Detailed Attack Pattern Absolute Path Traversal - (597)Detailed Attack Pattern Accessing/Intercepting/Modifying HTTP Cookies - (31)Detailed Attack Pattern Account Footprinting - (575)Detailed Attack Pattern Activity Hijack - (501)Detailed Attack Pattern Add Malicious File to Shared Webroot - (563)Detailed Attack Pattern AJAX Fingerprinting - (85)Detailed Attack Pattern Altered Installed BIOS - (532)Detailed Attack Pattern Analysis of Packet Timing and Sizes - (621)Detailed Attack Pattern Artificially Inflate File Sizes - (572)Detailed Attack Pattern ASIC With Malicious Functionality - (539)Detailed Attack Pattern BGP Route Disabling - (584)Detailed Attack Pattern BitSquatting - (611)Detailed Attack Pattern Blind SQL Injection - (7)Detailed Attack Pattern Block Access to Libraries - (96)Detailed Attack Pattern Blue Boxing - (5)Detailed Attack Pattern Browser Fingerprinting - (472)Detailed Attack Pattern Buffer Overflow in an API Call - (8)Detailed Attack Pattern Buffer Overflow in Local Command-Line Utilities - (9)Detailed Attack Pattern Buffer Overflow via Environment Variables - (10)Detailed Attack Pattern Buffer Overflow via Parameter Expansion - (47)Detailed Attack Pattern Buffer Overflow via Symbolic Links - (45)Detailed Attack Pattern Bypassing ATA Password Security - (402)Detailed Attack Pattern Capture Credentials via Keylogger - (568)Detailed Attack Pattern Carry-Off GPS Attack - (628)Detailed Attack Pattern Catching exception throw/signal from privileged block - (236)Detailed Attack Pattern Cellular Broadcast Message Request - (618)Detailed Attack Pattern Cellular Data Injection - (610)Detailed Attack Pattern Cellular Jamming - (605)Detailed Attack Pattern Cellular Rogue Base Station - (617)Detailed Attack Pattern Cellular Traffic Intercept - (609)Detailed Attack Pattern Checksum Spoofing - (145)Detailed Attack Pattern Client-side Injection-induced Buffer Overflow - (14)Detailed Attack Pattern Command Line Execution through SQL Injection - (108)Detailed Attack Pattern Compromising Emanations Attack - (623)Detailed Attack Pattern Counterfeit Hardware Component Inserted During Product Assembly - (520)Detailed Attack Pattern Counterfeit Organizations - (544)Detailed Attack Pattern Counterfeit Websites - (543)Detailed Attack Pattern Creating a Rogue Certification Authority Certificate - (459)Detailed Attack Pattern Cross Site Identification - (467)Detailed Attack Pattern Cross Site Tracing - (107)Detailed Attack Pattern Cross-Domain Search Timing - (462)Detailed Attack Pattern Cross-Site Flashing - (178)Detailed Attack Pattern Cryptanalysis of Cellular Encryption - (608)Detailed Attack Pattern Data Injected During Configuration - (536)
Deprecated DEPRECATED: DTD Injection in a SOAP Message - (254)Deprecated DEPRECATED: Leveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change application behavior - (211)Deprecated DEPRECATED: Lifting credential(s)/key material embedded in client distributions (thick or thin) - (205)Deprecated DEPRECATED: Malicious Logic Insertion via Inclusion of Counterfeit Hardware Components - (455)Deprecated DEPRECATED: Malware Propagation via Infected Peripheral Device - (451)Deprecated DEPRECATED: Malware Propagation via USB Stick - (449)Deprecated DEPRECATED: Modification of Existing Components with Counterfeit Hardware - (454)Deprecated DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update - (258)Deprecated DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution - (260)Deprecated DEPRECATED: XSS in IMG Tags - (91)Deprecated DEPRECATED: XSS through Log Files - (106)Deprecated DEPRECATED: XSS Using Flash - (246)Detailed Attack Pattern Detect Unpublicized Web Pages - (143)Detailed Attack Pattern Detect Unpublicized Web Services - (144)Detailed Attack Pattern Dictionary-based Password Attack - (16)Detailed Attack Pattern Directory Indexing - (127)Detailed Attack Pattern Disabling Network Hardware - (583)Detailed Attack Pattern DLL Search Order Hijacking - (471)Detailed Attack Pattern DNS Blocking - (589)Detailed Attack Pattern DNS Cache Poisoning - (142)Detailed Attack Pattern DNS Domain Seizure - (585)Detailed Attack Pattern DNS Spoofing - (598)Detailed Attack Pattern DNS Zone Transfers - (291)Detailed Attack Pattern Documentation Alteration to Cause Errors in System Design - (519)Detailed Attack Pattern Documentation Alteration to Circumvent Dial-down - (517)Detailed Attack Pattern Documentation Alteration to Produce Under-performing Systems - (518)Detailed Attack Pattern DOM-Based XSS - (588)Detailed Attack Pattern Double Encoding - (120)Detailed Attack Pattern DTD Injection - (228)Detailed Attack Pattern Dump Password Hashes - (566)Detailed Attack Pattern Electromagnetic Side-Channel Attack - (622)Detailed Attack Pattern Embedding NULL Bytes - (52)Detailed Attack Pattern Enumerate Mail Exchange (MX) Records - (290)Detailed Attack Pattern Evil Twin Wi-Fi Attack - (615)Detailed Attack Pattern Expanding Control over the Operating System from the Database - (470)Detailed Attack Pattern Exploiting Multiple Input Interpretation Layers - (43)Detailed Attack Pattern Explore for Predictable Temporary File Names - (149)Detailed Attack Pattern Filter Failure through Buffer Overflow - (24)Detailed Attack Pattern Flash File Overlay - (181)Detailed Attack Pattern Flash Memory Attacks - (458)Detailed Attack Pattern Flash Parameter Injection - (174)Detailed Attack Pattern Force the System to Reset Values - (166)Detailed Attack Pattern Forced Integer Overflow - (92)Detailed Attack Pattern Fuzzing and observing application log data/errors for application mapping - (215)Detailed Attack Pattern Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping - (214)Detailed Attack Pattern Fuzzing for garnering other adjacent user/sensitive data - (261)Detailed Attack Pattern Group Permission Footprinting - (576)Detailed Attack Pattern Hardware Component Substitution - (531)Detailed Attack Pattern Hardware Component Substitution During Baselining - (516)Detailed Attack Pattern Hardware Design Specifications Are Altered - (521)Detailed Attack Pattern Harvesting Usernames or UserIDs via Application API Event Monitoring - (383)Detailed Attack Pattern Homograph Attack via Homoglyphs - (632)Detailed Attack Pattern HTTP Parameter Pollution (HPP) - (460)Detailed Attack Pattern HTTP Request Smuggling - (33)Detailed Attack Pattern HTTP Response Smuggling - (273)Detailed Attack Pattern HTTP Response Splitting - (34)Detailed Attack Pattern HTTP Verb Tampering - (274)Detailed Attack Pattern ICMP Address Mask Request - (294)Detailed Attack Pattern ICMP Echo Request Ping - (285)Detailed Attack Pattern ICMP Error Message Echoing Integrity Probe - (330)Detailed Attack Pattern ICMP Error Message Quoting Probe - (329)Detailed Attack Pattern ICMP Information Request - (296)Detailed Attack Pattern ICMP IP 'ID' Field Error Message Probe - (332)Detailed Attack Pattern ICMP IP Total Length Field Probe - (331)Detailed Attack Pattern ICMP Timestamp Request - (295)Detailed Attack Pattern iFrame Overlay - (222)Detailed Attack Pattern Implementing a callback to system routine (old AWT Queue) - (235)Detailed Attack Pattern Infiltration of Hardware Development Environment - (537)Detailed Attack Pattern Infiltration of Software Development Environment - (511)Detailed Attack Pattern Influence Perception of Authority - (421)Detailed Attack Pattern Influence Perception of Commitment and Consistency - (422)Detailed Attack Pattern Influence Perception of Consensus or Social Proof - (424)Detailed Attack Pattern Influence Perception of Liking - (423)Detailed Attack Pattern Influence Perception of Reciprocation - (418)Detailed Attack Pattern Influence Perception of Scarcity - (420)Detailed Attack Pattern Influence via Modes of Thinking - (428)Detailed Attack Pattern Install New Service - (550)Detailed Attack Pattern Install Rootkit - (552)Detailed Attack Pattern IP 'ID' Echoed Byte-Order Probe - (318)Detailed Attack Pattern IP (DF) 'Don't Fragment Bit' Echoing Probe - (319)Detailed Attack Pattern IP Address Blocking - (590)Detailed Attack Pattern IP ID Sequencing Probe - (317)Detailed Attack Pattern JSON Hijacking (aka JavaScript Hijacking) - (111)Detailed Attack Pattern Leveraging Race Conditions via Symbolic Links - (27)Detailed Attack Pattern Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions - (29)Detailed Attack Pattern Leveraging/Manipulating Configuration File Search Paths - (38)Detailed Attack Pattern Lifting Sensitive Data Embedded in Cache - (204)Detailed Attack Pattern Log Injection-Tampering-Forging - (93)Detailed Attack Pattern Malicious Automated Software Update - (187)Detailed Attack Pattern Malicious Gray Market Hardware - (535)Detailed Attack Pattern Malicious Logic Inserted Into Product Software by Authorized Developer - (443)Detailed Attack Pattern Malicious Logic Insertion into Product Software via Configuration Management Manipulation - (445)Detailed Attack Pattern Malicious Logic Insertion into Product Software via Inclusion of 3rd Party Component Dependency - (446)Detailed Attack Pattern Malicious Manual Software Update - (533)Detailed Attack Pattern Malware Infection into Product Software - (448)Detailed Attack Pattern Manipulating Hidden Fields - (162)Detailed Attack Pattern Manipulating Web Input to File System Calls - (76)Detailed Attack Pattern Manipulating Writeable Terminal Devices - (40)Detailed Attack Pattern MIME Conversion - (42)Detailed Attack Pattern Mobile Device Fault Injection - (625)Detailed Attack Pattern Mobile Phishing - (164)Detailed Attack Pattern Modification of Registry Run Keys - (270)Detailed Attack Pattern Modify Existing Service - (551)Detailed Attack Pattern Modify Shared File - (562)Detailed Attack Pattern Object Relational Mapping Injection - (109)Detailed Attack Pattern Open Source Libraries Altered - (538)Detailed Attack Pattern Orbital Jamming - (559)Detailed Attack Pattern Overflow Binary Resource File - (44)Detailed Attack Pattern Overflow Variables and Tags - (46)Detailed Attack Pattern Owner Footprinting - (577)Detailed Attack Pattern Padding Oracle Crypto Attack - (463)Detailed Attack Pattern Passing Local Filenames to Functions That Expect a URL - (48)Detailed Attack Pattern PHP Local File Inclusion - (252)Detailed Attack Pattern PHP Remote File Inclusion - (193)Detailed Attack Pattern Poison Web Service Registry - (51)Detailed Attack Pattern Postfix, Null Terminate, and Backslash - (53)Detailed Attack Pattern Pretexting via Customer Service - (412)Detailed Attack Pattern Pretexting via Delivery Person - (414)Detailed Attack Pattern Pretexting via Phone - (415)Detailed Attack Pattern Pretexting via Tech Support - (413)Detailed Attack Pattern Probe Application Memory - (546)Detailed Attack Pattern Probe iOS Screenshots - (498)Detailed Attack Pattern Process Footprinting - (573)Detailed Attack Pattern Provide Counterfeit Component - (530)Detailed Attack Pattern Read Sensitive Strings Within an Executable - (191)Detailed Attack Pattern Reflected XSS - (591)Detailed Attack Pattern Relative Path Traversal - (139)Detailed Attack Pattern Remote Services with Stolen Credentials - (555)Detailed Attack Pattern Removal of filters: Input filters, output filters, data masking - (200)Detailed Attack Pattern Removing/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements - (208)Detailed Attack Pattern Replace File Extension Handlers - (556)Detailed Attack Pattern Replace Trusted Executable - (558)Detailed Attack Pattern Replace Winlogon Helper DLL - (579)Detailed Attack Pattern Restful Privilege Elevation - (58)Detailed Attack Pattern Retrieve Embedded Sensitive Data - (37)Detailed Attack Pattern Reusing Session IDs (aka Session Replay) - (60)Detailed Attack Pattern Reverse Engineer an Executable to Expose Assumed Hidden Functionality or Content - (190)Detailed Attack Pattern Rooting SIM Cards - (614)Detailed Attack Pattern Run Software at Logon - (564)Detailed Attack Pattern Scanning for Vulnerable Software - (310)Detailed Attack Pattern Schedule Software To Run - (557)Detailed Attack Pattern Scheme Squatting - (505)Detailed Attack Pattern Screen Temporary Files for Sensitive Information - (155)Detailed Attack Pattern Security Software Footprinting - (581)Detailed Attack Pattern Server Side Include (SSI) Injection - (101)Detailed Attack Pattern Services Footprinting - (574)Detailed Attack Pattern Session Credential Falsification through Manipulation - (226)Detailed Attack Pattern Session Credential Falsification through Prediction - (59)Detailed Attack Pattern Session Fixation - (61)Detailed Attack Pattern Session Sidejacking - (102)Detailed Attack Pattern Signal Strength Tracking - (619)Detailed Attack Pattern Signature Spoofing by Improper Validation - (475)Detailed Attack Pattern Signature Spoofing by Key Recreation - (485)Detailed Attack Pattern Signature Spoofing by Key Theft - (474)Detailed Attack Pattern Signature Spoofing by Misrepresentation - (476)Detailed Attack Pattern Signature Spoofing by Mixing Signed and Unsigned Content - (477)Detailed Attack Pattern Signature-Based Avoidance - (570)Detailed Attack Pattern Smudge Attack - (626)Detailed Attack Pattern Sniff Application Code - (65)Detailed Attack Pattern Sniffing Network Traffic - (158)Detailed Attack Pattern SOAP Array Overflow - (256)Detailed Attack Pattern SOAP Parameter Tampering - (280)Detailed Attack Pattern SoundSquatting - (631)Detailed Attack Pattern Spear Phishing - (163)Detailed Attack Pattern Spoofing of UDDI/ebXML Messages - (218)Detailed Attack Pattern SQL Injection through SOAP Parameter Tampering - (110)Detailed Attack Pattern Stored XSS - (592)Detailed Attack Pattern String Format Overflow in syslog() - (67)Detailed Attack Pattern Subversion of authorization checks: cache filtering, programmatic security, etc. - (239)Detailed Attack Pattern Subverting Environment Variable Values - (13)Detailed Attack Pattern Symlink Attack - (132)Detailed Attack Pattern Task Impersonation - (504)Detailed Attack Pattern TCP 'RST' Flag Checksum Probe - (328)Detailed Attack Pattern TCP (ISN) Counter Rate Probe - (323)Detailed Attack Pattern TCP (ISN) Greatest Common Divisor Probe - (322)Detailed Attack Pattern TCP (ISN) Sequence Predictability Probe - (324)Detailed Attack Pattern TCP ACK Ping - (297)Detailed Attack Pattern TCP ACK Scan - (305)Detailed Attack Pattern TCP Congestion Control Flag (ECN) Probe - (325)Detailed Attack Pattern TCP Connect Scan - (301)Detailed Attack Pattern TCP FIN scan - (302)Detailed Attack Pattern TCP Initial Window Size Probe - (326)Detailed Attack Pattern TCP Null Scan - (304)Detailed Attack Pattern TCP Options Probe - (327)Detailed Attack Pattern TCP RPC Scan - (307)Detailed Attack Pattern TCP RST Injection - (596)Detailed Attack Pattern TCP Sequence Number Probe - (321)Detailed Attack Pattern TCP SYN Ping - (299)Detailed Attack Pattern TCP SYN Scan - (287)Detailed Attack Pattern TCP Timestamp Probe - (320)Detailed Attack Pattern TCP Window Scan - (306)Detailed Attack Pattern TCP Xmas Scan - (303)Detailed Attack Pattern Terrestrial Jamming - (599)Detailed Attack Pattern Traceroute Route Enumeration - (293)Detailed Attack Pattern Transparent Proxy Abuse - (465)Detailed Attack Pattern Try Common or Default Usernames and Passwords - (70)Detailed Attack Pattern TypoSquatting - (630)Detailed Attack Pattern UDP Ping - (298)Detailed Attack Pattern UDP Scan - (308)Detailed Attack Pattern Unauthorized Use of Device Resources - (629)Detailed Attack Pattern URL Encoding - (72)Detailed Attack Pattern USB Memory Attacks - (457)Detailed Attack Pattern User-Controlled Filename - (73)Detailed Attack Pattern Using Alternative IP Address Encodings - (4)Detailed Attack Pattern Using Escaped Slashes in Alternate Encoding - (78)Detailed Attack Pattern Using Leading 'Ghost' Character Sequences to Bypass Input Filters - (3)Detailed Attack Pattern Using Meta-characters in E-mail Headers to Inject Malicious Payloads - (41)Detailed Attack Pattern Using Slashes and URL Encoding Combined to Bypass Validation Logic - (64)Detailed Attack Pattern Using Slashes in Alternate Encoding - (79)Detailed Attack Pattern Using Unicode Encoding to Bypass Validation Logic - (71)Detailed Attack Pattern Using URL/codebase / G.A.C. (code source) to convince sandbox of privilege - (238)Detailed Attack Pattern Using UTF-8 Encoding to Bypass Validation Logic - (80)Detailed Attack Pattern Utilizing REST's Trust in the System Resource to Register Man in the Middle - (57)Detailed Attack Pattern Weakening of Cellular Encryption - (606)Detailed Attack Pattern Web Application Fingerprinting - (170)Detailed Attack Pattern Web Logs Tampering - (81)Detailed Attack Pattern WebView Injection - (500)Detailed Attack Pattern Wi-Fi Jamming - (604)Detailed Attack Pattern WiFi MAC Address Tracking - (612)Detailed Attack Pattern WiFi SSID Tracking - (613)Detailed Attack Pattern Windows Admin Shares with Stolen Credentials - (561)Detailed Attack Pattern WSDL Scanning - (95)Detailed Attack Pattern XML Attribute Blowup - (229)Detailed Attack Pattern XML Entity Blowup - (201)Detailed Attack Pattern XML Entity Expansion - (197)Detailed Attack Pattern XML Ping of the Death - (147)Detailed Attack Pattern XML Quadratic Expansion - (491)Detailed Attack Pattern XML Schema Poisoning - (146)Detailed Attack Pattern XPath Injection - (83)Detailed Attack Pattern XQuery Injection - (84)Detailed Attack Pattern XSS Targeting Error Pages - (198)Detailed Attack Pattern XSS Targeting Non-Script Elements - (18)Detailed Attack Pattern XSS Targeting URI Placeholders - (244)Detailed Attack Pattern XSS Targetting HTML Attributes - (243)Detailed Attack Pattern XSS Through HTTP Headers - (86)Detailed Attack Pattern XSS Through HTTP Query Strings - (32)Detailed Attack Pattern XSS Using Alternate Syntax - (199)Detailed Attack Pattern XSS Using Doubled Characters - (245)Detailed Attack Pattern XSS Using Invalid Characters - (247)Detailed Attack Pattern XSS Using MIME Type Mismatch - (209)