Detailed Attack Pattern
Absolute Path Traversal
-
(597)
Detailed Attack Pattern
Accessing/Intercepting/Modifying HTTP Cookies
-
(31)
Detailed Attack Pattern
Account Footprinting
-
(575)
Detailed Attack Pattern
Activity Hijack
-
(501)
Detailed Attack Pattern
Add Malicious File to Shared Webroot
-
(563)
Detailed Attack Pattern
AJAX Fingerprinting
-
(85)
Detailed Attack Pattern
Altered Installed BIOS
-
(532)
Detailed Attack Pattern
Analysis of Packet Timing and Sizes
-
(621)
Detailed Attack Pattern
Artificially Inflate File Sizes
-
(572)
Detailed Attack Pattern
ASIC With Malicious Functionality
-
(539)
Detailed Attack Pattern
BGP Route Disabling
-
(584)
Detailed Attack Pattern
BitSquatting
-
(611)
Detailed Attack Pattern
Blind SQL Injection
-
(7)
Detailed Attack Pattern
Block Access to Libraries
-
(96)
Detailed Attack Pattern
Blue Boxing
-
(5)
Detailed Attack Pattern
Browser Fingerprinting
-
(472)
Detailed Attack Pattern
Buffer Overflow in an API Call
-
(8)
Detailed Attack Pattern
Buffer Overflow in Local Command-Line Utilities
-
(9)
Detailed Attack Pattern
Buffer Overflow via Environment Variables
-
(10)
Detailed Attack Pattern
Buffer Overflow via Parameter Expansion
-
(47)
Detailed Attack Pattern
Buffer Overflow via Symbolic Links
-
(45)
Detailed Attack Pattern
Bypassing ATA Password Security
-
(402)
Detailed Attack Pattern
Capture Credentials via Keylogger
-
(568)
Detailed Attack Pattern
Carry-Off GPS Attack
-
(628)
Detailed Attack Pattern
Catching exception throw/signal from privileged block
-
(236)
Detailed Attack Pattern
Cellular Broadcast Message Request
-
(618)
Detailed Attack Pattern
Cellular Data Injection
-
(610)
Detailed Attack Pattern
Cellular Jamming
-
(605)
Detailed Attack Pattern
Cellular Rogue Base Station
-
(617)
Detailed Attack Pattern
Cellular Traffic Intercept
-
(609)
Detailed Attack Pattern
Checksum Spoofing
-
(145)
Detailed Attack Pattern
Client-side Injection-induced Buffer Overflow
-
(14)
Detailed Attack Pattern
Command Line Execution through SQL Injection
-
(108)
Detailed Attack Pattern
Compromising Emanations Attack
-
(623)
Detailed Attack Pattern
Counterfeit Hardware Component Inserted During Product Assembly
-
(520)
Detailed Attack Pattern
Counterfeit Organizations
-
(544)
Detailed Attack Pattern
Counterfeit Websites
-
(543)
Detailed Attack Pattern
Creating a Rogue Certification Authority Certificate
-
(459)
Detailed Attack Pattern
Cross Site Identification
-
(467)
Detailed Attack Pattern
Cross Site Tracing
-
(107)
Detailed Attack Pattern
Cross-Domain Search Timing
-
(462)
Detailed Attack Pattern
Cross-Site Flashing
-
(178)
Detailed Attack Pattern
Cryptanalysis of Cellular Encryption
-
(608)
Detailed Attack Pattern
Data Injected During Configuration
-
(536)
Deprecated
DEPRECATED: DTD Injection in a SOAP Message
-
(254)
Deprecated
DEPRECATED: Leveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change application behavior
-
(211)
Deprecated
DEPRECATED: Lifting credential(s)/key material embedded in client distributions (thick or thin)
-
(205)
Deprecated
DEPRECATED: Malicious Logic Insertion via Inclusion of Counterfeit Hardware Components
-
(455)
Deprecated
DEPRECATED: Malware Propagation via Infected Peripheral Device
-
(451)
Deprecated
DEPRECATED: Malware Propagation via USB Stick
-
(449)
Deprecated
DEPRECATED: Modification of Existing Components with Counterfeit Hardware
-
(454)
Deprecated
DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update
-
(258)
Deprecated
DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution
-
(260)
Deprecated
DEPRECATED: XSS in IMG Tags
-
(91)
Deprecated
DEPRECATED: XSS through Log Files
-
(106)
Deprecated
DEPRECATED: XSS Using Flash
-
(246)
Detailed Attack Pattern
Detect Unpublicized Web Pages
-
(143)
Detailed Attack Pattern
Detect Unpublicized Web Services
-
(144)
Detailed Attack Pattern
Dictionary-based Password Attack
-
(16)
Detailed Attack Pattern
Directory Indexing
-
(127)
Detailed Attack Pattern
Disabling Network Hardware
-
(583)
Detailed Attack Pattern
DLL Search Order Hijacking
-
(471)
Detailed Attack Pattern
DNS Blocking
-
(589)
Detailed Attack Pattern
DNS Cache Poisoning
-
(142)
Detailed Attack Pattern
DNS Domain Seizure
-
(585)
Detailed Attack Pattern
DNS Spoofing
-
(598)
Detailed Attack Pattern
DNS Zone Transfers
-
(291)
Detailed Attack Pattern
Documentation Alteration to Cause Errors in System Design
-
(519)
Detailed Attack Pattern
Documentation Alteration to Circumvent Dial-down
-
(517)
Detailed Attack Pattern
Documentation Alteration to Produce Under-performing Systems
-
(518)
Detailed Attack Pattern
DOM-Based XSS
-
(588)
Detailed Attack Pattern
Double Encoding
-
(120)
Detailed Attack Pattern
DTD Injection
-
(228)
Detailed Attack Pattern
Dump Password Hashes
-
(566)
Detailed Attack Pattern
Electromagnetic Side-Channel Attack
-
(622)
Detailed Attack Pattern
Embedding NULL Bytes
-
(52)
Detailed Attack Pattern
Enumerate Mail Exchange (MX) Records
-
(290)
Detailed Attack Pattern
Evil Twin Wi-Fi Attack
-
(615)
Detailed Attack Pattern
Expanding Control over the Operating System from the Database
-
(470)
Detailed Attack Pattern
Exploiting Multiple Input Interpretation Layers
-
(43)
Detailed Attack Pattern
Explore for Predictable Temporary File Names
-
(149)
Detailed Attack Pattern
Filter Failure through Buffer Overflow
-
(24)
Detailed Attack Pattern
Flash File Overlay
-
(181)
Detailed Attack Pattern
Flash Memory Attacks
-
(458)
Detailed Attack Pattern
Flash Parameter Injection
-
(174)
Detailed Attack Pattern
Force the System to Reset Values
-
(166)
Detailed Attack Pattern
Forced Integer Overflow
-
(92)
Detailed Attack Pattern
Fuzzing and observing application log data/errors for application mapping
-
(215)
Detailed Attack Pattern
Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping
-
(214)
Detailed Attack Pattern
Fuzzing for garnering other adjacent user/sensitive data
-
(261)
Detailed Attack Pattern
Group Permission Footprinting
-
(576)
Detailed Attack Pattern
Hardware Component Substitution
-
(531)
Detailed Attack Pattern
Hardware Component Substitution During Baselining
-
(516)
Detailed Attack Pattern
Hardware Design Specifications Are Altered
-
(521)
Detailed Attack Pattern
Harvesting Usernames or UserIDs via Application API Event Monitoring
-
(383)
Detailed Attack Pattern
Homograph Attack via Homoglyphs
-
(632)
Detailed Attack Pattern
HTTP Parameter Pollution (HPP)
-
(460)
Detailed Attack Pattern
HTTP Request Smuggling
-
(33)
Detailed Attack Pattern
HTTP Response Smuggling
-
(273)
Detailed Attack Pattern
HTTP Response Splitting
-
(34)
Detailed Attack Pattern
HTTP Verb Tampering
-
(274)
Detailed Attack Pattern
ICMP Address Mask Request
-
(294)
Detailed Attack Pattern
ICMP Echo Request Ping
-
(285)
Detailed Attack Pattern
ICMP Error Message Echoing Integrity Probe
-
(330)
Detailed Attack Pattern
ICMP Error Message Quoting Probe
-
(329)
Detailed Attack Pattern
ICMP Information Request
-
(296)
Detailed Attack Pattern
ICMP IP 'ID' Field Error Message Probe
-
(332)
Detailed Attack Pattern
ICMP IP Total Length Field Probe
-
(331)
Detailed Attack Pattern
ICMP Timestamp Request
-
(295)
Detailed Attack Pattern
iFrame Overlay
-
(222)
Detailed Attack Pattern
Implementing a callback to system routine (old AWT Queue)
-
(235)
Detailed Attack Pattern
Infiltration of Hardware Development Environment
-
(537)
Detailed Attack Pattern
Infiltration of Software Development Environment
-
(511)
Detailed Attack Pattern
Influence Perception of Authority
-
(421)
Detailed Attack Pattern
Influence Perception of Commitment and Consistency
-
(422)
Detailed Attack Pattern
Influence Perception of Consensus or Social Proof
-
(424)
Detailed Attack Pattern
Influence Perception of Liking
-
(423)
Detailed Attack Pattern
Influence Perception of Reciprocation
-
(418)
Detailed Attack Pattern
Influence Perception of Scarcity
-
(420)
Detailed Attack Pattern
Influence via Modes of Thinking
-
(428)
Detailed Attack Pattern
Install New Service
-
(550)
Detailed Attack Pattern
Install Rootkit
-
(552)
Detailed Attack Pattern
IP 'ID' Echoed Byte-Order Probe
-
(318)
Detailed Attack Pattern
IP (DF) 'Don't Fragment Bit' Echoing Probe
-
(319)
Detailed Attack Pattern
IP Address Blocking
-
(590)
Detailed Attack Pattern
IP ID Sequencing Probe
-
(317)
Detailed Attack Pattern
JSON Hijacking (aka JavaScript Hijacking)
-
(111)
Detailed Attack Pattern
Leveraging Race Conditions via Symbolic Links
-
(27)
Detailed Attack Pattern
Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
-
(29)
Detailed Attack Pattern
Leveraging/Manipulating Configuration File Search Paths
-
(38)
Detailed Attack Pattern
Lifting Sensitive Data Embedded in Cache
-
(204)
Detailed Attack Pattern
Log Injection-Tampering-Forging
-
(93)
Detailed Attack Pattern
Malicious Automated Software Update
-
(187)
Detailed Attack Pattern
Malicious Gray Market Hardware
-
(535)
Detailed Attack Pattern
Malicious Logic Inserted Into Product Software by Authorized Developer
-
(443)
Detailed Attack Pattern
Malicious Logic Insertion into Product Software via Configuration Management Manipulation
-
(445)
Detailed Attack Pattern
Malicious Logic Insertion into Product Software via Inclusion of 3rd Party Component Dependency
-
(446)
Detailed Attack Pattern
Malicious Manual Software Update
-
(533)
Detailed Attack Pattern
Malware Infection into Product Software
-
(448)
Detailed Attack Pattern
Manipulating Hidden Fields
-
(162)
Detailed Attack Pattern
Manipulating Web Input to File System Calls
-
(76)
Detailed Attack Pattern
Manipulating Writeable Terminal Devices
-
(40)
Detailed Attack Pattern
MIME Conversion
-
(42)
Detailed Attack Pattern
Mobile Device Fault Injection
-
(625)
Detailed Attack Pattern
Mobile Phishing
-
(164)
Detailed Attack Pattern
Modification of Registry Run Keys
-
(270)
Detailed Attack Pattern
Modify Existing Service
-
(551)
Detailed Attack Pattern
Modify Shared File
-
(562)
Detailed Attack Pattern
Object Relational Mapping Injection
-
(109)
Detailed Attack Pattern
Open Source Libraries Altered
-
(538)
Detailed Attack Pattern
Orbital Jamming
-
(559)
Detailed Attack Pattern
Overflow Binary Resource File
-
(44)
Detailed Attack Pattern
Overflow Variables and Tags
-
(46)
Detailed Attack Pattern
Owner Footprinting
-
(577)
Detailed Attack Pattern
Padding Oracle Crypto Attack
-
(463)
Detailed Attack Pattern
Passing Local Filenames to Functions That Expect a URL
-
(48)
Detailed Attack Pattern
PHP Local File Inclusion
-
(252)
Detailed Attack Pattern
PHP Remote File Inclusion
-
(193)
Detailed Attack Pattern
Poison Web Service Registry
-
(51)
Detailed Attack Pattern
Postfix, Null Terminate, and Backslash
-
(53)
Detailed Attack Pattern
Pretexting via Customer Service
-
(412)
Detailed Attack Pattern
Pretexting via Delivery Person
-
(414)
Detailed Attack Pattern
Pretexting via Phone
-
(415)
Detailed Attack Pattern
Pretexting via Tech Support
-
(413)
Detailed Attack Pattern
Probe Application Memory
-
(546)
Detailed Attack Pattern
Probe iOS Screenshots
-
(498)
Detailed Attack Pattern
Process Footprinting
-
(573)
Detailed Attack Pattern
Provide Counterfeit Component
-
(530)
Detailed Attack Pattern
Read Sensitive Strings Within an Executable
-
(191)
Detailed Attack Pattern
Reflected XSS
-
(591)
Detailed Attack Pattern
Relative Path Traversal
-
(139)
Detailed Attack Pattern
Remote Services with Stolen Credentials
-
(555)
Detailed Attack Pattern
Removal of filters: Input filters, output filters, data masking
-
(200)
Detailed Attack Pattern
Removing/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements
-
(208)
Detailed Attack Pattern
Replace File Extension Handlers
-
(556)
Detailed Attack Pattern
Replace Trusted Executable
-
(558)
Detailed Attack Pattern
Replace Winlogon Helper DLL
-
(579)
Detailed Attack Pattern
Restful Privilege Elevation
-
(58)
Detailed Attack Pattern
Retrieve Embedded Sensitive Data
-
(37)
Detailed Attack Pattern
Reusing Session IDs (aka Session Replay)
-
(60)
Detailed Attack Pattern
Reverse Engineer an Executable to Expose Assumed Hidden Functionality or Content
-
(190)
Detailed Attack Pattern
Rooting SIM Cards
-
(614)
Detailed Attack Pattern
Run Software at Logon
-
(564)
Detailed Attack Pattern
Scanning for Vulnerable Software
-
(310)
Detailed Attack Pattern
Schedule Software To Run
-
(557)
Detailed Attack Pattern
Scheme Squatting
-
(505)
Detailed Attack Pattern
Screen Temporary Files for Sensitive Information
-
(155)
Detailed Attack Pattern
Security Software Footprinting
-
(581)
Detailed Attack Pattern
Server Side Include (SSI) Injection
-
(101)
Detailed Attack Pattern
Services Footprinting
-
(574)
Detailed Attack Pattern
Session Credential Falsification through Manipulation
-
(226)
Detailed Attack Pattern
Session Credential Falsification through Prediction
-
(59)
Detailed Attack Pattern
Session Fixation
-
(61)
Detailed Attack Pattern
Session Sidejacking
-
(102)
Detailed Attack Pattern
Signal Strength Tracking
-
(619)
Detailed Attack Pattern
Signature Spoofing by Improper Validation
-
(475)
Detailed Attack Pattern
Signature Spoofing by Key Recreation
-
(485)
Detailed Attack Pattern
Signature Spoofing by Key Theft
-
(474)
Detailed Attack Pattern
Signature Spoofing by Misrepresentation
-
(476)
Detailed Attack Pattern
Signature Spoofing by Mixing Signed and Unsigned Content
-
(477)
Detailed Attack Pattern
Signature-Based Avoidance
-
(570)
Detailed Attack Pattern
Smudge Attack
-
(626)
Detailed Attack Pattern
Sniff Application Code
-
(65)
Detailed Attack Pattern
Sniffing Network Traffic
-
(158)
Detailed Attack Pattern
SOAP Array Overflow
-
(256)
Detailed Attack Pattern
SOAP Parameter Tampering
-
(280)
Detailed Attack Pattern
SoundSquatting
-
(631)
Detailed Attack Pattern
Spear Phishing
-
(163)
Detailed Attack Pattern
Spoofing of UDDI/ebXML Messages
-
(218)
Detailed Attack Pattern
SQL Injection through SOAP Parameter Tampering
-
(110)
Detailed Attack Pattern
Stored XSS
-
(592)
Detailed Attack Pattern
String Format Overflow in syslog()
-
(67)
Detailed Attack Pattern
Subversion of authorization checks: cache filtering, programmatic security, etc.
-
(239)
Detailed Attack Pattern
Subverting Environment Variable Values
-
(13)
Detailed Attack Pattern
Symlink Attack
-
(132)
Detailed Attack Pattern
Task Impersonation
-
(504)
Detailed Attack Pattern
TCP 'RST' Flag Checksum Probe
-
(328)
Detailed Attack Pattern
TCP (ISN) Counter Rate Probe
-
(323)
Detailed Attack Pattern
TCP (ISN) Greatest Common Divisor Probe
-
(322)
Detailed Attack Pattern
TCP (ISN) Sequence Predictability Probe
-
(324)
Detailed Attack Pattern
TCP ACK Ping
-
(297)
Detailed Attack Pattern
TCP ACK Scan
-
(305)
Detailed Attack Pattern
TCP Congestion Control Flag (ECN) Probe
-
(325)
Detailed Attack Pattern
TCP Connect Scan
-
(301)
Detailed Attack Pattern
TCP FIN scan
-
(302)
Detailed Attack Pattern
TCP Initial Window Size Probe
-
(326)
Detailed Attack Pattern
TCP Null Scan
-
(304)
Detailed Attack Pattern
TCP Options Probe
-
(327)
Detailed Attack Pattern
TCP RPC Scan
-
(307)
Detailed Attack Pattern
TCP RST Injection
-
(596)
Detailed Attack Pattern
TCP Sequence Number Probe
-
(321)
Detailed Attack Pattern
TCP SYN Ping
-
(299)
Detailed Attack Pattern
TCP SYN Scan
-
(287)
Detailed Attack Pattern
TCP Timestamp Probe
-
(320)
Detailed Attack Pattern
TCP Window Scan
-
(306)
Detailed Attack Pattern
TCP Xmas Scan
-
(303)
Detailed Attack Pattern
Terrestrial Jamming
-
(599)
Detailed Attack Pattern
Traceroute Route Enumeration
-
(293)
Detailed Attack Pattern
Transparent Proxy Abuse
-
(465)
Detailed Attack Pattern
Try Common or Default Usernames and Passwords
-
(70)
Detailed Attack Pattern
TypoSquatting
-
(630)
Detailed Attack Pattern
UDP Ping
-
(298)
Detailed Attack Pattern
UDP Scan
-
(308)
Detailed Attack Pattern
Unauthorized Use of Device Resources
-
(629)
Detailed Attack Pattern
URL Encoding
-
(72)
Detailed Attack Pattern
USB Memory Attacks
-
(457)
Detailed Attack Pattern
User-Controlled Filename
-
(73)
Detailed Attack Pattern
Using Alternative IP Address Encodings
-
(4)
Detailed Attack Pattern
Using Escaped Slashes in Alternate Encoding
-
(78)
Detailed Attack Pattern
Using Leading 'Ghost' Character Sequences to Bypass Input Filters
-
(3)
Detailed Attack Pattern
Using Meta-characters in E-mail Headers to Inject Malicious Payloads
-
(41)
Detailed Attack Pattern
Using Slashes and URL Encoding Combined to Bypass Validation Logic
-
(64)
Detailed Attack Pattern
Using Slashes in Alternate Encoding
-
(79)
Detailed Attack Pattern
Using Unicode Encoding to Bypass Validation Logic
-
(71)
Detailed Attack Pattern
Using URL/codebase / G.A.C. (code source) to convince sandbox of privilege
-
(238)
Detailed Attack Pattern
Using UTF-8 Encoding to Bypass Validation Logic
-
(80)
Detailed Attack Pattern
Utilizing REST's Trust in the System Resource to Register Man in the Middle
-
(57)
Detailed Attack Pattern
Weakening of Cellular Encryption
-
(606)
Detailed Attack Pattern
Web Application Fingerprinting
-
(170)
Detailed Attack Pattern
Web Logs Tampering
-
(81)
Detailed Attack Pattern
WebView Injection
-
(500)
Detailed Attack Pattern
Wi-Fi Jamming
-
(604)
Detailed Attack Pattern
WiFi MAC Address Tracking
-
(612)
Detailed Attack Pattern
WiFi SSID Tracking
-
(613)
Detailed Attack Pattern
Windows Admin Shares with Stolen Credentials
-
(561)
Detailed Attack Pattern
WSDL Scanning
-
(95)
Detailed Attack Pattern
XML Attribute Blowup
-
(229)
Detailed Attack Pattern
XML Entity Blowup
-
(201)
Detailed Attack Pattern
XML Entity Expansion
-
(197)
Detailed Attack Pattern
XML Ping of the Death
-
(147)
Detailed Attack Pattern
XML Quadratic Expansion
-
(491)
Detailed Attack Pattern
XML Schema Poisoning
-
(146)
Detailed Attack Pattern
XPath Injection
-
(83)
Detailed Attack Pattern
XQuery Injection
-
(84)
Detailed Attack Pattern
XSS Targeting Error Pages
-
(198)
Detailed Attack Pattern
XSS Targeting Non-Script Elements
-
(18)
Detailed Attack Pattern
XSS Targeting URI Placeholders
-
(244)
Detailed Attack Pattern
XSS Targetting HTML Attributes
-
(243)
Detailed Attack Pattern
XSS Through HTTP Headers
-
(86)
Detailed Attack Pattern
XSS Through HTTP Query Strings
-
(32)
Detailed Attack Pattern
XSS Using Alternate Syntax
-
(199)
Detailed Attack Pattern
XSS Using Doubled Characters
-
(245)
Detailed Attack Pattern
XSS Using Invalid Characters
-
(247)
Detailed Attack Pattern
XSS Using MIME Type Mismatch
-
(209)