Common Attack Pattern Enumeration and Classification

Common Attack Pattern Enumeration and Classification

CAPEC View by Classification (Release 1.3)

CAPEC View by Classification (Release 1.3)

The Common Attack Pattern Enumeration and Classification (CAPEC), is a list of common attack patterns. Creating the list is a community initiative. Together, these organizations and any others that wish to join the effort, are creating specific and succinct definitions for each of the elements in the CAPEC List. By leveraging the widest possible group of interests and talents we hope to ensure that the CAPEC elements are adequately described and differentiated. The next steps are to adequately capture the specific effects, behaviors, exploit mechanisms, and implementation details in the CAPEC dictionary as well as to review and revise the presentation approaches that will best suit this information.

CAPEC View by Classification (Release 1.3)

Common Attack Pattern Enumeration and Classification

Abuse of Functionality

API Abuse/Misuse - (113)API Abuse/Misuse - (113)

Locate and Exploit Test APIs - (121)Locate and Exploit Test APIs - (121)

Using Unpublished Web Service APIs - (36)Using Unpublished Web Service APIs - (36)

Programming to included script-based APIs - (160)Programming to included script-based APIs - (160)

Discovering, querying, and finally calling micro-services, such as w/ AJAX - (179)Discovering, querying, and finally calling micro-services, such as w/ AJAX - (179)

Leveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change application behavior

Functionality Misuse

Inducing Account Lockout - (2)Inducing Account Lockout - (2)

Password Recovery Exploitation - (50)Password Recovery Exploitation - (50)

Manipulating hidden fields to change the normal flow of transactions (eShoplifting) - (162)Manipulating hidden fields to change the normal flow of transactions (eShoplifting) - (162)

Forceful Browsing - (87)Forceful Browsing - (87)

Detect Unpublicized Web Pages - (143)Detect Unpublicized Web Pages - (143)

Detect Unpublicized Web Services - (144)Detect Unpublicized Web Services - (144)

Directory Traversal

WSDL Scanning - (95)WSDL Scanning - (95)

Passing Local Filenames to Functions That Expect a URL - (48)Passing Local Filenames to Functions That Expect a URL - (48)

Probing an Application by Targeting its Error Reporting - (54)Probing an Application by Targeting its Error Reporting - (54)

Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping

Fuzzing and observing application log data/errors for application mapping

Try All Common Application Switches and Options - (133)Try All Common Application Switches and Options - (133)

Cache Poisoning - (141)Cache Poisoning - (141)

Abuse of Communication Channels

Choosing a Message/Channel Identifier on a Public/Multicast Channel - (12)Choosing a Message/Channel Identifier on a Public/Multicast Channel - (12)

Exploiting Incorrectly Configured SSL Security Levels

Spoofing - (156)Spoofing - (156)

Content Spoofing - (148)Content Spoofing - (148)

Leveraging/Manipulating Configuration File Search Paths - (38)Leveraging/Manipulating Configuration File Search Paths - (38)

Fake the Source of Data

Checksum Spoofing - (145)Checksum Spoofing - (145)

Spoofing of UDDI/ebXML Messages

Identity Spoofing (Impersonation) - (151)Identity Spoofing (Impersonation) - (151)

Principal Spoofing

Man in the Middle Attack - (94)Man in the Middle Attack - (94)

XML Routing Detour Attacks

Utilizing Rests Trust in the System Resource to Register Man in the Middle - (57)Utilizing Rests Trust in the System Resource to Register Man in the Middle - (57)

Create Malicious Client

Client-Server Protocol Manipulation

Reflection Attack in Authentication Protocol - (90)Reflection Attack in Authentication Protocol - (90)

Embedding Script (XSS) in HTTP Headers - (86)Embedding Script (XSS) in HTTP Headers - (86)

Cross-Site Tracing - (107)Cross-Site Tracing - (107)

Embedding Script in HTTP Query Strings - (32)Embedding Script in HTTP Query Strings - (32)

HTTP Request Splitting - (105)HTTP Request Splitting - (105)

HTTP Response Splitting - (34)HTTP Response Splitting - (34)

HTTP Request Smuggling - (33)HTTP Request Smuggling - (33)

HTTP Response Smuggling

HTTP Verb Tampering

External Entity Attack

Phishing - (98)Phishing - (98)

Spear Phishing - (163)Spear Phishing - (163)

Mobile Phishing (aka MobPhishing) - (164)Mobile Phishing (aka MobPhishing) - (164)

Pharming - (89)Pharming - (89)

Action Spoofing - (173)Action Spoofing - (173)

Clickjacking - (103)Clickjacking - (103)

iFrame Overlay

Flash File Overlay - (181)Flash File Overlay - (181)

XEE (XML Entity Expansion)

XML Attribute Blowup

XML Parser Attack - (99)XML Parser Attack - (99)

Recursive Payloads Sent to XML Parsers

Oversized Payloads Sent to XML Parsers

XML Ping of Death - (147)XML Ping of Death - (147)

Probabilistic Techniques

Brute Force - (112)Brute Force - (112)

Password Brute Forcing - (49)Password Brute Forcing - (49)

Try Common (default) Usernames and Passwords - (70)Try Common (default) Usernames and Passwords - (70)

Dictionary-based Password Attack - (16)Dictionary-based Password Attack - (16)

Encryption Brute Forcing - (20)Encryption Brute Forcing - (20)

Rainbow Table password cracking - (55)Rainbow Table password cracking - (55)

Fuzzing - (28)Fuzzing - (28)

Cryptanalysis - (97)Cryptanalysis - (97)

Manipulating Opaque Client-based Data Tokens - (39)Manipulating Opaque Client-based Data Tokens - (39)

Fingerprinting

Web Server/Application Fingerprinting - (170)Web Server/Application Fingerprinting - (170)

Footprinting - (169)Footprinting - (169)

Client Network Footprinting (using AJAX/XSS) - (85)Client Network Footprinting (using AJAX/XSS) - (85)

Screen Temporary Files for Sensitive Information - (155)Screen Temporary Files for Sensitive Information - (155)

Exploitation of Authentication

Authentication Bypass - (115)Authentication Bypass - (115)

Authentication Abuse - (114)Authentication Abuse - (114)

Reflection Attack in Authentication Protocol - (90)Reflection Attack in Authentication Protocol - (90)

Exploitation of Session Variables, Resource IDs and other Trusted Credentials - (21)Exploitation of Session Variables, Resource IDs and other Trusted Credentials - (21)

Session Credential Falsification through Forging

Session Credential Falsification through Prediction - (59)Session Credential Falsification through Prediction - (59)

Session Credential Falsification through Manipulation

Reusing Session IDs (aka Session Replay) - (60)Reusing Session IDs (aka Session Replay) - (60)

Session Fixation - (61)Session Fixation - (61)

Session Sidejacking - (102)Session Sidejacking - (102)

Cross-site Request Forgery (aka Session Riding) - (62)Cross-site Request Forgery (aka Session Riding) - (62)

Accessing/Intercepting/Modifying HTTP Cookies - (31)Accessing/Intercepting/Modifying HTTP Cookies - (31)

Resource Depletion - (119)Resource Depletion - (119)

Denial of Service through Resource Depletion

Resource Depletion through Flooding - (125)Resource Depletion through Flooding - (125)

Resource Depletion through Allocation - (130)Resource Depletion through Allocation - (130)

Resource Depletion through DTD Injection in a SOAP Message

Resource Depletion through Leak - (131)Resource Depletion through Leak - (131)

Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS)) - (82)Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS)) - (82)

iFrame Overlay

Flash File Overlay - (181)Flash File Overlay - (181)

XEE (XML Entity Expansion)

XML Attribute Blowup

XML Parser Attack - (99)XML Parser Attack - (99)

Recursive Payloads Sent to XML Parsers

Oversized Payloads Sent to XML Parsers

XML Ping of Death - (147)XML Ping of Death - (147)

Exploitation of Privilege/Trust

Privilege Escalation

Accessing, Modifying or Executing Executable Files - (17)Accessing, Modifying or Executing Executable Files - (17)

Manipulating Writeable Configuration Files - (75)Manipulating Writeable Configuration Files - (75)

Restful Privilege Elevation - (58)Restful Privilege Elevation - (58)

Clickjacking - (103)Clickjacking - (103)

iFrame Overlay

Flash File Overlay - (181)Flash File Overlay - (181)

XEE (XML Entity Expansion)

XML Attribute Blowup

XML Parser Attack - (99)XML Parser Attack - (99)

Recursive Payloads Sent to XML Parsers

Oversized Payloads Sent to XML Parsers

XML Ping of Death - (147)XML Ping of Death - (147)

Symlink Attacks - (132)Symlink Attacks - (132)

Cross-Zone Scripting - (104)Cross-Zone Scripting - (104)

Hijacking a privileged process

Hijacking a Privileged Thread of Execution - (30)Hijacking a Privileged Thread of Execution - (30)

Implementing a callback to system routine (old AWT Queue)

Catching exception throw/signal from privileged block

Subvert Code-signing Facilities - (68)Subvert Code-signing Facilities - (68)

Calling signed code from another language within a sandbox that allows this

Lifting signing key and signing malicious code from a production environment

Using URL/codebase / G.A.C. (code source) to convince sandbox of privilege

Target Programs with Elevated Privileges - (69)Target Programs with Elevated Privileges - (69)

Exploiting Trust in Client (aka Make the Client Invisible) - (22)Exploiting Trust in Client (aka Make the Client Invisible) - (22)

Man in the Middle Attack - (94)Man in the Middle Attack - (94)

XML Routing Detour Attacks

Utilizing Rests Trust in the System Resource to Register Man in the Middle - (57)Utilizing Rests Trust in the System Resource to Register Man in the Middle - (57)

Create Malicious Client

Client-Server Protocol Manipulation

Reflection Attack in Authentication Protocol - (90)Reflection Attack in Authentication Protocol - (90)

Embedding Script (XSS) in HTTP Headers - (86)Embedding Script (XSS) in HTTP Headers - (86)

Cross-Site Tracing - (107)Cross-Site Tracing - (107)

Embedding Script in HTTP Query Strings - (32)Embedding Script in HTTP Query Strings - (32)

HTTP Request Splitting - (105)HTTP Request Splitting - (105)

HTTP Response Splitting - (34)HTTP Response Splitting - (34)

HTTP Request Smuggling - (33)HTTP Request Smuggling - (33)

HTTP Response Smuggling

HTTP Verb Tampering

Lifting Sensitive Data from the Client - (167)Lifting Sensitive Data from the Client - (167)

Lifting Data Embedded in Client Distributions - (37)Lifting Data Embedded in Client Distributions - (37)

Lifting credential(s)/key material embedded in client distributions (thick or thin)

Lifting cached, sensitive data embedded in client distributions (thick or thin)

Reflection Attack in Authentication Protocol - (90)Reflection Attack in Authentication Protocol - (90)

Removing Important Functionality from the Client

Removing/short-circuiting 'guard logic' - (56)Removing/short-circuiting 'guard logic' - (56)

Removing/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements

Removal of filters: Input filters, output filters, data masking

Subversion of authorization checks: cache filtering, programmatic security, etc.

Exploitation of Authorization - (122)Exploitation of Authorization - (122)

Accessing Functionality Not Properly Constrained by ACLs - (1)Accessing Functionality Not Properly Constrained by ACLs - (1)

Exploiting Incorrectly Configured Access Control Security Levels - (180)Exploiting Incorrectly Configured Access Control Security Levels - (180)

Injection (Injecting Control Plane content through the Data Plane) - (152)Injection (Injecting Control Plane content through the Data Plane) - (152)

Analog In-Band Switching Signals (aka Blue Boxing) - (5)Analog In-Band Switching Signals (aka Blue Boxing) - (5)

Parameter Injection - (137)Parameter Injection - (137)

Flash Parameter Injection - (174)Flash Parameter Injection - (174)

Argument Injection - (6)Argument Injection - (6)

Manipulating Input to File System Calls - (76)Manipulating Input to File System Calls - (76)

Resource Injection

Code Injection

File System Function Injection, Content Based - (23)File System Function Injection, Content Based - (23)

Flash Injection - (182)Flash Injection - (182)

Cross-Site Flashing - (178)Cross-Site Flashing - (178)

Script Injection

File System Function Injection, Content Based - (23)File System Function Injection, Content Based - (23)

Simple Script Injection - (63)Simple Script Injection - (63)

Embedding Script within Scripts - (19)Embedding Script within Scripts - (19)

Embedding Script in Nonscript Elements - (18)Embedding Script in Nonscript Elements - (18)

Embedding Script (XSS) in HTTP Headers - (86)Embedding Script (XSS) in HTTP Headers - (86)

Cross-Site Tracing - (107)Cross-Site Tracing - (107)

Embedding Script in HTTP Query Strings - (32)Embedding Script in HTTP Query Strings - (32)

Cross-Site Scripting in Error Pages

Cross-Site Scripting in Log Files - (106)Cross-Site Scripting in Log Files - (106)

Cross-Site Scripting in IMG Tags - (91)Cross-Site Scripting in IMG Tags - (91)

Cross-Site Scripting in Attributes

Cross-Site Scripting via Encoded URI Schemes

Cross-Site Scripting Using Doubled Characters, e.g. %3C%3Cscript

Cross-Site Scripting Using Alternate Syntax

Cross-Site Scripting Using MIME Type Mismatch

Cross-Site Scripting Using Flash

Cross-Site Scripting with Masking through Invalid Characters in Identifiers

Using Meta-characters in E-mail Headers to Inject Malicious Payloads - (41)Using Meta-characters in E-mail Headers to Inject Malicious Payloads - (41)

Command Injection

Command Line Execution through SQL Injection - (108)Command Line Execution through SQL Injection - (108)

IMAP/SMTP Command Injection - (183)IMAP/SMTP Command Injection - (183)

Command Delimiters - (15)Command Delimiters - (15)

OS Command Injection - (88)OS Command Injection - (88)

SQL Injection - (66)SQL Injection - (66)

Object Relational Mapping (ORM) Injection - (109)Object Relational Mapping (ORM) Injection - (109)

Blind SQL Injection - (7)Blind SQL Injection - (7)

SQL Injection through SOAP Parameter Tampering - (110)SQL Injection through SOAP Parameter Tampering - (110)

SQL Injection through SOAP Parameter Tampering - (110)SQL Injection through SOAP Parameter Tampering - (110)

Character Injection

Manipulating Writeable Terminal Devices - (40)Manipulating Writeable Terminal Devices - (40)

LDAP Injection - (136)LDAP Injection - (136)

XML Injection

Xpath Injection - (83)Xpath Injection - (83)

Xquery Injection - (84)Xquery Injection - (84)

Code Inclusion - (175)Code Inclusion - (175)

Local Code Inclusion

PHP Local File Inclusion

Remote Code Inclusion

PHP Remote File Inclusion

Server Side Include (SSI) Injection - (101)Server Side Include (SSI) Injection - (101)

Format String Injection - (135)Format String Injection - (135)

Reflection Injection - (138)Reflection Injection - (138)

Email Injection - (134)Email Injection - (134)

Using Meta-characters in E-mail Headers to Inject Malicious Payloads - (41)Using Meta-characters in E-mail Headers to Inject Malicious Payloads - (41)

DTD Injection in a SOAP Message

Data Structure Attacks

Buffer Attacks - (123)Buffer Attacks - (123)

Overflow Buffers - (100)Overflow Buffers - (100)

Filter Failure through Buffer Overflow - (24)Filter Failure through Buffer Overflow - (24)

Buffer Overflow via Environment Variables - (10)Buffer Overflow via Environment Variables - (10)

Buffer Overflow in an API Call - (8)Buffer Overflow in an API Call - (8)

Buffer Overflow in Local Command-Line Utilities - (9)Buffer Overflow in Local Command-Line Utilities - (9)

Overflow Variables and Tags - (46)Overflow Variables and Tags - (46)

Buffer Overflow via Symbolic Links - (45)Buffer Overflow via Symbolic Links - (45)

String Format Overflow in syslog() - (67)String Format Overflow in syslog() - (67)

Client-side Injection-induced Buffer Overflow - (14)Client-side Injection-induced Buffer Overflow - (14)

Overflow Binary Resource File - (44)Overflow Binary Resource File - (44)

Buffer Overflow via Parameter Expansion - (47)Buffer Overflow via Parameter Expansion - (47)

MIME Conversion - (42)MIME Conversion - (42)

SOAP Array Overflow

Abuse of transaction data strutcture

JSON Hijacking (aka JavaScript Hijacking) - (111)JSON Hijacking (aka JavaScript Hijacking) - (111)

Accessing/Intercepting/Modifying HTTP Cookies - (31)Accessing/Intercepting/Modifying HTTP Cookies - (31)

Integer Attacks - (128)Integer Attacks - (128)

Forced Integer Overflow - (92)Forced Integer Overflow - (92)

Pointer Attacks - (129)Pointer Attacks - (129)

Attack through Shared Data - (124)Attack through Shared Data - (124)

Data Leakage Attacks - (118)Data Leakage Attacks - (118)

Data Interception Attacks - (117)Data Interception Attacks - (117)

Accessing/Intercepting/Modifying HTTP Cookies - (31)Accessing/Intercepting/Modifying HTTP Cookies - (31)

Sniffing Attacks - (157)Sniffing Attacks - (157)

Sniffing Information Sent Over Public/multicast Networks - (158)Sniffing Information Sent Over Public/multicast Networks - (158)

Passively Sniff and Capture Application Code Bound for an Authorized Client - (65)Passively Sniff and Capture Application Code Bound for an Authorized Client - (65)

Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update

Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching

Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution

Data Excavation Attacks - (116)Data Excavation Attacks - (116)

Probing an Application by Targeting its Error Reporting - (54)Probing an Application by Targeting its Error Reporting - (54)

Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping

Fuzzing and observing application log data/errors for application mapping

Fuzzing for garnering (through web or log) other adjacent user/sensitive data as an authorized system user (overly broad but valid SQL queries)

Resource Manipulation

Accessing/Intercepting/Modifying HTTP Cookies - (31)Accessing/Intercepting/Modifying HTTP Cookies - (31)

Abuse of transaction data strutcture

JSON Hijacking (aka JavaScript Hijacking) - (111)JSON Hijacking (aka JavaScript Hijacking) - (111)

File manipulation - (165)File manipulation - (165)

Accessing, Modifying or Executing Executable Files - (17)Accessing, Modifying or Executing Executable Files - (17)

File System Function Injection, Content Based - (23)File System Function Injection, Content Based - (23)

Overflow Binary Resource File - (44)Overflow Binary Resource File - (44)

User-Controlled Filename - (73)User-Controlled Filename - (73)

Leverage Executable Code in Nonexecutable Files - (35)Leverage Executable Code in Nonexecutable Files - (35)

Cause Web Server Misclassification - (11)Cause Web Server Misclassification - (11)

Force Use of Corruped Files

Create files with the same name as files protected with a higher classification - (177)Create files with the same name as files protected with a higher classification - (177)

Configuration/Environment manipulation - (176)Configuration/Environment manipulation - (176)

Manipulating Writeable Configuration Files - (75)Manipulating Writeable Configuration Files - (75)

Manipulate Application Registry Values

Block Access to Libraries - (96)Block Access to Libraries - (96)

Redirect Access to Libraries - (159)Redirect Access to Libraries - (159)

Variable manipulation - (171)Variable manipulation - (171)

Manipulating Input to File System Calls - (76)Manipulating Input to File System Calls - (76)

Environment variable manipulation

Subverting Environment Variable Values - (13)Subverting Environment Variable Values - (13)

Global variable manipulation

Manipulating User-Controlled Variables - (77)Manipulating User-Controlled Variables - (77)

Force the System to Reset Values - (166)Force the System to Reset Values - (166)

Input Data Manipulation - (153)Input Data Manipulation - (153)

Manipulate Canonicalization

Cause Web Server Misclassification - (11)Cause Web Server Misclassification - (11)

Leverage Alternate Encoding

Using Unicode Encoding to Bypass Validation Logic - (71)Using Unicode Encoding to Bypass Validation Logic - (71)

Using UTF-8 Encoding to Bypass Validation Logic - (80)Using UTF-8 Encoding to Bypass Validation Logic - (80)

URL Encoding - (72)URL Encoding - (72)

Embedding NULL Bytes - (52)Embedding NULL Bytes - (52)

Postfix, Null Terminate, and Backslash - (53)Postfix, Null Terminate, and Backslash - (53)

Using Leading 'Ghost' Character Sequences to Bypass Input Filters - (3)Using Leading 'Ghost' Character Sequences to Bypass Input Filters - (3)

Using Slashes in Alternate Encoding - (79)Using Slashes in Alternate Encoding - (79)

Using Escaped Slashes in Alternate Encoding - (78)Using Escaped Slashes in Alternate Encoding - (78)

Using Slashes and URL Encoding Combined to Bypass Validation Logic - (64)Using Slashes and URL Encoding Combined to Bypass Validation Logic - (64)

Using Alternative IP Address Encodings - (4)Using Alternative IP Address Encodings - (4)

Exploiting Multiple Input Interpretation Layers - (43)Exploiting Multiple Input Interpretation Layers - (43)

Double Encoding - (120)Double Encoding - (120)

Resource Location Attacks - (154)Resource Location Attacks - (154)

Leveraging/Manipulating Configuration File Search Paths - (38)Leveraging/Manipulating Configuration File Search Paths - (38)

Path Traversal - (126)Path Traversal - (126)

Using Slashes in Alternate Encoding - (79)Using Slashes in Alternate Encoding - (79)

Using Escaped Slashes in Alternate Encoding - (78)Using Escaped Slashes in Alternate Encoding - (78)

Using Slashes and URL Encoding Combined to Bypass Validation Logic - (64)Using Slashes and URL Encoding Combined to Bypass Validation Logic - (64)

Relative Path Traversal - (139)Relative Path Traversal - (139)

Common resource location exploration - (150)Common resource location exploration - (150)

Explore for predictable temporary file names - (149)Explore for predictable temporary file names - (149)

Directory Indexing - (127)Directory Indexing - (127)

Audit Log Manipulation

Web Logs Tampering - (81)Web Logs Tampering - (81)

Log Injection-Tampering-Forging - (93)Log Injection-Tampering-Forging - (93)

Registry Manipulation

Poison Web Service Registry - (51)Poison Web Service Registry - (51)

Craft a Maliciously Misconfigured Registry

Infrastructure Manipulation - (161)Infrastructure Manipulation - (161)

Pharming - (89)Pharming - (89)

DNS Cache Poisoning - (142)DNS Cache Poisoning - (142)

Schema Poisoning

XML Schema Poisoning - (146)XML Schema Poisoning - (146)

Protocol Manipulation

Client-Server Protocol Manipulation

Reflection Attack in Authentication Protocol - (90)Reflection Attack in Authentication Protocol - (90)

Embedding Script (XSS) in HTTP Headers - (86)Embedding Script (XSS) in HTTP Headers - (86)

Cross-Site Tracing - (107)Cross-Site Tracing - (107)

Embedding Script in HTTP Query Strings - (32)Embedding Script in HTTP Query Strings - (32)

HTTP Request Splitting - (105)HTTP Request Splitting - (105)

HTTP Response Splitting - (34)HTTP Response Splitting - (34)

HTTP Request Smuggling - (33)HTTP Request Smuggling - (33)

HTTP Response Smuggling

HTTP Verb Tampering

DNS Rebinding

Inter-component Protocol Manipulation

Data Interchange Protocol Manipulation

Web Services Protocol Manipulation

XML External Entity Attack

Soap Manipulation

DTD Injection in a SOAP Message

SOAP Parameter Tampering

SQL Injection through SOAP Parameter Tampering - (110)SQL Injection through SOAP Parameter Tampering - (110)

Windows ::DATA Alternate Data Stream - (168)Windows ::DATA Alternate Data Stream - (168)

Time and State Attacks - (172)Time and State Attacks - (172)

Manipulating User State - (74)Manipulating User State - (74)

Bypassing of Intermediate Forms in Multiple-Form Sets - (140)Bypassing of Intermediate Forms in Multiple-Form Sets - (140)

Forced Deadlock - (25)Forced Deadlock - (25)

Leveraging Race Conditions - (26)Leveraging Race Conditions - (26)

Leveraging Race Conditions via Symbolic Links - (27)Leveraging Race Conditions via Symbolic Links - (27)

Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions - (29)Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions - (29)