)Contaminate Resource - (548)
+CategoryCategoryAnalyze Target - (281)Analyze Target - (281)
+Attack PatternAttack PatternReverse Engineering - (188)Reverse Engineering - (188)
+Attack PatternAttack PatternSoftware Reverse Engineering - (189)Software Reverse Engineering - (189)
+Attack PatternAttack PatternLifting Sensitive Data from the Client - (167)Lifting Sensitive Data from the Client - (167)
+Attack PatternAttack PatternCryptanalysis - (97)Cryptanalysis - (97)
+CategoryCategoryGain Physical Access - (436)Gain Physical Access - (436)
+CategoryCategoryMalicious Code Execution - (525)Malicious Code Execution - (525)
*Attack PatternAttack PatternTargeted Malware - (542)Targeted Malware - (542)
+CategoryCategoryManipulate System Users - (527)Manipulate System Users - (527)
+Attack PatternAttack PatternTarget Influence via Social Engineering - (416)Target Influence via Social Engineering - (416)
+Attack PatternAttack PatternTarget Influence via Psychological Principles - (427)Target Influence via Psychological Principles - (427)

Page Last Updated: July 23, 2014