CAPEC - VIEW SLICE: CAPEC-284: Detailed Abstractions(Version 3.9)


Common Attack Pattern Enumeration and Classification A Community Resource for Identifying and Understanding Attacks

Home > CAPEC List > VIEW SLICE: CAPEC-284: Detailed Abstractions(Version 3.9)

CAPEC VIEW: Detailed Abstractions

View ID: 284

Structure: Implicit

Downloads: Booklet | CSV | XML

Objective

This view (slice) covers detailed abstraction attack patterns.

Filter

/Attack_Pattern_Catalog/Attack_Patterns/Attack_Pattern[@Abstraction='Detailed']

Membership

Nature	Type	ID	Name
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	3	Using Leading 'Ghost' Character Sequences to Bypass Input Filters
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	4	Using Alternative IP Address Encodings
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	5	Blue Boxing
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	7	Blind SQL Injection
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	8	Buffer Overflow in an API Call
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	9	Buffer Overflow in Local Command-Line Utilities
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	10	Buffer Overflow via Environment Variables
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	11	Cause Web Server Misclassification
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	13	Subverting Environment Variable Values
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	14	Client-side Injection-induced Buffer Overflow
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	16	Dictionary-based Password Attack
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	18	XSS Targeting Non-Script Elements
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	24	Filter Failure through Buffer Overflow
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	27	Leveraging Race Conditions via Symbolic Links
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	31	Accessing/Intercepting/Modifying HTTP Cookies
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	32	XSS Through HTTP Query Strings
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	33	HTTP Request Smuggling
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	34	HTTP Response Splitting
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	35	Leverage Executable Code in Non-Executable Files
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	37	Retrieve Embedded Sensitive Data
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	38	Leveraging/Manipulating Configuration File Search Paths
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	41	Using Meta-characters in E-mail Headers to Inject Malicious Payloads
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	42	MIME Conversion
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	43	Exploiting Multiple Input Interpretation Layers
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	44	Overflow Binary Resource File
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	45	Buffer Overflow via Symbolic Links
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	46	Overflow Variables and Tags
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	47	Buffer Overflow via Parameter Expansion
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	51	Poison Web Service Registry
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	52	Embedding NULL Bytes
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	53	Postfix, Null Terminate, and Backslash
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	55	Rainbow Table Password Cracking
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	57	Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	58	Restful Privilege Elevation
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	59	Session Credential Falsification through Prediction
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	60	Reusing Session IDs (aka Session Replay)
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	61	Session Fixation
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	64	Using Slashes and URL Encoding Combined to Bypass Validation Logic
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	65	Sniff Application Code
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	67	String Format Overflow in syslog()
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	70	Try Common or Default Usernames and Passwords
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	71	Using Unicode Encoding to Bypass Validation Logic
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	72	URL Encoding
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	76	Manipulating Web Input to File System Calls
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	78	Using Escaped Slashes in Alternate Encoding
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	79	Using Slashes in Alternate Encoding
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	80	Using UTF-8 Encoding to Bypass Validation Logic
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	81	Web Server Logs Tampering
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	83	XPath Injection
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	84	XQuery Injection
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	85	AJAX Footprinting
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	86	XSS Through HTTP Headers
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	92	Forced Integer Overflow
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	93	Log Injection-Tampering-Forging
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	95	WSDL Scanning
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	96	Block Access to Libraries
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	101	Server Side Include (SSI) Injection
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	102	Session Sidejacking
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	105	HTTP Request Splitting
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	107	Cross Site Tracing
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	108	Command Line Execution through SQL Injection
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	109	Object Relational Mapping Injection
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	110	SQL Injection through SOAP Parameter Tampering
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	120	Double Encoding
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	127	Directory Indexing
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	132	Symlink Attack
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	139	Relative Path Traversal
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	142	DNS Cache Poisoning
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	143	Detect Unpublicized Web Pages
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	144	Detect Unpublicized Web Services
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	145	Checksum Spoofing
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	146	XML Schema Poisoning
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	147	XML Ping of the Death
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	149	Explore for Predictable Temporary File Names
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	155	Screen Temporary Files for Sensitive Information
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	158	Sniffing Network Traffic
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	162	Manipulating Hidden Fields
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	163	Spear Phishing
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	164	Mobile Phishing
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	168	Windows ::DATA Alternate Data Stream
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	170	Web Application Fingerprinting
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	174	Flash Parameter Injection
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	177	Create files with the same name as files protected with a higher classification
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	178	Cross-Site Flashing
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	181	Flash File Overlay
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	187	Malicious Automated Software Update via Redirection
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	190	Reverse Engineer an Executable to Expose Assumed Hidden Functionality
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	191	Read Sensitive Constants Within an Executable
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	193	PHP Remote File Inclusion
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	197	Exponential Data Expansion
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	198	XSS Targeting Error Pages
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	199	XSS Using Alternate Syntax
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	200	Removal of filters: Input filters, output filters, data masking
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	201	Serialized Data External Linking
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	204	Lifting Sensitive Data Embedded in Cache
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	206	Signing Malicious Code
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	208	Removing/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	209	XSS Using MIME Type Mismatch
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	215	Fuzzing for application mapping
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	218	Spoofing of UDDI/ebXML Messages
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	221	Data Serialization External Entities Blowup
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	222	iFrame Overlay
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	226	Session Credential Falsification through Manipulation
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	228	DTD Injection
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	229	Serialized Data Parameter Blowup
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	237	Escaping a Sandbox by Calling Code in Another Language
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	243	XSS Targeting HTML Attributes
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	244	XSS Targeting URI Placeholders
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	245	XSS Using Doubled Characters
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	247	XSS Using Invalid Characters
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	252	PHP Local File Inclusion
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	256	SOAP Array Overflow
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	261	Fuzzing for garnering other adjacent user/sensitive data
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	263	Force Use of Corrupted Files
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	270	Modification of Registry Run Keys
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	273	HTTP Response Smuggling
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	274	HTTP Verb Tampering
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	275	DNS Rebinding
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	279	SOAP Manipulation
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	285	ICMP Echo Request Ping
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	287	TCP SYN Scan
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	290	Enumerate Mail Exchange (MX) Records
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	291	DNS Zone Transfers
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	293	Traceroute Route Enumeration
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	294	ICMP Address Mask Request
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	295	Timestamp Request
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	296	ICMP Information Request
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	297	TCP ACK Ping
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	298	UDP Ping
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	299	TCP SYN Ping
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	301	TCP Connect Scan
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	302	TCP FIN Scan
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	303	TCP Xmas Scan
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	304	TCP Null Scan
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	305	TCP ACK Scan
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	306	TCP Window Scan
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	307	TCP RPC Scan
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	308	UDP Scan
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	310	Scanning for Vulnerable Software
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	317	IP ID Sequencing Probe
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	318	IP 'ID' Echoed Byte-Order Probe
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	319	IP (DF) 'Don't Fragment Bit' Echoing Probe
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	320	TCP Timestamp Probe
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	321	TCP Sequence Number Probe
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	322	TCP (ISN) Greatest Common Divisor Probe
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	323	TCP (ISN) Counter Rate Probe
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	324	TCP (ISN) Sequence Predictability Probe
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	325	TCP Congestion Control Flag (ECN) Probe
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	326	TCP Initial Window Size Probe
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	327	TCP Options Probe
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	328	TCP 'RST' Flag Checksum Probe
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	329	ICMP Error Message Quoting Probe
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	330	ICMP Error Message Echoing Integrity Probe
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	331	ICMP IP Total Length Field Probe
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	332	ICMP IP 'ID' Field Error Message Probe
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	383	Harvesting Information via API Event Monitoring
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	385	Transaction or Event Tampering via Application API Manipulation
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	387	Navigation Remapping To Propagate Malicious Content
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	388	Application API Button Hijacking
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	389	Content Spoofing Via Application API Manipulation
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	392	Lock Bumping
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	393	Lock Picking
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	394	Using a Snap Gun Lock to Force a Lock
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	397	Cloning Magnetic Strip Cards
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	398	Magnetic Strip Card Brute Force Attacks
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	399	Cloning RFID Cards or Chips
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	400	RFID Chip Deactivation or Destruction
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	402	Bypassing ATA Password Security
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	406	Dumpster Diving
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	412	Pretexting via Customer Service
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	413	Pretexting via Tech Support
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	414	Pretexting via Delivery Person
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	415	Pretexting via Phone
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	418	Influence Perception of Reciprocation
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	420	Influence Perception of Scarcity
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	421	Influence Perception of Authority
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	422	Influence Perception of Commitment and Consistency
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	423	Influence Perception of Liking
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	424	Influence Perception of Consensus or Social Proof
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	428	Influence via Modes of Thinking
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	429	Target Influence via Eye Cues
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	433	Target Influence via The Human Buffer Overflow
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	434	Target Influence via Interview and Interrogation
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	435	Target Influence via Instant Rapport
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	443	Malicious Logic Inserted Into Product by Authorized Developer
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	445	Malicious Logic Insertion into Product Software via Configuration Management Manipulation
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	446	Malicious Logic Insertion into Product via Inclusion of Third-Party Component
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	448	Embed Virus into DLL
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	457	USB Memory Attacks
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	458	Flash Memory Attacks
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	459	Creating a Rogue Certification Authority Certificate
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	460	HTTP Parameter Pollution (HPP)
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	462	Cross-Domain Search Timing
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	463	Padding Oracle Crypto Attack
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	467	Cross Site Identification
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	470	Expanding Control over the Operating System from the Database
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	471	Search Order Hijacking
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	472	Browser Fingerprinting
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	474	Signature Spoofing by Key Theft
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	475	Signature Spoofing by Improper Validation
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	476	Signature Spoofing by Misrepresentation
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	477	Signature Spoofing by Mixing Signed and Unsigned Content
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	478	Modification of Windows Service Configuration
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	479	Malicious Root Certificate
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	485	Signature Spoofing by Key Recreation
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	491	Quadratic Data Expansion
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	498	Probe iOS Screenshots
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	500	WebView Injection
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	501	Android Activity Hijack
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	505	Scheme Squatting
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	508	Shoulder Surfing
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	509	Kerberoasting
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	511	Infiltration of Software Development Environment
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	516	Hardware Component Substitution During Baselining
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	517	Documentation Alteration to Circumvent Dial-down
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	518	Documentation Alteration to Produce Under-performing Systems
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	519	Documentation Alteration to Cause Errors in System Design
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	520	Counterfeit Hardware Component Inserted During Product Assembly
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	521	Hardware Design Specifications Are Altered
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	530	Provide Counterfeit Component
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	531	Hardware Component Substitution
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	532	Altered Installed BIOS
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	533	Malicious Manual Software Update
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	535	Malicious Gray Market Hardware
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	537	Infiltration of Hardware Development Environment
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	538	Open-Source Library Manipulation
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	539	ASIC With Malicious Functionality
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	543	Counterfeit Websites
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	544	Counterfeit Organizations
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	546	Incomplete Data Deletion in a Multi-Tenant Environment
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	550	Install New Service
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	551	Modify Existing Service
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	552	Install Rootkit
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	556	Replace File Extension Handlers
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	558	Replace Trusted Executable
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	559	Orbital Jamming
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	561	Windows Admin Shares with Stolen Credentials
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	562	Modify Shared File
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	563	Add Malicious File to Shared Webroot
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	564	Run Software at Logon
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	565	Password Spraying
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	568	Capture Credentials via Keylogger
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	579	Replace Winlogon Helper DLL
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	581	Security Software Footprinting
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	583	Disabling Network Hardware
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	584	BGP Route Disabling
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	585	DNS Domain Seizure
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	587	Cross Frame Scripting (XFS)
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	588	DOM-Based XSS
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	589	DNS Blocking
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	590	IP Address Blocking
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	591	Reflected XSS
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	592	Stored XSS
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	596	TCP RST Injection
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	597	Absolute Path Traversal
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	598	DNS Spoofing
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	599	Terrestrial Jamming
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	604	Wi-Fi Jamming
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	605	Cellular Jamming
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	606	Weakening of Cellular Encryption
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	608	Cryptanalysis of Cellular Encryption
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	609	Cellular Traffic Intercept
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	611	BitSquatting
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	612	WiFi MAC Address Tracking
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	613	WiFi SSID Tracking
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	614	Rooting SIM Cards
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	615	Evil Twin Wi-Fi Attack
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	617	Cellular Rogue Base Station
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	618	Cellular Broadcast Message Request
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	619	Signal Strength Tracking
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	621	Analysis of Packet Timing and Sizes
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	622	Electromagnetic Side-Channel Attack
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	623	Compromising Emanations Attack
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	626	Smudge Attack
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	628	Carry-Off GPS Attack
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	630	TypoSquatting
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	631	SoundSquatting
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	632	Homograph Attack via Homoglyphs
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	633	Token Impersonation
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	634	Probe Audio and Video Peripherals
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	637	Collect Data from Clipboard
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	638	Altered Component Firmware
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	639	Probe System Files
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	640	Inclusion of Code in Existing Process
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	641	DLL Side-Loading
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	642	Replace Binaries
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	643	Identify Shared Files/Directories on System
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	644	Use of Captured Hashes (Pass The Hash)
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	645	Use of Captured Tickets (Pass The Ticket)
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	647	Collect Data from Registries
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	648	Collect Data from Screen Capture
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	649	Adding a Space to a File Extension
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	650	Upload a Web Shell to a Web Server
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	654	Credential Prompt Impersonation
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	655	Avoid Security Tool Identification by Adding Data
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	656	Voice Phishing
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	657	Malicious Automated Software Update via Spoofing
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	660	Root/Jailbreak Detection Evasion via Hooking
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	661	Root/Jailbreak Detection Evasion via Debugging
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	665	Exploitation of Thunderbolt Protection Flaws
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	667	Bluetooth Impersonation AttackS (BIAS)
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	670	Software Development Tools Maliciously Altered
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	671	Requirements for ASIC Functionality Maliciously Altered
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	672	Malicious Code Implanted During Chip Programming
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	673	Developer Signing Maliciously Altered Software
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	674	Design for FPGA Maliciously Altered
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	677	Server Motherboard Compromise
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	678	System Build Data Maliciously Altered
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	679	Exploitation of Improperly Configured or Implemented Memory Protections
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	680	Exploitation of Improperly Controlled Registers
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	681	Exploitation of Improperly Controlled Hardware Security Identifiers
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	692	Spoof Version Control System Commit Metadata
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	693	StarJacking
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	695	Repo Jacking
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	696	Load Value Injection
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	698	Install Malicious Extension
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	702	Exploiting Incorrect Chaining or Granularity of Hardware Debug Components

View Metrics

	CAPECs in this view		Total CAPECs
Attack Patterns	317	out of	559
Categories	0	out of	21
Views	0	out of	13
Total	317	out of	593

Content History

Submissions
Submission Date	Submitter	Organization
2014-06-23 (Version 2.6)	CAPEC Content Team	The MITRE Corporation
2014-06-23 (Version 2.6)

View Components

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

CAPEC-597: Absolute Path Traversal

Attack Pattern ID: 597

Abstraction: Detailed

View customized information:

Description

An adversary with access to file system resources, either directly or via application logic, will use various file absolute paths and navigation mechanisms such as ".." to extend their range of access to inappropriate areas of the file system. The goal of the adversary is to access directories and files that are intended to be restricted from their access.

Relationships

This table shows the other attack patterns and high level categories that are related to this attack pattern. These relationships are defined as ChildOf and ParentOf, and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as CanFollow, PeerOf, and CanAlsoBe are defined to show similar attack patterns that the user may want to explore.

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	126	Path Traversal

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Software
Mechanisms of Attack	Manipulate Data Structures

Execution Flow

Explore

Fingerprinting of the operating system: In order to perform a valid path traversal, the adversary needs to know what the underlying OS is so that the proper file seperator is used.

Techniques
Port mapping. Identify ports that the system is listening on, and attempt to identify inputs and protocol types on those ports.
TCP/IP Fingerprinting. The adversary uses various software to make connections or partial connections and observe idiosyncratic responses from the operating system. Using those responses, they attempt to guess the actual operating system.
Induce errors to find informative error messages

Survey application: Using manual or automated means, an adversary will survey the target application looking for all areas where user input is taken to specify a file name or path.

Techniques
Use a spidering tool to follow and record all links on a web page. Make special note of any links that include parameters in the URL.
Use a proxy tool to record all links visited during a manual traversal of a web application. Make special note of any links that include parameters in the URL. Manual traversal of this type is frequently necessary to identify forms that are GET method forms rather than POST forms.
Use a browser to manually explore a website and analyze how it is constructed. Many browser's plug-in are available to facilitate the analysis or automate the URL discovery.

Experiment

Attempt variations on input parameters: Using manual or automated means, an adversary attempts varying absolute file paths on all found user input locations and observes the responses.

Techniques
Access common files in root directories such as "/bin", "/boot", "/lib", or "/home"
Access a specific drive letter or windows volume letter by specifying "C:dirname" for example
Access a known Windows UNC share by specifying "\\UNC\share\name" for example

Exploit

Access, modify, or execute arbitrary files.: An adversary injects absolute path traversal syntax into identified vulnerable inputs to cause inappropriate reading, writing or execution of files. An adversary could be able to read directories or files which they are normally not allowed to read. The adversary could also access data outside the web document root, or include scripts, source code and other kinds of files from external websites. Once the adversary accesses arbitrary files, they could also modify files. In particular situations, the adversary could also execute arbitrary code or system commands.
Techniques
Manipulate file and its path by injecting absolute path sequences (e.g. "/home/file.txt").
Download files, modify files, or try to execute shell commands (with binary files).

Prerequisites

The target must leverage and access an underlying file system.

Skills Required

[Level: Low]

Simple command line attacks.

[Level: Medium]

Programming attacks.

Resources Required

The attacker must have access to an application interface or a direct shell that allows them to inject directory strings and monitor the results.

Consequences

This table specifies different individual consequences associated with the attack pattern. The Scope identifies the security property that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in their attack. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a pattern will be used to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.

Scope	Impact	Likelihood
Integrity Confidentiality Availability	Execute Unauthorized Commands
Integrity	Modify Data
Confidentiality	Read Data
Availability	Unreliable Execution

Mitigations

Design: Configure the access control correctly.

Design: Enforce principle of least privilege.

Design: Execute programs with constrained privileges, so parent process does not open up further vulnerabilities. Ensure that all directories, temporary directories and files, and memory are executing with limited privileges to protect against remote execution.

Design: Input validation. Assume that user inputs are malicious. Utilize strict type, character, and encoding enforcement.

Design: Proxy communication to host, so that communications are terminated at the proxy, sanitizing the requests before forwarding to server host.

Design: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands.

Implementation: Host integrity monitoring for critical files, directories, and processes. The goal of host integrity monitoring is to be aware when a security issue has occurred so that incident response and other forensic activities can begin.

Implementation: Perform input validation for all remote content, including remote and user-generated content.

Implementation: Perform testing such as pen-testing and vulnerability scanning to identify directories, programs, and interfaces that grant direct access to executables.

Implementation: Use indirect references rather than actual file names.

Implementation: Use possible permissions on file access when developing and deploying web applications.

Implementation: Validate user input by only accepting known good. Ensure all content that is delivered to client is sanitized against an acceptable content specification using an allowlist approach.

Related Weaknesses

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful. If multiple weaknesses are associated with the attack pattern, then any of the weaknesses (but not necessarily all) may be present for the attack to be successful. Each related weakness is identified by a CWE identifier.

CWE-ID	Weakness Name
36	Absolute Path Traversal

Content History

Submissions
Submission Date	Submitter	Organization
2017-01-06 (Version 2.8)	CAPEC Content Team	The MITRE Corporation
2017-01-06 (Version 2.8)
Modifications
Modification Date	Modifier	Organization
2020-07-30 (Version 3.3)	CAPEC Content Team	The MITRE Corporation
2020-07-30 (Version 3.3)	Updated Mitigations
2021-10-21 (Version 3.6)	CAPEC Content Team	The MITRE Corporation
2021-10-21 (Version 3.6)	Updated Execution_Flow

CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies

Attack Pattern ID: 31

Abstraction: Detailed

View customized information:

Description

This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. There are several different forms of this attack. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the adversary to impersonate the remote user/session. The third form is when the cookie's content is modified by the adversary before it is sent back to the server. Here the adversary seeks to convince the target server to operate on this falsified information.

Likelihood Of Attack

High

Typical Severity

High

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	39	Manipulating Opaque Client-based Data Tokens
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	157	Sniffing Attacks

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Communications
Mechanisms of Attack	Collect and Analyze Information, Subvert Access Control

Execution Flow

Explore

Obtain copy of cookie: The adversary first needs to obtain a copy of the cookie. The adversary may be a legitimate end user wanting to escalate privilege, or could be somebody sniffing on a network to get a copy of HTTP cookies.

Techniques
Sniff cookie using a network sniffer such as Wireshark
Obtain cookie using a utility such as the Firefox Cookie Manager, Chrome DevTools or AnEC Cookie Editor.
Steal cookie via a cross-site scripting attack.
Guess cookie contents if it contains predictable information.

Experiment

Obtain sensitive information from cookie: The adversary may be able to get sensitive information from the cookie. The web application developers may have assumed that cookies are not accessible by end users, and thus, may have put potentially sensitive information in them.
Techniques
If cookie shows any signs of being encoded using a standard scheme such as base64, decode it.
Analyze the cookie's contents to determine whether it contains any sensitive information.

Modify cookie to subvert security controls.: The adversary may be able to modify or replace cookies to bypass security controls in the application.

Techniques
Modify logical parts of cookie and send it back to server to observe the effects.
Modify numeric parts of cookie arithmetically and send it back to server to observe the effects.
Modify cookie bitwise and send it back to server to observe the effects.
Replace cookie with an older legitimate cookie and send it back to server to observe the effects. This technique would be helpful in cases where the cookie contains a "points balance" for a given user where the points have some value. The user may spend their points and then replace their cookie with an older one to restore their balance.

Prerequisites

Target server software must be a HTTP daemon that relies on cookies.

The cookies must contain sensitive information.

The adversary must be able to make HTTP requests to the server, and the cookie must be contained in the reply.

Skills Required

[Level: Low]

To overwrite session cookie data, and submit targeted attacks via HTTP

[Level: High]

Exploiting a remote buffer overflow generated by attack

Resources Required

A utility that allows for the viewing and modification of cookies. Many modern web browsers support this behavior.

Consequences

Scope	Impact	Likelihood
Confidentiality	Read Data
Integrity	Modify Data
Confidentiality Access Control Authorization	Gain Privileges

Mitigations

Design: Use input validation for cookies

Design: Generate and validate MAC for cookies

Implementation: Use SSL/TLS to protect cookie in transit

Implementation: Ensure the web server implements all relevant security patches, many exploitable buffer overflows are fixed in patches issued for the software.

Example Instances

There are two main attack vectors for exploiting poorly protected session variables like cookies. One is the local machine itself which can be exploited directly at the physical level or indirectly through XSS and phishing. In addition, the adversary in the middle attack (CAPEC-94) relies on a network sniffer, proxy, or other intermediary to intercept the subject's credentials and use them to impersonate the digital subject on the host. The issue is that once the credentials are intercepted, impersonation is trivial for the adversary to accomplish if no other protection mechanisms are in place. See also: CVE-2010-5148 , CVE-2016-0353

Related Weaknesses

CWE-ID	Weakness Name
565	Reliance on Cookies without Validation and Integrity Checking
302	Authentication Bypass by Assumed-Immutable Data
311	Missing Encryption of Sensitive Data
113	Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
539	Use of Persistent Cookies Containing Sensitive Information
20	Improper Input Validation
315	Cleartext Storage of Sensitive Information in a Cookie
384	Session Fixation
472	External Control of Assumed-Immutable Web Parameter
602	Client-Side Enforcement of Server-Side Security
642	External Control of Critical State Data

Taxonomy Mappings

CAPEC mappings to ATT&CK techniques leverage an inheritance model to streamline and minimize direct CAPEC/ATT&CK mappings. Inheritance of a mapping is indicated by text stating that the parent CAPEC has relevant ATT&CK mappings. Note that the ATT&CK Enterprise Framework does not use an inheritance model as part of the mapping to CAPEC.

Relevant to the ATT&CK taxonomy mapping

Entry ID	Entry Name
1539	Steal Web Session Cookie

References

[REF-1] G. Hoglund and G. McGraw. "Exploiting Software: How to Break Code". Addison-Wesley. 2004-02.

Content History

Submissions
Submission Date	Submitter	Organization
2014-06-23 (Version 2.6)	CAPEC Content Team	The MITRE Corporation
2014-06-23 (Version 2.6)
Modifications
Modification Date	Modifier	Organization
2017-01-09 (Version 2.9)	CAPEC Content Team	The MITRE Corporation
2017-01-09 (Version 2.9)	Updated Related_Attack_Patterns
2017-08-04 (Version 2.11)	CAPEC Content Team	The MITRE Corporation
2017-08-04 (Version 2.11)	Updated Attack_Phases, Attack_Prerequisites, Description Summary, Examples-Instances, Payload_Activation_Impact, Resources_Required
2019-09-30 (Version 3.2)	CAPEC Content Team	The MITRE Corporation
2019-09-30 (Version 3.2)	Updated Related_Attack_Patterns
2020-07-30 (Version 3.3)	CAPEC Content Team	The MITRE Corporation
2020-07-30 (Version 3.3)	Updated Execution_Flow, Related_Attack_Patterns
2020-12-17 (Version 3.4)	CAPEC Content Team	The MITRE Corporation
2020-12-17 (Version 3.4)	Updated Execution_Flow, Related_Attack_Patterns
2021-06-24 (Version 3.5)	CAPEC Content Team	The MITRE Corporation
2021-06-24 (Version 3.5)	Updated Example_Instances, Related_Weaknesses
2022-09-29 (Version 3.8)	CAPEC Content Team	The MITRE Corporation
2022-09-29 (Version 3.8)	Updated Taxonomy_Mappings

CAPEC-563: Add Malicious File to Shared Webroot

Attack Pattern ID: 563

Abstraction: Detailed

View customized information:

Description

An adversaries may add malicious content to a website through the open file share and then browse to that content with a web browser to cause the server to execute the content. The malicious content will typically run under the context and permissions of the web server process, often resulting in local system or administrative privileges depending on how the web server is configured.

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	17	Using Malicious Files

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Software
Mechanisms of Attack	Subvert Access Control

Mitigations

Ensure proper permissions on directories that are accessible through a web server. Disallow remote access to the web root. Disable execution on directories within the web root. Ensure that permissions of the web server process are only what is required by not using built-in accounts and instead create specific accounts to limit unnecessary access or permissions overlap across multiple systems.

Related Weaknesses

CWE-ID	Weakness Name
284	Improper Access Control

Taxonomy Mappings

Relevant to the ATT&CK taxonomy mapping (see parent )

Content History

Submissions
Submission Date	Submitter	Organization
2015-11-09 (Version 2.7)	CAPEC Content Team	The MITRE Corporation
2015-11-09 (Version 2.7)
Modifications
Modification Date	Modifier	Organization
2019-04-04 (Version 3.1)	CAPEC Content Team	The MITRE Corporation
2019-04-04 (Version 3.1)	Updated Related_Weaknesses
2020-07-30 (Version 3.3)	CAPEC Content Team	The MITRE Corporation
2020-07-30 (Version 3.3)	Updated Taxonomy_Mappings

CAPEC-649: Adding a Space to a File Extension

Attack Pattern ID: 649

Abstraction: Detailed

View customized information:

Description

An adversary adds a space character to the end of a file extension and takes advantage of an application that does not properly neutralize trailing special elements in file names. This extra space, which can be difficult for a user to notice, affects which default application is used to operate on the file and can be leveraged by the adversary to control execution.

Likelihood Of Attack

Low

Typical Severity

Medium

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	635	Alternative Execution Due to Deceptive Filenames

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Software
Mechanisms of Attack	Manipulate System Resources

Prerequisites

The use of the file must be controlled by the file extension.

Consequences

Scope	Impact	Likelihood
Confidentiality Integrity Availability	Execute Unauthorized Commands

Mitigations

File extensions should be checked to see if non-visible characters are being included.

Related Weaknesses

CWE-ID	Weakness Name
46	Path Equivalence: 'filename ' (Trailing Space)

Taxonomy Mappings

Relevant to the ATT&CK taxonomy mapping (also see parent)

Entry ID	Entry Name
1036.006	Masquerading:Space after Filename

Content History

Submissions
Submission Date	Submitter	Organization
2018-05-31 (Version 2.11)	CAPEC Content Team	The MITRE Corporation
2018-05-31 (Version 2.11)
Modifications
Modification Date	Modifier	Organization
2019-04-04 (Version 3.1)	CAPEC Content Team	The MITRE Corporation
2019-04-04 (Version 3.1)	Updated Related_Weaknesses
2020-07-30 (Version 3.3)	CAPEC Content Team	The MITRE Corporation
2020-07-30 (Version 3.3)	Updated Taxonomy_Mappings

CAPEC-85: AJAX Footprinting

Attack Pattern ID: 85

Abstraction: Detailed

View customized information:

Description

This attack utilizes the frequent client-server roundtrips in Ajax conversation to scan a system. While Ajax does not open up new vulnerabilities per se, it does optimize them from an attacker point of view. A common first step for an attacker is to footprint the target environment to understand what attacks will work. Since footprinting relies on enumeration, the conversational pattern of rapid, multiple requests and responses that are typical in Ajax applications enable an attacker to look for many vulnerabilities, well-known ports, network locations and so on. The knowledge gained through Ajax fingerprinting can be used to support other attacks, such as XSS.

Likelihood Of Attack

High

Typical Severity

Low

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	580	System Footprinting
CanPrecede	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	63	Cross-Site Scripting (XSS)

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Software
Mechanisms of Attack	Collect and Analyze Information

Execution Flow

Explore

Send request to target webpage and analyze HTML: Using a browser or an automated tool, an adversary sends requests to a webpage and records the received HTML response. Adversaries then analyze the HTML to identify any known underlying JavaScript architectures. This can aid in mappiong publicly known vulnerabilities to the webpage and can also helpo the adversary guess application architecture and the inner workings of a system.

Techniques
Record all "src" values inside script tags. These JavaScript files are compared to lists of files for known architectures. If there is a large match between the "src" values and architecture files, then it can be assumed that particular architecture is being used.

Prerequisites

The user must allow JavaScript to execute in their browser

Skills Required

[Level: Medium]

To land and launch a script on victim's machine with appropriate footprinting logic for enumerating services and vulnerabilities in JavaScript

Resources Required

None: No specialized resources are required to execute this type of attack.

Consequences

Scope	Impact	Likelihood
Confidentiality	Read Data

Mitigations

Design: Use browser technologies that do not allow client side scripting.

Implementation: Perform input validation for all remote content.

Example Instances

Footprinting can be executed over almost any protocol including HTTP, TCP, UDP, and ICMP, with the general goal of gaining further information about a host environment to launch further attacks. The attacker can probe the system for banners, vulnerabilities, filenames, available services, and in short anything the host process has access to. The results of the probe are either used to execute javascript (for example, if the attackers' footprint script identifies a vulnerability in a firewall permission, then the client side script executes a javascript to change client firewall settings, or an attacker may simply echo the results of the scan back out to a remote host for targeting future attacks) or to inform other data gathering activities in order to craft atta.

Related Weaknesses

CWE-ID	Weakness Name
79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
113	Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
348	Use of Less Trusted Source
96	Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
20	Improper Input Validation
116	Improper Encoding or Escaping of Output
184	Incomplete List of Disallowed Inputs
86	Improper Neutralization of Invalid Characters in Identifiers in Web Pages
692	Incomplete Denylist to Cross-Site Scripting

Taxonomy Mappings

Relevant to the ATT&CK taxonomy mapping (see parent )

References

[REF-539] Shreeraj Shah. "Ajax fingerprinting for Web 2.0 Applications". Help Net Security. <https://www.helpnetsecurity.com/dl/articles/Ajax_fingerprinting.pdf>.

Content History

Submissions
Submission Date	Submitter	Organization
2014-06-23 (Version 2.6)	CAPEC Content Team	The MITRE Corporation
2014-06-23 (Version 2.6)
Modifications
Modification Date	Modifier	Organization
2018-07-31 (Version 2.12)	CAPEC Content Team	The MITRE Corporation
2018-07-31 (Version 2.12)	Updated References
2020-07-30 (Version 3.3)	CAPEC Content Team	The MITRE Corporation
2020-07-30 (Version 3.3)	Updated Description, Example_Instances, Execution_Flow, Mitigations, Related_Attack_Patterns, Resources_Required, Typical_Severity
2020-12-17 (Version 3.4)	CAPEC Content Team	The MITRE Corporation
2020-12-17 (Version 3.4)	Updated @Name, Related_Attack_Patterns
2021-06-24 (Version 3.5)	CAPEC Content Team	The MITRE Corporation
2021-06-24 (Version 3.5)	Updated Related_Weaknesses
2022-02-22 (Version 3.7)	CAPEC Content Team	The MITRE Corporation
2022-02-22 (Version 3.7)	Updated Execution_Flow
Previous Entry Names
Change Date	Previous Entry Name
2020-12-17 (Version 3.4)	AJAX Fingerprinting

CAPEC-638: Altered Component Firmware

Attack Pattern ID: 638

Abstraction: Detailed

View customized information:

Description

An adversary exploits systems features and/or improperly protected firmware of hardware components, such as Hard Disk Drives (HDD), with the goal of executing malicious code from within the component's Master Boot Record (MBR). Conducting this type of attack entails the adversary infecting the target with firmware altering malware, using known tools, and a payload. Once this malware is executed, the MBR is modified to include instructions to execute the payload at desired intervals and when the system is booted up. A successful attack will obtain persistence within the victim system even if the operating system is reinstalled and/or if the component is formatted or has its data erased.

Likelihood Of Attack

Low

Typical Severity

Very High

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	452	Infected Hardware

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Software, Hardware
Mechanisms of Attack	Manipulate System Resources

Execution Flow

Explore

Select Target: The adversary searches for a suitable target to attack, such as government and/or private industry organizations.
Techniques
Conduct reconnaissance to determine potential targets to exploit.

Identify Components: After selecting a target, the adversary determines whether a vulnerable component, such as a specific make and model of a HDD, is contained within the target system.

Techniques
[Remote Access Vector] The adversary gains remote access to the target, typically via additional malware, and explores the system to determine hardware components that are being leveraged.
[Physical Access Vector] The adversary intercepts components in transit and determines if the component is vulnerable to attack.

Experiment

Optional: Create Payload: If not using an already existing payload, the adversary creates their own to be executed at defined intervals and upon system boot processes. This payload may then be tested on the target system or a test system to confirm its functionality.

Exploit

Insert Firmware Altering Malware: Once a vulnerable component has been identified, the adversary leverages known malware tools to infect the component's firmware and drop the payload within the component's MBR. This allows the adversary to maintain persistence on the target and execute the payload without being detected.

Techniques
The adversary inserts the firmware altering malware on the target component, via the use of known malware tools.
[Physical Access Vector] The adversary then sends the component to its original intended destination, where it will be installed onto a victim system.

Prerequisites

Advanced knowledge about the target component's firmware

Advanced knowledge about Master Boot Records (MBR)

Advanced knowledge about tools used to insert firmware altering malware.

Advanced knowledge about component shipments to the target organization.

Skills Required

[Level: High]

Ability to access and reverse engineer hardware component firmware.

[Level: High]

Ability to intercept components in transit.

[Level: Medium]

Ability to create malicious payload to be executed from MBR.

[Level: Low]

Ability to leverage known malware tools to infect target system and insert firmware altering malware/payload

Resources Required

Manufacturer source code for hardware components.

Malware tools used to insert malware and payload onto target component.

Either remote or physical access to the target component.

Indicators

Output observed from processes, API calls, or Self-Monitoring, Analysis and Reporting Technology (SMART) may provide insight into malicious modifications of MBRs.

Digital forensics tools may produce output that indicates an attack of this nature has occurred. Examples include unexpected disk partitions and/or unusual strings.

Consequences

Scope	Impact	Likelihood
Authentication Authorization	Gain Privileges Execute Unauthorized Commands Bypass Protection Mechanism Hide Activities
Confidentiality Access Control	Read Data Modify Data

Mitigations

Leverage hardware components known to not be susceptible to these types of attacks.

Implement hardware RAID infrastructure.

Example Instances

In 2014, the Equation group was observed levering known malware tools to conduct component firmware alteration attacks against hard drives. In total, 12 HDD categories were shown to be vulnerable from manufacturers such as Western Digital, HGST, Samsung, and Seagate. Because of their complexity, only a few victims were targeted by these attacks. [REF-664]

Related Weaknesses

Supply Chain: CWE does not currently cover Supply Chain in the way it is presented by CAPEC. Therefore, no mapping between the two corpuses can be made at this time.

CWE leads to CAPEC: This entry highlights the rare case where a CAPEC creates an instance of a CWE, as opposed to the usual other way around. At this time, this field only includes mappings to weaknesses that cause the CAPEC, instead of CWEs that could arise due to the CAPEC.

Taxonomy Mappings

Relevant to the ATT&CK taxonomy mapping

Entry ID	Entry Name
1542.002	Pre-OS Boot:Component Firmware

References

[REF-664] "EQUATION GROUP: QUESTIONS AND ANSWERS". 1.5. Kaspersky Lab HQ. 2015-02. <https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064459/Equation_group_questions_and_answers.pdf>. URL validated: 2021-06-23.

[REF-665] Preston Hood. "Hard Drive Firmware Implant IRATEMONK". PJHoodsCo Blog. 2014-10-26. <https://blog.pjhoodsco.org/hard-drive-firmware-implant-iratemonk/>. URL validated: 2021-06-23.

[REF-666] Bruce Schneier. "IRATEMONK: NSA Exploit of the Day". Schneier on Security. 2014-01-31. <https://www.schneier.com/blog/archives/2014/01/iratemonk_nsa_e.html>. URL validated: 2021-06-23.

Content History

Submissions
Submission Date	Submitter	Organization
2018-07-31 (Version 2.12)	CAPEC Content Team
2018-07-31 (Version 2.12)
Modifications
Modification Date	Modifier	Organization
2020-07-30 (Version 3.3)	CAPEC Content Team	The MITRE Corporation
2020-07-30 (Version 3.3)	Updated Taxonomy_Mappings
2021-06-24 (Version 3.5)	CAPEC Content Team	The MITRE Corporation
2021-06-24 (Version 3.5)	Updated Consequences, Description, Example_Instances, Execution_Flow, Indicators, Mitigations, Prerequisites, References, Resources_Required, Skills_Required, Typical_Severity

CAPEC-532: Altered Installed BIOS

Attack Pattern ID: 532

Abstraction: Detailed

View customized information:

Description

An attacker with access to download and update system software sends a maliciously altered BIOS to the victim or victim supplier/integrator, which when installed allows for future exploitation.

Likelihood Of Attack

Low

Typical Severity

High

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	444	Development Alteration

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Software, Supply Chain
Mechanisms of Attack	Manipulate System Resources
Supply Chain Risks	Development and Production, Sustainment

Prerequisites

Advanced knowledge about the installed target system design.

Advanced knowledge about the download and update installation processes.

Access to the download and update system(s) used to deliver BIOS images.

Skills Required

[Level: High]

Able to develop a malicious BIOS image with the original functionality as a normal BIOS image, but with added functionality that allows for later compromise and/or disruption.

Mitigations

Deploy strong code integrity policies to allow only authorized apps to run.

Use endpoint detection and response solutions that can automaticalkly detect and remediate suspicious activities.

Maintain a highly secure build and update infrastructure by immediately applying security patches for OS and software, implementing mandatory integrity controls to ensure only trusted tools run, and requiring multi-factor authentication for admins.

Require SSL for update channels and implement certificate transparency based verification.

Sign update packages and BIOS patches.

Use hardware security modules/trusted platform modules to verify authenticity using hardware-based cryptography.

Example Instances

An attacker compromises the download and update portion of a manufacturer's web presence, and develops a malicious BIOS that in addition to the normal functionality will also at a specific time of day disable the remote access subsystem's security checks. The malicious BIOS is put in place on the manufacturer's website, the victim location is sent an official-looking email informing the victim of the availability of a new BIOS with bug fixes and enhanced performance capabilities to entice the victim to install the new BIOS quickly. The malicious BIOS is downloaded and installed on the victim's system, which allows for additional compromise by the attacker.

Related Weaknesses

Supply Chain: CWE does not currently cover Supply Chain in the way it is presented by CAPEC. Therefore, no mapping between the two corpuses can be made at this time.

Taxonomy Mappings

Relevant to the ATT&CK taxonomy mapping

Entry ID	Entry Name
1495	Firmware Corruption
1542.001	Pre-OS Boot:System Firmware

References

[REF-439] John F. Miller. "Supply Chain Attack Framework and Attack Patterns". The MITRE Corporation. 2013. <http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf>.

[REF-716] Daniel Simpson, Dani Halfin, Andrews Mariano Gorzelany and Beth Woodbury. "Supply chain attacks". Microsoft. 2021-10-28. <https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/supply-chain-malware>. URL validated: 2022-02-21.

Content History

Submissions
Submission Date	Submitter	Organization
2014-06-23 (Version 2.6)	CAPEC Content Team	The MITRE Corporation
2014-06-23 (Version 2.6)
Modifications
Modification Date	Modifier	Organization
2015-11-09 (Version 2.7)	CAPEC Content Team	The MITRE Corporation
2015-11-09 (Version 2.7)	Updated References, Related_Attack_Patterns
2018-07-31 (Version 2.12)	CAPEC Content Team	The MITRE Corporation
2018-07-31 (Version 2.12)	Updated References, Related_Attack_Patterns, Typical_Likelihood_of_Exploit
2019-09-30 (Version 3.2)	CAPEC Content Team	The MITRE Corporation
2019-09-30 (Version 3.2)	Updated Related_Attack_Patterns
2020-07-30 (Version 3.3)	CAPEC Content Team	The MITRE Corporation
2020-07-30 (Version 3.3)	Updated Taxonomy_Mappings
2021-06-24 (Version 3.5)	CAPEC Content Team	The MITRE Corporation
2021-06-24 (Version 3.5)	Updated Related_Attack_Patterns
2022-02-22 (Version 3.7)	CAPEC Content Team	The MITRE Corporation
2022-02-22 (Version 3.7)	Updated Mitigations, References
2022-09-29 (Version 3.8)	CAPEC Content Team	The MITRE Corporation
2022-09-29 (Version 3.8)	Updated Taxonomy_Mappings
Previous Entry Names
Change Date	Previous Entry Name
2015-11-09 (Version 2.7)	Altered BIOS Installed After Installation

CAPEC-621: Analysis of Packet Timing and Sizes

Attack Pattern ID: 621

Abstraction: Detailed

View customized information:

Description

An attacker may intercept and log encrypted transmissions for the purpose of analyzing metadata such as packet timing and sizes. Although the actual data may be encrypted, this metadata may reveal valuable information to an attacker. Note that this attack is applicable to VOIP data as well as application data, especially for interactive apps that require precise timing and low-latency (e.g. thin-clients).

Typical Severity

Low

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	189	Black Box Reverse Engineering

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Software, Hardware, Physical Security
Mechanisms of Attack	Collect and Analyze Information

Prerequisites

Use of untrusted communication paths enables an attacker to intercept and log communications, including metadata such as packet timing and sizes.

Skills Required

[Level: High]

These attacks generally require sophisticated machine learning techniques and require traffic capture as a prerequisite.

Consequences

Scope	Impact	Likelihood
Confidentiality	Read Data

Mitigations

Distort packet sizes and timing at VPN layer by adding padding to normalize packet sizes and timing delays to reduce information leakage via timing.

Related Weaknesses

CWE-ID	Weakness Name
201	Insertion of Sensitive Information Into Sent Data

Content History

Submissions
Submission Date	Submitter	Organization
2015-11-09 (Version 2.7)	CAPEC Content Team	The MITRE Corporation
2015-11-09 (Version 2.7)
Modifications
Modification Date	Modifier	Organization
2018-07-31 (Version 2.12)	CAPEC Content Team	The MITRE Corporation
2018-07-31 (Version 2.12)	Updated Attack_Motivation-Consequences

CAPEC-501: Android Activity Hijack

Attack Pattern ID: 501

Abstraction: Detailed

View customized information:

Description

An adversary intercepts an implicit intent sent to launch a Android-based trusted activity and instead launches a counterfeit activity in its place. The malicious activity is then used to mimic the trusted activity's user interface and prompt the target to enter sensitive data as if they were interacting with the trusted activity.

Typical Severity

Medium

Relationships

Nature	Type	ID	Name
ChildOf	Meta Attack Pattern - A meta level attack pattern in CAPEC is a decidedly abstract characterization of a specific methodology or technique used in an attack. A meta attack pattern is often void of a specific technology or implementation and is meant to provide an understanding of a high level approach. A meta level attack pattern is a generalization of related group of standard level attack patterns. Meta level attack patterns are particularly useful for architecture and design level threat modeling exercises.	173	Action Spoofing
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	499	Android Intent Intercept

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Software
Mechanisms of Attack	Engage in Deceptive Interactions, Collect and Analyze Information

Execution Flow

Explore

Find an android application that uses implicit intents: Since this attack only works on android applications that use implicit intents, rather than explicit intents, an adversary must first identify an app that uses implicit intents to launch an Android-based trusted activity, and what that activity is.

Experiment

Create a malicious app: The adversary must create a malicious android app meant to intercept implicit intents to launch an Adroid-based trusted activity. This malicious app will mimic the trusted activiy's user interface to get the user to enter sensitive data.
Techniques
Specify the type of intent wished to be intercepted in the malicious app's manifest file using an intent filter
Get user to download malicious app: The adversary must get a user using the targeted app to download the malicious app by any means necessary

Exploit

Gather sensitive data through malicious app: Once the target application sends an implicit intent to launch a trusted activity, the malicious app will be launched instead that looks identical to the interface of that activity. When the user enters sensitive information it will be captured by the malicious app.
Techniques
Gather login information from a user using a malicious app

Prerequisites

The adversary must have previously installed the malicious application onto the Android device that will run in place of the trusted activity.

Skills Required

[Level: High]

The adversary must typically overcome network and host defenses in order to place malware on the system.

Resources Required

Malware capable of acting on the adversary's objectives.

Consequences

Scope	Impact	Likelihood
Confidentiality	Read Data

Mitigations

To mitigate this type of an attack, explicit intents should be used whenever sensitive data is being sent. An 'explicit intent' is delivered to a specific application as declared within the intent, whereas an 'implicit intent' is directed to an application as defined by the Android operating system. If an implicit intent must be used, then it should be assumed that the intent will be received by an unknown application and any response should be treated accordingly (i.e., with appropriate security controls).

Never use implicit intents for inter-application communication.

Related Weaknesses

CWE-ID	Weakness Name
923	Improper Restriction of Communication Channel to Intended Endpoints

References

[REF-427] Erika Chin, Adrienne Porter Felt, Kate Greenwood and David Wagner. "Analyzing Inter-Application Communication in Android". 3.1.2 Activity Hijacking. International Conference on Mobile Systems, Applications, and Services (MobiSys). 2011. <https://people.eecs.berkeley.edu/~daw/papers/intents-mobisys11.pdf>.

Content History

Submissions
Submission Date	Submitter	Organization
2014-06-23 (Version 2.6)	CAPEC Content Team	The MITRE Corporation
2014-06-23 (Version 2.6)
Modifications
Modification Date	Modifier	Organization
2018-07-31 (Version 2.12)	CAPEC Content Team	The MITRE Corporation
2018-07-31 (Version 2.12)	Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, References, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Typical_Severity
2019-09-30 (Version 3.2)	CAPEC Content Team	The MITRE Corporation
2019-09-30 (Version 3.2)	Updated Related_Attack_Patterns
2020-12-17 (Version 3.4)	CAPEC Content Team	The MITRE Corporation
2020-12-17 (Version 3.4)	Updated @Name, Description, Prerequisites
2021-10-21 (Version 3.6)	CAPEC Content Team	The MITRE Corporation
2021-10-21 (Version 3.6)	Updated Execution_Flow
Previous Entry Names
Change Date	Previous Entry Name
2020-12-17 (Version 3.4)	Activity Hijack

CAPEC-388: Application API Button Hijacking

Attack Pattern ID: 388

Abstraction: Detailed

View customized information:

Description

An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of buttons displayed to a user within API messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that looks authentic but contains buttons that point to an attacker controlled destination.

Typical Severity

Medium

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	386	Application API Navigation Remapping

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Software, Communications
Mechanisms of Attack	Subvert Access Control

Prerequisites

Targeted software is utilizing application framework APIs

Resources Required

A software program that allows the use of adversary-in-the-middle (CAPEC-94) communications between the client and server, such as a adversary-in-the-middle (CAPEC-94) proxy.

Example Instances

An in-game event occurs and the attacker traps the result, which turns out to be a form that will be populated to their primary profile. The attacker, using a MITM proxy, observes the following data:

[Button][Claim_Item]Sourdough_Cookie[URL_IMG]foo[/URL_IMG][Claim_Link]bar[/Claim_Link]

By altering the destination of "Claim_Link" to point to the attackers' server an unwitting victim can be enticed to click the link. Another example would be for the attacker to rewrite the button destinations for an event so that clicking "Yes" or "No" causes the user to load the attackers' code.

Related Weaknesses

CWE-ID	Weakness Name
471	Modification of Assumed-Immutable Data (MAID)
345	Insufficient Verification of Data Authenticity
346	Origin Validation Error
602	Client-Side Enforcement of Server-Side Security
311	Missing Encryption of Sensitive Data

References

[REF-327] Tom Stracener and Sean Barnum. "So Many Ways [...]: Exploiting Facebook and YoVille". Defcon 18. 2010.

Content History

Submissions
Submission Date	Submitter	Organization
2014-06-23 (Version 2.6)	CAPEC Content Team	The MITRE Corporation
2014-06-23 (Version 2.6)
Modifications
Modification Date	Modifier	Organization
2018-07-31 (Version 2.12)	CAPEC Content Team	The MITRE Corporation
2018-07-31 (Version 2.12)	Updated Description, Description Summary, Examples-Instances
2019-09-30 (Version 3.2)	CAPEC Content Team	The MITRE Corporation
2019-09-30 (Version 3.2)	Updated @Abstraction
2021-06-24 (Version 3.5)	CAPEC Content Team	The MITRE Corporation
2021-06-24 (Version 3.5)	Updated Resources_Required
2022-09-29 (Version 3.8)	CAPEC Content Team	The MITRE Corporation
2022-09-29 (Version 3.8)	Updated Example_Instances

CAPEC-539: ASIC With Malicious Functionality

Attack Pattern ID: 539

Abstraction: Detailed

View customized information:

Description

An attacker with access to the development environment process of an application-specific integrated circuit (ASIC) for a victim system being developed or maintained after initial deployment can insert malicious functionality into the system for the purpose of disruption or further compromise.

Likelihood Of Attack

Low

Typical Severity

High

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	444	Development Alteration

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Hardware, Supply Chain
Mechanisms of Attack	Manipulate System Resources
Supply Chain Risks	Development and Production, Sustainment

Prerequisites

The attacker must have working knowledge of some if not all of the components involved in the target system as well as the infrastructure and development environment of the manufacturer.

Advanced knowledge about the ASIC installed within the target system.

Skills Required

[Level: High]

Able to develop and manufacture malicious subroutines for an ASIC environment without degradation of existing functions and processes.

Example Instances

A hardware manufacturer periodically updates its ASIC with new features. The attacker, knowing the manufacturer runs email on a system adjacent to the hardware development systems used for ASIC design, sends a phishing email with a malicious attachment to the manufacturer. When viewed, the malicious attachment installs a backdoor that allows the attacker to remotely compromise the adjacent ASIC development system. The attacker is then able to exfiltrate and alter sensitive data on the ASIC system, allowing for future compromise once a new AISC is deployed at the victim location.

Related Weaknesses

Taxonomy Mappings

Relevant to the ATT&CK taxonomy mapping

Entry ID	Entry Name
1195.003	Supply Chain Compromise: Compromise Hardware Supply Chain

References

Content History

Submissions
Submission Date	Submitter	Organization
2014-06-23 (Version 2.6)	CAPEC Content Team	The MITRE Corporation
2014-06-23 (Version 2.6)
Modifications
Modification Date	Modifier	Organization
2015-11-09 (Version 2.7)	CAPEC Content Team	The MITRE Corporation
2015-11-09 (Version 2.7)	Updated Related_Attack_Patterns, Typical_Likelihood_of_Exploit
2019-09-30 (Version 3.2)	CAPEC Content Team	The MITRE Corporation
2019-09-30 (Version 3.2)	Updated Related_Attack_Patterns
2022-09-29 (Version 3.8)	CAPEC Content Team	The MITRE Corporation
2022-09-29 (Version 3.8)	Updated Taxonomy_Mappings

CAPEC-655: Avoid Security Tool Identification by Adding Data

Attack Pattern ID: 655

Abstraction: Detailed

View customized information:

Description

An adversary adds data to a file to increase the file size beyond what security tools are capable of handling in an attempt to mask their actions.

In addition to this, adding data to a file also changes the file's hash, frustrating security tools that look for known bad files by their hash.

Likelihood Of Attack

High

Typical Severity

High

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	572	Artificially Inflate File Sizes

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Software
Mechanisms of Attack	Manipulate System Resources

Consequences

Scope	Impact	Likelihood
Accountability	Hide Activities Bypass Protection Mechanism
Integrity	Modify Data

Example Instances

Adding data to change the checksum of a file and can be used to avoid hash-based denylists and static anti-virus signatures.

Related Weaknesses

General: This attack pattern does not depend upon an underlying system, application, or component weakness and, therefore, cannot be mapped to the Common Weakness Enumeration (CWE) body of knowledge.

Taxonomy Mappings

Relevant to the ATT&CK taxonomy mapping (also see parent)

Entry ID	Entry Name
1027.001	Obfuscated Files or Information:Binary padding

Content History

Submissions
Submission Date	Submitter	Organization
2020-07-30 (Version 3.3)	CAPEC Content Team	The MITRE Corporation
2020-07-30 (Version 3.3)
Modifications
Modification Date	Modifier	Organization
2021-06-24 (Version 3.5)	CAPEC Content Team	The MITRE Corporation
2021-06-24 (Version 3.5)	Updated Example_Instances

CAPEC-584: BGP Route Disabling

Attack Pattern ID: 584

Abstraction: Detailed

View customized information:

Description

An adversary suppresses the Border Gateway Protocol (BGP) advertisement for a route so as to render the underlying network inaccessible. The BGP protocol helps traffic move throughout the Internet by selecting the most efficient route between Autonomous Systems (AS), or routing domains. BGP is the basis for interdomain routing infrastructure, providing connections between these ASs. By suppressing the intended AS routing advertisements and/or forcing less effective routes for traffic to ASs, the adversary can deny availability for the target network.

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	582	Route Disabling

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Software, Communications
Mechanisms of Attack	Manipulate System Resources

Prerequisites

The adversary must have control of a router that can modify, drop, or introduce spoofed BGP updates.The adversary can convince

Resources Required

BGP Router

Consequences

Scope	Impact	Likelihood
Availability	Other

Mitigations

Implement Ingress filters to check the validity of received routes. However, this relies on the accuracy of Internet Routing Registries (IRRs) databases which are often not well-maintained.

Implement Secure BGP (S-BGP protocol), which improves authorization and authentication capabilities based on public-key cryptography.

Example Instances

Blackholing: The adversary intentionally references false routing advertisements in order to attract traffic to a particular router so it can be dropped.

Related Weaknesses

Communications: CWE does not currently cover Communications in the way it is presented by CAPEC. Therefore, no mapping between the two corpuses can be made at this time.

References

[REF-465] "Why is it Taking so Long to Secure Internet Routing?". ACM. 2014. <https://queue.acm.org/detail.cfm?id=2668966>.

[REF-466] "Beware of BGP Attacks". ACM SIGCOMM. 2004. <http://www.cc.gatech.edu/~dovrolis/Papers/ccr-bgp.pdf>.

Content History

Submissions
Submission Date	Submitter	Organization
2017-01-12 (Version 2.9)	Seamus Tuohy
2017-01-12 (Version 2.9)
Modifications
Modification Date	Modifier	Organization
2019-09-30 (Version 3.2)	CAPEC Content Team	The MITRE Corporation
2019-09-30 (Version 3.2)	Updated Related_Attack_Patterns
2020-12-17 (Version 3.4)	CAPEC Content Team	The MITRE Corporation
2020-12-17 (Version 3.4)	Updated Mitigations

CAPEC-611: BitSquatting

Attack Pattern ID: 611

Abstraction: Detailed

View customized information:

Description

An adversary registers a domain name one bit different than a trusted domain. A BitSquatting attack leverages random errors in memory to direct Internet traffic to adversary-controlled destinations. BitSquatting requires no exploitation or complicated reverse engineering, and is operating system and architecture agnostic. Experimental observations show that BitSquatting popular websites could redirect non-trivial amounts of Internet traffic to a malicious entity.

Likelihood Of Attack

Low

Typical Severity

Medium

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	616	Establish Rogue Location
CanFollow	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	98	Phishing
CanPrecede	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	89	Pharming
CanPrecede	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	543	Counterfeit Websites

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Social Engineering
Mechanisms of Attack	Engage in Deceptive Interactions

Execution Flow

Explore

Determine target website: The adversary first determines which website to impersonate, generally one that is trusted and receives a consistent amount of traffic.
Techniques
Research popular or high traffic websites.

Experiment

Impersonate trusted domain: In order to impersonate the trusted domain, the adversary needs to register the BitSquatted URL.
Techniques
Register the BitSquatted domain.

Exploit

Wait for a user to visit the domain: Finally, the adversary simply waits for a user to be unintentionally directed to the BitSquatted domain.
Techniques
Simply wait for an error in memory to occur, redirecting the user to the malicious domain.

Prerequisites

An adversary requires knowledge of popular or high traffic domains, that could be used to deceive potential targets.

Skills Required

[Level: Low]

Adversaries must be able to register DNS hostnames/URL’s.

Consequences

Scope	Impact	Likelihood
Other	Other

Mitigations

Authenticate all servers and perform redundant checks when using DNS hostnames.

When possible, use error-correcting (ECC) memory in local devices as non-ECC memory is significantly more vulnerable to faults.

Related Weaknesses

Social Engineering: CWE does not currently cover Social Engineering in the way it is presented by CAPEC. Therefore, no mapping between the two corpuses can be made at this time.

Taxonomy Mappings

Relevant to the ATT&CK taxonomy mapping (see parent )

References

[REF-485] Artem Dinaburg. "Bitsquatting: DNS Hijacking without exploitation". Raytheon. <http://media.blackhat.com/bh-us-11/Dinaburg/BH_US_11_Dinaburg_Bitsquatting_WP.pdf>.

Content History

Submissions
Submission Date	Submitter	Organization
2015-11-09 (Version 2.7)	CAPEC Content Team	The MITRE Corporation
2015-11-09 (Version 2.7)
Modifications
Modification Date	Modifier	Organization
2017-08-04 (Version 2.11)	CAPEC Content Team	The MITRE Corporation
2017-08-04 (Version 2.11)	Updated Architectural_Paradigms, Attack_Motivation-Consequences, Attack_Phases, Attack_Prerequisites, Description, Description Summary, Methods_of_Attack, Typical_Likelihood_of_Exploit, Typical_Severity
2018-07-31 (Version 2.12)	CAPEC Content Team	The MITRE Corporation
2018-07-31 (Version 2.12)	Updated Attack_Phases
2019-04-04 (Version 3.1)	CAPEC Content Team	The MITRE Corporation
2019-04-04 (Version 3.1)	Updated Related_Attack_Patterns
2020-12-17 (Version 3.4)	CAPEC Content Team	The MITRE Corporation
2020-12-17 (Version 3.4)	Updated Related_Attack_Patterns
2022-09-29 (Version 3.8)	CAPEC Content Team	The MITRE Corporation
2022-09-29 (Version 3.8)	Updated Related_Attack_Patterns

CAPEC-7: Blind SQL Injection

Attack Pattern ID: 7

Abstraction: Detailed

View customized information:

Description

Blind SQL Injection results from an insufficient mitigation for SQL Injection. Although suppressing database error messages are considered best practice, the suppression alone is not sufficient to prevent SQL Injection. Blind SQL Injection is a form of SQL Injection that overcomes the lack of error messages. Without the error messages that facilitate SQL Injection, the adversary constructs input strings that probe the target through simple Boolean SQL expressions. The adversary can determine if the syntax and structure of the injection was successful based on whether the query was executed or not. Applied iteratively, the adversary determines how and where the target is vulnerable to SQL Injection.

Likelihood Of Attack

High

Typical Severity

High

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	66	SQL Injection

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Software
Mechanisms of Attack	Inject Unexpected Items

Execution Flow

Explore

Hypothesize SQL queries in application:
Generated hypotheses regarding the SQL queries in an application. For example, the adversary may hypothesize that their input is passed directly into a query that looks like:
"SELECT * FROM orders WHERE ordernum = _____"

or

"SELECT * FROM orders WHERE ordernum IN (_____)"

or

"SELECT * FROM orders WHERE ordernum in (_____) ORDER BY _____"
Of course, there are many other possibilities.
Techniques
Research types of SQL queries and determine which ones could be used at various places in an application.

Determine how to inject information into the queries:

Determine how to inject information into the queries from the previous step such that the injection does not impact their logic. For example, the following are possible injections for those queries:

"5' OR 1=1; --"

and

"5) OR 1=1; --"

and

"ordernum DESC; --"

Techniques
Add clauses to the SQL queries such that the query logic does not change.
Add delays to the SQL queries in case server does not provide clear error messages (e.g. WAITFOR DELAY '0:0:10' in SQL Server or BENCHMARK(1000000000,MD5(1) in MySQL). If these can be injected into the queries, then the length of time that the server takes to respond reveals whether the query is injectable or not.

Experiment

Determine user-controllable input susceptible to injection: Determine the user-controllable input susceptible to injection. For each user-controllable input that the adversary suspects is vulnerable to SQL injection, attempt to inject the values determined in the previous step. If an error does not occur, then the adversary knows that the SQL injection was successful.

Techniques
Use web browser to inject input through text fields or through HTTP GET parameters.
Use a web application debugging tool such as Tamper Data, TamperIE, WebScarab,etc. to modify HTTP POST parameters, hidden fields, non-freeform fields, etc.
Use network-level packet injection tools such as netcat to inject input
Use modified client (modified by reverse engineering) to inject input.

Determine database type: Determines the type of the database, such as MS SQL Server or Oracle or MySQL, using logical conditions as part of the injected queries

Techniques
Try injecting a string containing char(0x31)=char(0x31) (this evaluates to 1=1 in SQL Server only)
Try injecting a string containing 0x313D31 (this evaluates to 1=1 in MySQL only)
Inject other database-specific commands into input fields susceptible to SQL Injection. The adversary can determine the type of database that is running by checking whether the query executed successfully or not (i.e. whether the adversary received a normal response from the server or not).

Exploit

Extract information about database schema: Extract information about database schema by getting the database to answer yes/no questions about the schema.
Techniques
Automatically extract database schema using a tool such as Absinthe.
Manually perform the blind SQL Injection to extract desired information about the database schema.
Exploit SQL Injection vulnerability: Use the information obtained in the previous steps to successfully inject the database in order to bypass checks or modify, add, retrieve or delete data from the database
Techniques
Use information about how to inject commands into SQL queries as well as information about the database schema to execute attacks such as dropping tables, inserting records, etc.

Prerequisites

SQL queries used by the application to store, retrieve or modify data.

User-controllable input that is not properly validated by the application as part of SQL queries.

Skills Required

[Level: Medium]

Determining the database type and version, as well as the right number and type of parameters to the query being injected in the absence of error messages requires greater skill than reverse-engineering database error messages.

Resources Required

None: No specialized resources are required to execute this type of attack.

Indicators

The only indicators of successful Blind SQL Injection are the application or database logs that show similar queries with slightly differing logical conditions that increase in complexity over time. However, this requires extensive logging as well as knowledge of the queries that can be used to perform such injection and return meaningful information from the database.

Consequences

Scope	Impact	Likelihood
Integrity	Modify Data
Confidentiality	Read Data
Confidentiality Integrity Availability	Execute Unauthorized Commands

Mitigations

Security by Obscurity is not a solution to preventing SQL Injection. Rather than suppress error messages and exceptions, the application must handle them gracefully, returning either a custom error page or redirecting the user to a default page, without revealing any information about the database or the application internals.

Strong input validation - All user-controllable input must be validated and filtered for illegal characters as well as SQL content. Keywords such as UNION, SELECT or INSERT must be filtered in addition to characters such as a single-quote(') or SQL-comments (--) based on the context in which they appear.

Example Instances

An adversary may try entering something like "username' AND 1=1; --" in an input field. If the result is the same as when the adversary entered "username" in the field, then the adversary knows that the application is vulnerable to SQL Injection. The adversary can then ask yes/no questions from the database server to extract information from it. For example, the adversary can extract table names from a database using the following types of queries:

"username' AND ascii(lower(substring((SELECT TOP 1 name FROM sysobjects WHERE xtype='U'), 1, 1))) > 108".

If the above query executes properly, then the adversary knows that the first character in a table name in the database is a letter between m and z. If it doesn't, then the adversary knows that the character must be between a and l (assuming of course that table names only contain alphabetic characters). By performing a binary search on all character positions, the adversary can determine all table names in the database. Subsequently, the adversary may execute an actual attack and send something like:

"username'; DROP TABLE trades; --

In the PHP application TimeSheet 1.1, an adversary can successfully retrieve username and password hashes from the database using Blind SQL Injection. If the adversary is aware of the local path structure, the adversary can also remotely execute arbitrary code and write the output of the injected queries to the local path. Blind SQL Injection is possible since the application does not properly sanitize the $_POST['username'] variable in the login.php file. See also: CVE-2006-4705

Related Weaknesses

CWE-ID	Weakness Name
89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
209	Generation of Error Message Containing Sensitive Information
74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
20	Improper Input Validation
697	Incorrect Comparison
707	Improper Neutralization

Taxonomy Mappings

Relevant to the OWASP taxonomy mapping

Entry Name
Blind SQL Injection

Content History

Submissions
Submission Date	Submitter	Organization
2014-06-23 (Version 2.6)	CAPEC Content Team	The MITRE Corporation
2014-06-23 (Version 2.6)
Modifications
Modification Date	Modifier	Organization
2017-01-09 (Version 2.9)	CAPEC Content Team	The MITRE Corporation
2017-01-09 (Version 2.9)	Updated Related_Attack_Patterns
2017-08-04 (Version 2.11)	CAPEC Content Team	The MITRE Corporation
2017-08-04 (Version 2.11)	Updated Attack_Phases, Description, Description Summary, Examples-Instances, Payload_Activation_Impact, Resources_Required
2018-07-31 (Version 2.12)	CAPEC Content Team	The MITRE Corporation
2018-07-31 (Version 2.12)	Updated References, Related_Weaknesses
2020-07-30 (Version 3.3)	CAPEC Content Team	The MITRE Corporation
2020-07-30 (Version 3.3)	Updated Execution_Flow
2020-12-17 (Version 3.4)	CAPEC Content Team	The MITRE Corporation
2020-12-17 (Version 3.4)	Updated Taxonomy_Mappings
2021-06-24 (Version 3.5)	CAPEC Content Team	The MITRE Corporation
2021-06-24 (Version 3.5)	Updated Related_Weaknesses
2022-09-29 (Version 3.8)	CAPEC Content Team	The MITRE Corporation
2022-09-29 (Version 3.8)	Updated Example_Instances, Execution_Flow

CAPEC-96: Block Access to Libraries

Attack Pattern ID: 96

Abstraction: Detailed

View customized information:

Description

An application typically makes calls to functions that are a part of libraries external to the application. These libraries may be part of the operating system or they may be third party libraries. It is possible that the application does not handle situations properly where access to these libraries has been blocked. Depending on the error handling within the application, blocked access to libraries may leave the system in an insecure state that could be leveraged by an attacker.

Likelihood Of Attack

Medium

Typical Severity

Medium

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	603	Blockage

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Software
Mechanisms of Attack	Manipulate System Resources

Execution Flow

Explore

Determine what external libraries the application accesses.

Experiment

Block access to the external libraries accessed by the application.
Monitor the behavior of the system to see if it goes into an insecure/inconsistent state.
If the system does go into an insecure/inconsistent state, leverage that to obtain information about the system functionality or data, elevate access control, etc. The rest of this attack will depend on the context and the desired goal.

Prerequisites

An application requires access to external libraries.

An attacker has the privileges to block application access to external libraries.

Skills Required

[Level: Low]

Knowledge of how to block access to libraries, as well as knowledge of how to leverage the resulting state of the application based on the failed call.

Consequences

Scope	Impact	Likelihood
Availability	Alter Execution Logic
Confidentiality	Other
Confidentiality Access Control Authorization	Bypass Protection Mechanism

Mitigations

Ensure that application handles situations where access to APIs in external libraries is not available securely. If the application cannot continue its execution safely it should fail in a consistent and secure fashion.

Example Instances

A web-based system uses a third party cryptographic random number generation library that derives entropy from machine's hardware. This library is used in generation of user session ids used by the application. If the library is inaccessible, the application instead uses a software based weak pseudo random number generation library. An attacker of the system blocks access of the application to the third party cryptographic random number generation library (by renaming it). The application in turn uses the weak pseudo random number generation library to generate session ids that are predictable. An attacker then leverages this weakness to guess a session id of another user to perform a horizontal elevation of privilege escalation and gain access to another user's account.

Related Weaknesses

CWE-ID	Weakness Name
589	Call to Non-ubiquitous API

Content History

Submissions
Submission Date	Submitter	Organization
2014-06-23 (Version 2.6)	CAPEC Content Team	The MITRE Corporation
2014-06-23 (Version 2.6)
Modifications
Modification Date	Modifier	Organization
2017-01-09 (Version 2.9)	CAPEC Content Team	The MITRE Corporation
2017-01-09 (Version 2.9)	Updated Related_Attack_Patterns
2018-07-31 (Version 2.12)	CAPEC Content Team	The MITRE Corporation
2018-07-31 (Version 2.12)	Updated Attacker_Skills_or_Knowledge_Required
2019-09-30 (Version 3.2)	CAPEC Content Team	The MITRE Corporation
2019-09-30 (Version 3.2)	Updated Related_Attack_Patterns
2021-06-24 (Version 3.5)	CAPEC Content Team	The MITRE Corporation
2021-06-24 (Version 3.5)	Updated Related_Weaknesses

CAPEC-5: Blue Boxing

Attack Pattern ID: 5

Abstraction: Detailed

View customized information:

Description

This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.

This attack pattern is included in CAPEC for historical purposes.

Likelihood Of Attack

Medium

Typical Severity

Very High

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	220	Client-Server Protocol Manipulation

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Software, Communications
Mechanisms of Attack	Abuse Existing Functionality

Prerequisites

System must use weak authentication mechanisms for administrative functions.

Skills Required

[Level: Low]

Given a vulnerable phone system, the attackers' technical vector relies on attacks that are well documented in cracker 'zines and have been around for decades.

Resources Required

CCITT-5 or other vulnerable lines, with the ability to send tones such as combined 2,400 Hz and 2,600 Hz tones to the switch

Consequences

Scope	Impact	Likelihood
Availability	Resource Consumption
Confidentiality Access Control Authorization	Gain Privileges

Mitigations

Implementation: Upgrade phone lines. Note this may be prohibitively expensive

Use strong access control such as two factor access control for administrative access to the switch

Example Instances

An adversary identifies a vulnerable CCITT-5 phone line, and sends a combination tone to the switch in order to request administrative access. Based on tone and timing parameters the request is verified for access to the switch. Once the adversary has gained control of the switch launching calls, routing calls, and a whole host of opportunities are available.

Related Weaknesses

CWE-ID	Weakness Name
285	Improper Authorization

References

[REF-1] G. Hoglund and G. McGraw. "Exploiting Software: How to Break Code". Addison-Wesley. 2004-02.

Content History

Submissions
Submission Date	Submitter	Organization
2014-06-23 (Version 2.6)	CAPEC Content Team	The MITRE Corporation
2014-06-23 (Version 2.6)
Modifications
Modification Date	Modifier	Organization
2019-04-04 (Version 3.1)	CAPEC Content Team	The MITRE Corporation
2019-04-04 (Version 3.1)	Updated Related_Weaknesses
2023-01-24 (Version 3.9)	CAPEC Content Team	The MITRE Corporation
2023-01-24 (Version 3.9)	Updated @Status, Description

CAPEC-667: Bluetooth Impersonation AttackS (BIAS)

Attack Pattern ID: 667

Abstraction: Detailed

View customized information:

Description

An adversary disguises the MAC address of their Bluetooth enabled device to one for which there exists an active and trusted connection and authenticates successfully. The adversary can then perform malicious actions on the target Bluetooth device depending on the target’s capabilities.

Likelihood Of Attack

Medium

Typical Severity

High

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	616	Establish Rogue Location
CanFollow	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	194	Fake the Source of Data

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Social Engineering
Mechanisms of Attack	Engage in Deceptive Interactions

Execution Flow

Explore

Find disguise and target: The adversary starts the Bluetooth service on the attacking device and searches for nearby listening devices.
Techniques
Knowledge of a trusted MAC address.
Scanning for devices other than the target that may be trusted.

Experiment

Disguise: Using the MAC address of the device the adversary wants to impersonate, they may use a tool such as spooftooth or macchanger to spoof their Bluetooth address and attempt to authenticate with the target.

Exploit

Use device capabilities to accomplish goal: Finally, if authenticated successfully the adversary can perform tasks/information gathering dependent on the target's capabilities and connections.

Prerequisites

Knowledge of a target device's list of trusted connections.

Skills Required

[Level: Low]

Adversaries must be capable of using command line Linux tools.

[Level: Low]

Adversaries must be in close proximity to Bluetooth devices.

Consequences

Scope	Impact	Likelihood
Integrity
Confidentiality

Mitigations

Disable Bluetooth in public places.

Verify incoming Bluetooth connections; do not automatically trust.

Change default PIN passwords and always use one when connecting.

Related Weaknesses

CWE-ID	Weakness Name
290	Authentication Bypass by Spoofing

Taxonomy Mappings

Relevant to the ATT&CK taxonomy mapping (see parent )

Content History

Submissions
Submission Date	Submitter	Organization
2021-06-24 (Version 3.5)	CAPEC Content Team	The MITRE Corporation
2021-06-24 (Version 3.5)
Modifications
Modification Date	Modifier	Organization
2022-09-29 (Version 3.8)	CAPEC Content Team	The MITRE Corporation
2022-09-29 (Version 3.8)	Updated Related_Attack_Patterns

CAPEC-472: Browser Fingerprinting

Attack Pattern ID: 472

Abstraction: Detailed

View customized information:

Description

An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.

Typical Severity

Low

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	541	Application Fingerprinting

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Software
Mechanisms of Attack	Collect and Analyze Information

Prerequisites

Victim's browser visits a website that contains attacker's Java ScriptJava Script is not disabled in the victim's browser

Mitigations

Configuration: Disable Java Script in the browser

Example Instances

The following code snippets can be used to detect various browsers:

Firefox 2/3

FF=/a/[-1]=='a'

Firefox 3

FF3=(function x(){})[-5]=='x'

Firefox 2

FF2=(function x(){})[-6]=='x'

IE='\v'=='v'

Safari

Saf=/a/.__proto__=='//'

Chrome

Chr=/source/.test((/a/.toString+''))

Opera

Op=/^function \(/.test([].sort)

Related Weaknesses

CWE-ID	Weakness Name
200	Exposure of Sensitive Information to an Unauthorized Actor

Taxonomy Mappings

Relevant to the ATT&CK taxonomy mapping (see parent )

References

[REF-410] Gareth Heyes. "Detecting browsers javascript hacks". The Spanner. 2009-01-29. <http://www.thespanner.co.uk/2009/01/29/detecting-browsers-javascript-hacks/>.

Content History

Submissions
Submission Date	Submitter	Organization
2014-06-23 (Version 2.6)	CAPEC Content Team	The MITRE Corporation
2014-06-23 (Version 2.6)
Modifications
Modification Date	Modifier	Organization
2022-09-29 (Version 3.8)	CAPEC Content Team	The MITRE Corporation
2022-09-29 (Version 3.8)	Updated Example_Instances

CAPEC-8: Buffer Overflow in an API Call

Attack Pattern ID: 8

Abstraction: Detailed

View customized information:

Description

This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An adversary who has knowledge of known vulnerable libraries or shared code can easily target software that makes use of these libraries. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.

Likelihood Of Attack

High

Typical Severity

High

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	100	Overflow Buffers
PeerOf	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	46	Overflow Variables and Tags
CanFollow	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	69	Target Programs with Elevated Privileges

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Software
Mechanisms of Attack	Manipulate Data Structures

Execution Flow

Explore

Identify target application: The adversary, with knowledge of vulnerable libraries or shared code modules, identifies a target application or program that makes use of these.

Experiment

Find injection vector: The adversary attempts to use the API, and if they can they send a large amount of data to see if the buffer overflow attack really does work.
Techniques
Provide large input to a program or application and observe the behavior. If there is a crash, this means that a buffer overflow attack is possible.

Craft overflow content: The adversary crafts the content to be injected based on their knowledge of the vulnerability and their desired outcome. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary will craft a set of content that not only overflows the targeted buffer but does so in such a way that the overwritten return address is replaced with one of the adversaries' choosing which points to code injected by the adversary.

Techniques
Create malicious shellcode that will execute when the program execution is returned to it.
Use a NOP-sled in the overflow content to more easily "slide" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs

Exploit

Overflow the buffer: Using the API as the injection vector, the adversary injects the crafted overflow content into the buffer.

Prerequisites

The target host exposes an API to the user.

One or more API functions exposed by the target host has a buffer overflow vulnerability.

Skills Required

[Level: Low]

An adversary can simply overflow a buffer by inserting a long string into an adversary-modifiable injection vector. The result can be a DoS.

[Level: High]

Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.

Consequences

Scope	Impact	Likelihood
Availability	Unreliable Execution
Confidentiality Integrity Availability	Execute Unauthorized Commands
Confidentiality	Read Data
Integrity	Modify Data

Mitigations

Use a language or compiler that performs automatic bounds checking.

Use secure functions not vulnerable to buffer overflow.

If you have to use dangerous functions, make sure that you do boundary checking.

Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.

Use OS-level preventative functionality. Not a complete solution.

Example Instances

Attack Example: Libc in FreeBSD

A buffer overflow in the FreeBSD utility setlocale (found in the libc module) puts many programs at risk all at once.

Xtlib

A buffer overflow in the Xt library of the X windowing system allows local users to execute commands with root privileges.

Related Weaknesses

CWE-ID	Weakness Name
120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
119	Improper Restriction of Operations within the Bounds of a Memory Buffer
118	Incorrect Access of Indexable Resource ('Range Error')
74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
20	Improper Input Validation
680	Integer Overflow to Buffer Overflow
733	Compiler Optimization Removal or Modification of Security-critical Code
697	Incorrect Comparison

References

[REF-1] G. Hoglund and G. McGraw. "Exploiting Software: How to Break Code". Addison-Wesley. 2004-02.

Content History

Submissions
Submission Date	Submitter	Organization
2014-06-23 (Version 2.6)	CAPEC Content Team	The MITRE Corporation
2014-06-23 (Version 2.6)
Modifications
Modification Date	Modifier	Organization
2018-07-31 (Version 2.12)	CAPEC Content Team	The MITRE Corporation
2018-07-31 (Version 2.12)	Updated References
2021-10-21 (Version 3.6)	CAPEC Content Team	The MITRE Corporation
2021-10-21 (Version 3.6)	Updated Description, Execution_Flow
2022-02-22 (Version 3.7)	CAPEC Content Team	The MITRE Corporation
2022-02-22 (Version 3.7)	Updated Skills_Required
2022-09-29 (Version 3.8)	CAPEC Content Team	The MITRE Corporation
2022-09-29 (Version 3.8)	Updated Example_Instances

CAPEC-9: Buffer Overflow in Local Command-Line Utilities

Attack Pattern ID: 9

Abstraction: Detailed

View customized information:

Description

This attack targets command-line utilities available in a number of shells. An adversary can leverage a vulnerability found in a command-line utility to escalate privilege to root.

Likelihood Of Attack

High

Typical Severity

High

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	100	Overflow Buffers
CanFollow	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	69	Target Programs with Elevated Privileges

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Software
Mechanisms of Attack	Manipulate Data Structures

Execution Flow

Explore

Identify target system: The adversary first finds a target system that they want to gain elevated priveleges on. This could be a system they already have some level of access to or a system that they will gain unauthorized access at a lower privelege using some other means.
Find injection vector: The adversary identifies command line utilities exposed by the target host that contain buffer overflow vulnerabilites. The adversary likely knows which utilities have these vulnerabilities and what the effected versions are, so they will also obtain version numbers for these utilities.

Experiment

Craft overflow command: Once the adversary has found a vulnerable utility, they will use their knownledge of the vulnerabilty to create the command that will exploit the buffer overflow.

Exploit

Overflow the buffer: Using the injection vector, the adversary executes the crafted command, gaining elevated priveleges on the machine.

Prerequisites

The target host exposes a command-line utility to the user.

The command-line utility exposed by the target host has a buffer overflow vulnerability that can be exploited.

Skills Required

[Level: Low]

An adversary can simply overflow a buffer by inserting a long string into an adversary-modifiable injection vector. The result can be a DoS.

[Level: High]

Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.

Consequences

Scope	Impact	Likelihood
Confidentiality Access Control Authorization	Gain Privileges
Confidentiality Integrity Availability	Execute Unauthorized Commands
Integrity	Modify Data
Availability	Unreliable Execution
Confidentiality	Read Data

Mitigations

Carefully review the service's implementation before making it available to user. For instance you can use manual or automated code review to uncover vulnerabilities such as buffer overflow.

Use a language or compiler that performs automatic bounds checking.

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.

Operational: Use OS-level preventative functionality. Not a complete solution.

Apply the latest patches to your user exposed services. This may not be a complete solution, especially against a zero day attack.

Do not unnecessarily expose services.

Example Instances

Attack Example: HPUX passwd

A buffer overflow in the HPUX passwd command allows local users to gain root privileges via a command-line option.

Attack Example: Solaris getopt

A buffer overflow in Solaris's getopt command (found in libc) allows local users to gain root privileges via a long argv[0].

Related Weaknesses

CWE-ID	Weakness Name
120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
118	Incorrect Access of Indexable Resource ('Range Error')
119	Improper Restriction of Operations within the Bounds of a Memory Buffer
74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
20	Improper Input Validation
680	Integer Overflow to Buffer Overflow
733	Compiler Optimization Removal or Modification of Security-critical Code
697	Incorrect Comparison

References

[REF-1] G. Hoglund and G. McGraw. "Exploiting Software: How to Break Code". Addison-Wesley. 2004-02.

Content History

Submissions
Submission Date	Submitter	Organization
2014-06-23 (Version 2.6)	CAPEC Content Team	The MITRE Corporation
2014-06-23 (Version 2.6)
Modifications
Modification Date	Modifier	Organization
2017-01-09 (Version 2.9)	CAPEC Content Team	The MITRE Corporation
2017-01-09 (Version 2.9)	Updated Related_Attack_Patterns
2018-07-31 (Version 2.12)	CAPEC Content Team	The MITRE Corporation
2018-07-31 (Version 2.12)	Updated References
2020-07-30 (Version 3.3)	CAPEC Content Team	The MITRE Corporation
2020-07-30 (Version 3.3)	Updated Execution_Flow
2021-10-21 (Version 3.6)	CAPEC Content Team	The MITRE Corporation
2021-10-21 (Version 3.6)	Updated Execution_Flow
2022-02-22 (Version 3.7)	CAPEC Content Team	The MITRE Corporation
2022-02-22 (Version 3.7)	Updated Description, Skills_Required
2022-09-29 (Version 3.8)	CAPEC Content Team	The MITRE Corporation
2022-09-29 (Version 3.8)	Updated Example_Instances

CAPEC-10: Buffer Overflow via Environment Variables

Attack Pattern ID: 10

Abstraction: Detailed

View customized information:

Description

This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the adversary finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.

Extended Description

Although the focus of this attack is putting excessive content into an environment variable that is loaded into a buffer, environment variables can be used to assist a classic buffer overflow attack as well. In the case where the buffer used in a traditional buffer overflow attack is not large enough to store the adversary's shell code, they will store the shell code in an environment variable and attempt to return to its address, rather than back into the data they wrote to the buffer.

Likelihood Of Attack

High

Typical Severity

High

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	100	Overflow Buffers
PeerOf	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	13	Subverting Environment Variable Values
PeerOf	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	46	Overflow Variables and Tags
CanFollow	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	69	Target Programs with Elevated Privileges

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Software
Mechanisms of Attack	Manipulate Data Structures

Execution Flow

Explore

Identify target application: The adversary identifies a target application or program to perform the buffer overflow on. In this attack the adversary looks for an application that loads the content of an environment variable into a buffer.

Experiment

Find injection vector: The adversary identifies an injection vector to deliver the excessive content to the targeted application's buffer.

Techniques
Change the values of environment variables thought to be used by the application to contain excessive data. If the program is loading the value of the environment variable into a buffer, this could cause a crash and an attack vector will be found.

Craft overflow content: The adversary crafts the content to be injected. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary crafts the payload in such a way that the overwritten return address is replaced with one of the adversary's choosing.

Techniques
Create malicious shellcode that will execute when the program execution is returned to it.
Use a NOP-sled in the overflow content to more easily "slide" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs

Exploit

Overflow the buffer: Using the injection vector, the adversary injects the crafted overflow content into the buffer.

Prerequisites

The application uses environment variables.

An environment variable exposed to the user is vulnerable to a buffer overflow.

The vulnerable environment variable uses untrusted data.

Tainted data used in the environment variables is not properly validated. For instance boundary checking is not done before copying the input data to a buffer.

Skills Required

[Level: Low]

An attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector. The result can be a DoS.

[Level: High]

Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.

Indicators

If the application does bound checking, it should fail when the data source is larger than the size of the destination buffer. If the application's code is well written, that failure should trigger an alert.

Consequences

Scope	Impact	Likelihood
Availability	Unreliable Execution
Confidentiality Integrity Availability	Execute Unauthorized Commands
Confidentiality	Read Data
Integrity	Modify Data
Confidentiality Access Control Authorization	Gain Privileges

Mitigations

Do not expose environment variable to the user.

Do not use untrusted data in your environment variables.

Use a language or compiler that performs automatic bounds checking

There are tools such as Sharefuzz [REF-2] which is an environment variable fuzzer for Unix that support loading a shared library. You can use Sharefuzz to determine if you are exposing an environment variable vulnerable to buffer overflow.

Example Instances

A buffer overflow in sccw allows local users to gain root access via the $HOME environmental variable. See also: CVE-1999-0906

A buffer overflow in the rlogin program involves its consumption of the $TERM environmental variable. See also: CVE-1999-0046

Related Weaknesses

CWE-ID	Weakness Name
120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
302	Authentication Bypass by Assumed-Immutable Data
118	Incorrect Access of Indexable Resource ('Range Error')
119	Improper Restriction of Operations within the Bounds of a Memory Buffer
74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
99	Improper Control of Resource Identifiers ('Resource Injection')
20	Improper Input Validation
680	Integer Overflow to Buffer Overflow
733	Compiler Optimization Removal or Modification of Security-critical Code
697	Incorrect Comparison

Taxonomy Mappings

Relevant to the OWASP taxonomy mapping

Entry Name
Buffer Overflow via Environment Variables

References

[REF-1] G. Hoglund and G. McGraw. "Exploiting Software: How to Break Code". Addison-Wesley. 2004-02.

[REF-2] "Sharefuzz". <http://sharefuzz.sourceforge.net>.

Content History

Submissions
Submission Date	Submitter	Organization
2014-06-23 (Version 2.6)	CAPEC Content Team	The MITRE Corporation
2014-06-23 (Version 2.6)
Modifications
Modification Date	Modifier	Organization
2017-01-09 (Version 2.9)	CAPEC Content Team	The MITRE Corporation
2017-01-09 (Version 2.9)	Updated Related_Attack_Patterns
2018-07-31 (Version 2.12)	CAPEC Content Team	The MITRE Corporation
2018-07-31 (Version 2.12)	Updated References
2020-07-30 (Version 3.3)	CAPEC Content Team	The MITRE Corporation
2020-07-30 (Version 3.3)	Updated Mitigations
2020-12-17 (Version 3.4)	CAPEC Content Team	The MITRE Corporation
2020-12-17 (Version 3.4)	Updated Taxonomy_Mappings
2021-10-21 (Version 3.6)	CAPEC Content Team	The MITRE Corporation
2021-10-21 (Version 3.6)	Updated Execution_Flow, Extended_Description
2022-02-22 (Version 3.7)	CAPEC Content Team	The MITRE Corporation
2022-02-22 (Version 3.7)	Updated Description
2022-09-29 (Version 3.8)	CAPEC Content Team	The MITRE Corporation
2022-09-29 (Version 3.8)	Updated Example_Instances

CAPEC-47: Buffer Overflow via Parameter Expansion

Attack Pattern ID: 47

Abstraction: Detailed

View customized information:

Description

In this attack, the target software is given input that the adversary knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.

Likelihood Of Attack

Medium

Typical Severity

High

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	100	Overflow Buffers

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Software
Mechanisms of Attack	Manipulate Data Structures

Execution Flow

Explore

Identify target application: The adversary identifies a target application or program to perform the buffer overflow on. Adversaries often look for applications that accept user input and that perform manual memory management.

Experiment

Find injection vector: The adversary identifies an injection vector to deliver the excessive content to the targeted application's buffer.

Techniques

In this attack, the normal method of providing large user input does not work. The program performs bounds checking on the user input, but not the expanded user input. The adversary needs to provide input that they believe will be expanded by the program to overflow a buffer. To identify where this is possible, an adversary either needs to have knowledge of the inner workings of the program or use a disassembler and other reverse engineering tools to guide the search.

Craft overflow content: The adversary crafts the input to be given to the program. If the intent is to simply cause the software to crash, the input needs only to expand to an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary will craft input that expands in a way that not only overflows the targeted buffer but does so in such a way that the overwritten return address is replaced with one of the adversaries' choosing which points to code injected by the adversary.
Techniques
Create specific files and directories on the system and then give input using path traversal shortcuts to those directories that could expand past an input buffer.

Exploit

Overflow the buffer: Using the injection vector, the adversary gives the crafted input to the program, overflowing the buffer.

Prerequisites

The program expands one of the parameters passed to a function with input controlled by the user, but a later function making use of the expanded parameter erroneously considers the original, not the expanded size of the parameter.

The expanded parameter is used in the context where buffer overflow may become possible due to the incorrect understanding of the parameter size (i.e. thinking that it is smaller than it really is).

Skills Required

[Level: High]

Finding this particular buffer overflow may not be trivial. Also, stack and especially heap based buffer overflows require a lot of knowledge if the intended goal is arbitrary code execution. Not only that the adversary needs to write the shell code to accomplish their goals, but the adversary also needs to find a way to get the program execution to jump to the planted shell code. There also needs to be sufficient room for the payload. So not every buffer overflow will be exploitable, even by a skilled adversary.

Resources Required

Access to the program source or binary. If the program is only available in binary then a disassembler and other reverse engineering tools will be helpful.

Consequences

Scope	Impact	Likelihood
Confidentiality Access Control Authorization	Gain Privileges
Availability	Unreliable Execution
Integrity	Modify Data
Confidentiality Integrity Availability	Execute Unauthorized Commands
Confidentiality	Read Data

Mitigations

Ensure that when parameter expansion happens in the code that the assumptions used to determine the resulting size of the parameter are accurate and that the new size of the parameter is visible to the whole system

Example Instances

Attack Example: FTP glob()

The glob() function in FTP servers has been susceptible to attack as a result of incorrect resizing. This is an ftpd glob() Expansion LIST Heap Overflow Vulnerability. ftp daemon contains a heap-based buffer overflow condition. The overflow occurs when the LIST command is issued with an argument that expands into an oversized string after being processed by glob().

This buffer overflow occurs in memory that is dynamically allocated. It may be possible for adversaries to exploit this vulnerability and execute arbitrary code on the affected host.

To exploit this, the adversary must be able to create directories on the target host.

The glob() function is used to expand short-hand notation into complete file names. By sending to the FTP server a request containing a tilde (~) and other wildcard characters in the pathname string, a remote adversary can overflow a buffer and execute arbitrary code on the FTP server to gain root privileges. Once the request is processed, the glob() function expands the user input, which could exceed the expected length. In order to exploit this vulnerability, the adversary must be able to create directories on the FTP server.

[REF-1]

CAPEC-45: Buffer Overflow via Symbolic Links

Attack Pattern ID: 45

Abstraction: Detailed

View customized information:

Description

This type of attack leverages the use of symbolic links to cause buffer overflows. An adversary can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.

Likelihood Of Attack

High

Typical Severity

High

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	100	Overflow Buffers

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Software
Mechanisms of Attack	Manipulate Data Structures

Execution Flow

Explore

Identify target application: The adversary identifies a target application or program that might load in certain files to memory.

Experiment

Find injection vector: The adversary identifies an injection vector to deliver the excessive content to the targeted application's buffer.

Techniques
The adversary creates or modifies a symbolic link pointing to those files which contain an excessive amount of data. If creating a symbolic link to one of those files causes different behavior in the application, then an injection vector has been identified.

Craft overflow file content: The adversary crafts the content to be injected. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary crafts the payload in such a way that the overwritten return address is replaced with one of the adversary's choosing.

Techniques
Create malicious shellcode that will execute when the program execution is returned to it.
Use a NOP-sled in the overflow content to more easily "slide" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs

Exploit

Overflow the buffer: Using the specially crafted file content, the adversary creates a symbolic link from the identified resource to the malicious file, causing a targeted buffer overflow attack.

Prerequisites

The adversary can create symbolic link on the target host.

The target host does not perform correct boundary checking while consuming data from a resources.

Skills Required

[Level: Low]

An adversary can simply overflow a buffer by inserting a long string into an adversary-modifiable injection vector. The result can be a DoS.

[Level: High]

Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.

Indicators

An adversary creating or modifying Symbolic links is a potential signal of attack in progress.

An adversary deleting temporary files can also be a sign that the adversary is trying to replace legitimate resources with malicious ones.

Consequences

Scope	Impact	Likelihood
Availability	Unreliable Execution
Confidentiality Integrity Availability	Execute Unauthorized Commands
Confidentiality	Read Data
Integrity	Modify Data

Mitigations

Pay attention to the fact that the resource you read from can be a replaced by a Symbolic link. You can do a Symlink check before reading the file and decide that this is not a legitimate way of accessing the resource.

Because Symlink can be modified by an adversary, make sure that the ones you read are located in protected directories.

Pay attention to the resource pointed to by your symlink links (See attack pattern named "Forced Symlink race"), they can be replaced by malicious resources.

Always check the size of the input data before copying to a buffer.

Use a language or compiler that performs automatic bounds checking.

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.

Use OS-level preventative functionality. Not a complete solution.

Example Instances

The EFTP server has a buffer overflow that can be exploited if an adversary uploads a .lnk (link) file that contains more than 1,744 bytes. This is a classic example of an indirect buffer overflow. First the adversary uploads some content (the link file) and then the adversary causes the client consuming the data to be exploited. In this example, the ls command is exploited to compromise the server software.

Related Weaknesses

CWE-ID	Weakness Name
120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
285	Improper Authorization
302	Authentication Bypass by Assumed-Immutable Data
118	Incorrect Access of Indexable Resource ('Range Error')
119	Improper Restriction of Operations within the Bounds of a Memory Buffer
74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
20	Improper Input Validation
680	Integer Overflow to Buffer Overflow
697	Incorrect Comparison

References

[REF-1] G. Hoglund and G. McGraw. "Exploiting Software: How to Break Code". Addison-Wesley. 2004-02.

Content History

Submissions
Submission Date	Submitter	Organization
2014-06-23 (Version 2.6)	CAPEC Content Team	The MITRE Corporation
2014-06-23 (Version 2.6)
Modifications
Modification Date	Modifier	Organization
2018-07-31 (Version 2.12)	CAPEC Content Team	The MITRE Corporation
2018-07-31 (Version 2.12)	Updated References
2021-10-21 (Version 3.6)	CAPEC Content Team	The MITRE Corporation
2021-10-21 (Version 3.6)	Updated Execution_Flow
2022-02-22 (Version 3.7)	CAPEC Content Team	The MITRE Corporation
2022-02-22 (Version 3.7)	Updated Description, Example_Instances, Indicators, Mitigations, Prerequisites, Skills_Required
2022-09-29 (Version 3.8)	CAPEC Content Team	The MITRE Corporation
2022-09-29 (Version 3.8)	Updated Example_Instances

CAPEC-402: Bypassing ATA Password Security

Attack Pattern ID: 402

Abstraction: Detailed

View customized information:

Description

An adversary exploits a weakness in ATA security on a drive to gain access to the information the drive contains without supplying the proper credentials. ATA Security is often employed to protect hard disk information from unauthorized access. The mechanism requires the user to type in a password before the BIOS is allowed access to drive contents. Some implementations of ATA security will accept the ATA command to update the password without the user having authenticated with the BIOS. This occurs because the security mechanism assumes the user has first authenticated via the BIOS prior to sending commands to the drive. Various methods exist for exploiting this flaw, the most common being installing the ATA protected drive into a system lacking ATA security features (a.k.a. hot swapping). Once the drive is installed into the new system the BIOS can be used to reset the drive password.

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	401	Physically Hacking Hardware

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Hardware, Supply Chain, Physical Security
Mechanisms of Attack	Manipulate System Resources
Supply Chain Risks	Sustainment

Prerequisites

Access to the system containing the ATA Drive so that the drive can be physically removed from the system.

Mitigations

Avoid using ATA password security when possible.

Use full disk encryption to protect the entire contents of the drive or sensitive partitions on the drive.

Leverage third-party utilities that interface with self-encrypting drives (SEDs) to provide authentication, while relying on the SED itself for data encryption.

Example Instances

The A-FF Repair Station tool is a data recovery utility that can be used for ATA password removal (both High and Maximum level) and firmware area recovery. An adversary with access to this tool could reset the ATA password to bypass this security feature and unlock the hard drive. The adversary could then obtain any data contained within the drive. [REF-702]

An adversary gains physical access to the targeted hard drive and installs it into a system that does not support ATA security features. Once the drive is installed in the feature-lacking system, the adversary is able to reset the hard drive password via the BIOS. As a result, the adversary is able to bypass ATA password security and access content on the drive.

Related Weaknesses

CWE-ID	Weakness Name
285	Improper Authorization

References

[REF-33] Stuart McClure, Joel Scambray and George Kurtz. "Hacking Exposed: Network Security Secrets & Solutions". Chapter 9: Hacking Hardware. 6th Edition. McGraw Hill. 2009.

[REF-701] Oliver Tennert. "Using the ATA security features of modern hard disks and SSDs". Admin Magazine. 2014. <https://www.admin-magazine.com/Archive/2014/19/Using-the-ATA-security-features-of-modern-hard-disks-and-SSDs>. URL validated: 2022-02-16.

[REF-702] "Breaking ATA Password Security". The University of Texas at Austin Information Security Office. <https://security.utexas.edu/education-outreach/BreakingATA>. URL validated: 2022-02-16.

Content History

Submissions
Submission Date	Submitter	Organization
2014-06-23 (Version 2.6)	CAPEC Content Team	The MITRE Corporation
2014-06-23 (Version 2.6)
Modifications
Modification Date	Modifier	Organization
2019-04-04 (Version 3.1)	CAPEC Content Team	The MITRE Corporation
2019-04-04 (Version 3.1)	Updated Related_Weaknesses
2022-02-22 (Version 3.7)	CAPEC Content Team	The MITRE Corporation
2022-02-22 (Version 3.7)	Updated Description, Example_Instances, Mitigations, References

CAPEC-568: Capture Credentials via Keylogger

Attack Pattern ID: 568

Abstraction: Detailed

View customized information:

Description

An adversary deploys a keylogger in an effort to obtain credentials directly from a system's user. After capturing all the keystrokes made by a user, the adversary can analyze the data and determine which string are likely to be passwords or other credential related information.

Typical Severity

High

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	569	Collect Data as Provided by Users
CanFollow	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	270	Modification of Registry Run Keys
CanPrecede	Meta Attack Pattern - A meta level attack pattern in CAPEC is a decidedly abstract characterization of a specific methodology or technique used in an attack. A meta attack pattern is often void of a specific technology or implementation and is meant to provide an understanding of a high level approach. A meta level attack pattern is a generalization of related group of standard level attack patterns. Meta level attack patterns are particularly useful for architecture and design level threat modeling exercises.	151	Identity Spoofing
CanPrecede	Meta Attack Pattern - A meta level attack pattern in CAPEC is a decidedly abstract characterization of a specific methodology or technique used in an attack. A meta attack pattern is often void of a specific technology or implementation and is meant to provide an understanding of a high level approach. A meta level attack pattern is a generalization of related group of standard level attack patterns. Meta level attack patterns are particularly useful for architecture and design level threat modeling exercises.	560	Use of Known Domain Credentials
CanPrecede	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	561	Windows Admin Shares with Stolen Credentials
CanPrecede	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	600	Credential Stuffing
CanPrecede	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	653	Use of Known Operating System Credentials

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Software
Mechanisms of Attack	Collect and Analyze Information

Execution Flow

Explore

Determine which user's credentials to capture: Since this is a more targeted attack, an adversary will first identify a particular user they wish the capture the credentials of.

Experiment

Deploy keylogger: Once a user is identified, an adversary will deploy a keylogger to the user's system in one of many ways.

Techniques
Send a phishing email with a malicious attachment that installs a keylogger on a user's system
Conceal a keylogger behind fake software and get the user to download the software
Get a user to click on a malicious URL that directs them to a webpage that will install a keylogger without their knowledge
Gain access to the user's system through a vulnerability and manually install a keylogger

Record keystrokes: Once the keylogger is deployed on the user's system, the adversary will record keystrokes over a period of time.

Analyze data and determine credentials: Using the captured keystrokes, the adversary will be able to determine the credentials of the user.

Techniques
Search for repeated sequences that are following by the enter key
Search for repeated sequences that are not found in a dictionary
Search for several backspaces in a row. This could indicate a mistyped password. The correct password can then be inferred using the whole key sequence

Exploit

Use found credentials: After the adversary has found the credentials for the target user, they will then use them to gain access to a system in order to perform some follow-up attack

Prerequisites

The ability to install the keylogger, either in person or remote.

Mitigations

Strong physical security can help reduce the ability of an adversary to install a keylogger.

Related Weaknesses

Some type of access control weakness (CWE-284 or its descendants) is related to this CAPEC, probably as a prerequisite.

Taxonomy Mappings

Relevant to the ATT&CK taxonomy mapping (also see parent)

Entry ID	Entry Name
1056.001	Input Capture:Keylogging

Content History

Submissions
Submission Date	Submitter	Organization
2015-11-09 (Version 2.7)	CAPEC Content Team	The MITRE Corporation
2015-11-09 (Version 2.7)
Modifications
Modification Date	Modifier	Organization
2018-07-31 (Version 2.12)	CAPEC Content Team	The MITRE Corporation
2018-07-31 (Version 2.12)	Updated References
2020-07-30 (Version 3.3)	CAPEC Content Team	The MITRE Corporation
2020-07-30 (Version 3.3)	Updated Related_Attack_Patterns, Taxonomy_Mappings
2020-12-17 (Version 3.4)	CAPEC Content Team	The MITRE Corporation
2020-12-17 (Version 3.4)	Updated Related_Attack_Patterns
2021-10-21 (Version 3.6)	CAPEC Content Team	The MITRE Corporation
2021-10-21 (Version 3.6)	Updated Execution_Flow

CAPEC-628: Carry-Off GPS Attack

Attack Pattern ID: 628

Abstraction: Detailed

View customized information:

Description

A common form of a GPS spoofing attack, commonly termed a carry-off attack begins with an adversary broadcasting signals synchronized with the genuine signals observed by the target receiver. The power of the counterfeit signals is then gradually increased and drawn away from the genuine signals. Over time, the adversary can carry the target away from their intended destination and toward a location chosen by the adversary.

Likelihood Of Attack

Low

Typical Severity

High

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	627	Counterfeit GPS Signals

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Communications
Mechanisms of Attack	Engage in Deceptive Interactions

Prerequisites

The target must be relying on valid GPS signal to perform critical operations.

Skills Required

[Level: High]

This attack requires advanced knoweldge in GPS technology.

Example Instances

A "proof-of-concept" attack was successfully performed in June, 2013, when the luxury yacht "White Rose" was misdirected with spoofed GPS signals from Monaco to the island of Rhodes by a group of aerospace engineering students from the Cockrell School of Engineering at the University of Texas in Austin. The students were aboard the yacht, allowing their spoofing equipment to gradually overpower the signal strengths of the actual GPS constellation satellites, altering the course of the yacht.

Related Weaknesses

Communications: CWE does not currently cover Communications in the way it is presented by CAPEC. Therefore, no mapping between the two corpuses can be made at this time.

References

[REF-489] "Wikipedia". GPS Spooking. The Wikimedia Foundation, Inc. <https://en.wikipedia.org/wiki/Spoofing_attack#GPS_Spoofing>.

Content History

Submissions
Submission Date	Submitter	Organization
2015-11-09 (Version 2.7)	CAPEC Content Team	The MITRE Corporation
2015-11-09 (Version 2.7)
Modifications
Modification Date	Modifier	Organization
2017-05-01 (Version 2.10)	CAPEC Content Team	The MITRE Corporation
2017-05-01 (Version 2.10)	Updated Attack_Prerequisites, Description Summary, Related_Attack_Patterns, Typical_Likelihood_of_Exploit, Typical_Severity
2018-07-31 (Version 2.12)	CAPEC Content Team	The MITRE Corporation
2018-07-31 (Version 2.12)	Updated Attack_Motivation-Consequences, Attacker_Skills_or_Knowledge_Required
2019-04-04 (Version 3.1)	CAPEC Content Team	The MITRE Corporation
2019-04-04 (Version 3.1)	Updated Related_Attack_Patterns

CAPEC-11: Cause Web Server Misclassification

Attack Pattern ID: 11

Abstraction: Detailed

View customized information:

Description

An attack of this type exploits a Web server's decision to take action based on filename or file extension. Because different file types are handled by different server processes, misclassification may force the Web server to take unexpected action, or expected actions in an unexpected sequence. This may cause the server to exhaust resources, supply debug or system data to the attacker, or bind an attacker to a remote process.

Extended Description

This type of vulnerability has been found in many widely used servers including IIS, Lotus Domino, and Orion. The attacker's job in this case is straightforward, standard communication protocols and methods are used and are generally appended with malicious information at the tail end of an otherwise legitimate request. The attack payload varies, but it could be special characters like a period or simply appending a tag that has a special meaning for operations on the server side like .jsp for a java application server. The essence of this attack is that the attacker deceives the server into executing functionality based on the name of the request, i.e. login.jsp, not the contents.

Likelihood Of Attack

Medium

Typical Severity

High

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	635	Alternative Execution Due to Deceptive Filenames

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Software
Mechanisms of Attack	Manipulate System Resources

Execution Flow

Explore

Footprint file input vectors: Manually or using an automated tool, an attacker searches for all input locations where a user has control over the filenames or MIME types of files submitted to the web server.

Techniques
Attacker manually crawls application to identify file inputs
Attacker uses an automated tool to crawl application identify file inputs
Attacker manually assesses strength of access control protecting native application files from user control
Attacker explores potential for submitting files directly to the web server via independently constructed HTTP Requests

Experiment

File misclassification shotgunning: An attacker makes changes to file extensions and MIME types typically processed by web servers and looks for abnormal behavior.

Techniques
Attacker submits files with switched extensions (e.g. .php on a .jsp file) to web server.
Attacker adds extra characters (e.g. adding an extra . after the file extension) to filenames of files submitted to web server.

File misclassification sniping: Understanding how certain file types are processed by web servers, an attacker crafts varying file payloads and modifies their file extension or MIME type to be that of the targeted type to see if the web server is vulnerable to misclassification of that type.

Techniques
Craft a malicious file payload, modify file extension to the targeted file type and submit it to the web server.
Craft a malicious file payload, modify its associated MIME type to the targeted file type and submit it to the web server.

Exploit

Disclose information: The attacker, by manipulating a file extension or MIME type is able to make the web server return raw information (not executed).
Techniques
Manipulate the file names that are explicitly sent to the server.
Manipulate the MIME sent in order to confuse the web server.

Prerequisites

Web server software must rely on file name or file extension for processing.

The attacker must be able to make HTTP requests to the web server.

Skills Required

[Level: Low]

To modify file name or file extension

[Level: Medium]

To use misclassification to force the Web server to disclose configuration information, source, or binary data

Resources Required

None: No specialized resources are required to execute this type of attack.

Consequences

Scope	Impact	Likelihood
Confidentiality	Read Data
Confidentiality Access Control Authorization	Gain Privileges

Mitigations

Implementation: Server routines should be determined by content not determined by filename or file extension.

Example Instances

J2EE application servers are supposed to execute Java Server Pages (JSP). There have been disclosure issues relating to Orion Application Server, where an attacker that appends either a period (.) or space characters to the end of a legitimate Http request, then the server displays the full source code in the attackers' web browser.

http://victim.site/login.jsp.

Since remote data and directory access may be accessed directly from the JSP, this is a potentially very serious issue.

[REF-6]

Related Weaknesses

CWE-ID	Weakness Name
430	Deployment of Wrong Handler

Taxonomy Mappings

Relevant to the ATT&CK taxonomy mapping (also see parent)

Entry ID	Entry Name
1036.006	Masquerading: Space after Filename

References

[REF-1] G. Hoglund and G. McGraw. "Exploiting Software: How to Break Code". Addison-Wesley. 2004-02.

[REF-6] "Orion Application Server JSP Source Disclosure Vulnerability (Bugtraq ID: 17204)". SecurityFocus. <http://www.securityfocus.com/bid/17204/info>.

Content History

Submissions
Submission Date	Submitter	Organization
2014-06-23 (Version 2.6)	CAPEC Content Team	The MITRE Corporation
2014-06-23 (Version 2.6)
Modifications
Modification Date	Modifier	Organization
2017-01-09 (Version 2.9)	CAPEC Content Team	The MITRE Corporation
2017-01-09 (Version 2.9)	Updated Related_Attack_Patterns
2017-08-04 (Version 2.11)	CAPEC Content Team	The MITRE Corporation
2017-08-04 (Version 2.11)	Updated Attack_Prerequisites, Resources_Required
2018-07-31 (Version 2.12)	CAPEC Content Team	The MITRE Corporation
2018-07-31 (Version 2.12)	Updated Related_Attack_Patterns, Related_Weaknesses
2019-04-04 (Version 3.1)	CAPEC Content Team	The MITRE Corporation
2019-04-04 (Version 3.1)	Updated Related_Weaknesses
2020-07-30 (Version 3.3)	CAPEC Content Team	The MITRE Corporation
2020-07-30 (Version 3.3)	Updated Example_Instances
2022-02-22 (Version 3.7)	CAPEC Content Team	The MITRE Corporation
2022-02-22 (Version 3.7)	Updated Description, Extended_Description
2022-09-29 (Version 3.8)	CAPEC Content Team	The MITRE Corporation
2022-09-29 (Version 3.8)	Updated Example_Instances, Taxonomy_Mappings

CAPEC-618: Cellular Broadcast Message Request

Attack Pattern ID: 618

Abstraction: Detailed

View customized information:

Description

In this attack scenario, the attacker uses knowledge of the target’s mobile phone number (i.e., the number associated with the SIM used in the retransmission device) to cause the cellular network to send broadcast messages to alert the mobile device. Since the network knows which cell tower the target’s mobile device is attached to, the broadcast messages are only sent in the Location Area Code (LAC) where the target is currently located. By triggering the cellular broadcast message and then listening for the presence or absence of that message, an attacker could verify that the target is in (or not in) a given location.

Typical Severity

Low

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	292	Host Discovery

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Software, Communications
Mechanisms of Attack	Collect and Analyze Information

Prerequisites

The attacker must have knowledge of the target’s mobile phone number.

Skills Required

[Level: Low]

Open source and commercial tools are available for this attack.

Consequences

Scope	Impact	Likelihood
Other	Other

Mitigations

Frequent changing of mobile number.

Related Weaknesses

CWE-ID	Weakness Name
201	Insertion of Sensitive Information Into Sent Data

Taxonomy Mappings

Relevant to the ATT&CK taxonomy mapping (see parent )

References

[REF-487] Denis Foo Kune, John Koelndorfer, Nicholas Hopper and Yongdae Kim. "Location Leaks on the GSM Air Interface". University of Minnesota. <https://www-users.cs.umn.edu/~hoppernj/celluloc.pdf>.

Content History

Submissions
Submission Date	Submitter	Organization
2015-11-09 (Version 2.7)	CAPEC Content Team	The MITRE Corporation
2015-11-09 (Version 2.7)
Modifications
Modification Date	Modifier	Organization
2018-07-31 (Version 2.12)	CAPEC Content Team	The MITRE Corporation
2018-07-31 (Version 2.12)	Updated Attack_Motivation-Consequences, Description Summary, References

CAPEC-605: Cellular Jamming

Attack Pattern ID: 605

Abstraction: Detailed

View customized information:

Description

In this attack scenario, the attacker actively transmits signals to overpower and disrupt the communication between a cellular user device and a cell tower. Several existing techniques are known in the open literature for this attack for 2G, 3G, and 4G LTE cellular technology. For example, some attacks target cell towers by overwhelming them with false status messages, while others introduce high levels of noise on signaling channels.

Typical Severity

Low

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	601	Jamming

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Communications
Mechanisms of Attack	Manipulate System Resources

Prerequisites

Lack of anti-jam features in cellular technology (2G, 3G, 4G, LTE)

Skills Required

[Level: Low]

This attack can be performed by low capability attackers with commercially available tools.

Consequences

Scope	Impact	Likelihood
Availability	Resource Consumption

Mitigations

Mitigating this attack requires countermeasures employed on both the retransmission device as well as on the cell tower. Therefore, any system that relies on existing commercial cell towards will likely be vulnerable to this attack. By using a private cellular LTE network (i.e., a custom cell tower), jamming countermeasures could be developed and employed.

Related Weaknesses

Communications: CWE does not currently cover Communications in the way it is presented by CAPEC. Therefore, no mapping between the two corpuses can be made at this time.

Content History

Submissions
Submission Date	Submitter	Organization
2015-11-09 (Version 2.7)	CAPEC Content Team	The MITRE Corporation
2015-11-09 (Version 2.7)
Modifications
Modification Date	Modifier	Organization
2018-07-31 (Version 2.12)	CAPEC Content Team	The MITRE Corporation
2018-07-31 (Version 2.12)	Updated Attack_Motivation-Consequences

CAPEC-617: Cellular Rogue Base Station

Attack Pattern ID: 617

Abstraction: Detailed

View customized information:

Description

In this attack scenario, the attacker imitates a cellular base station with their own "rogue" base station equipment. Since cellular devices connect to whatever station has the strongest signal, the attacker can easily convince a targeted cellular device (e.g. the retransmission device) to talk to the rogue base station.

Typical Severity

Low

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	616	Establish Rogue Location

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Hardware, Communications
Mechanisms of Attack	Engage in Deceptive Interactions

Prerequisites

None

Skills Required

[Level: Low]

This technique has been demonstrated by amateur hackers and commercial tools and open source projects are available to automate the attack.

Consequences

Scope	Impact	Likelihood
Confidentiality	Read Data

Mitigations

Passively monitor cellular network connection for real-time threat detection and logging for manual review.

Related Weaknesses

Communications: CWE does not currently cover Communications in the way it is presented by CAPEC. Therefore, no mapping between the two corpuses can be made at this time.

Taxonomy Mappings

Relevant to the ATT&CK taxonomy mapping (see parent )

Content History

Submissions
Submission Date	Submitter	Organization
2015-11-09 (Version 2.7)	CAPEC Content Team	The MITRE Corporation
2015-11-09 (Version 2.7)
Modifications
Modification Date	Modifier	Organization
2018-07-31 (Version 2.12)	CAPEC Content Team	The MITRE Corporation
2018-07-31 (Version 2.12)	Updated Attack_Motivation-Consequences
2019-09-30 (Version 3.2)	CAPEC Content Team	The MITRE Corporation
2019-09-30 (Version 3.2)	Updated Description, Related_Attack_Patterns
2020-07-30 (Version 3.3)	CAPEC Content Team	The MITRE Corporation
2020-07-30 (Version 3.3)	Updated Description
2022-09-29 (Version 3.8)	CAPEC Content Team	The MITRE Corporation
2022-09-29 (Version 3.8)	Updated Related_Attack_Patterns

CAPEC-609: Cellular Traffic Intercept

Attack Pattern ID: 609

Abstraction: Detailed

View customized information:

Description

Cellular traffic for voice and data from mobile devices and retransmission devices can be intercepted via numerous methods. Malicious actors can deploy their own cellular tower equipment and intercept cellular traffic surreptitiously. Additionally, government agencies of adversaries and malicious actors can intercept cellular traffic via the telecommunications backbone over which mobile traffic is transmitted.

Typical Severity

Low

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	157	Sniffing Attacks

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Communications
Mechanisms of Attack	Collect and Analyze Information

Prerequisites

None

Skills Required

[Level: Medium]

Adversaries can purchase hardware and software solutions, or create their own solutions, to capture/intercept cellular radio traffic. The cost of a basic Base Transceiver Station (BTS) to broadcast to local mobile cellular radios in mobile devices has dropped to very affordable costs. The ability of commercial cellular providers to monitor for "rogue" BTS stations is poor in many areas and it is assumed that "rogue" BTS stations exist in urban areas.

Consequences

Scope	Impact	Likelihood
Confidentiality	Read Data

Mitigations

Encryption of all data packets emanating from the smartphone to a retransmission device via two encrypted tunnels with Suite B cryptography, all the way to the VPN gateway at the datacenter.

Related Weaknesses

CWE-ID	Weakness Name
311	Missing Encryption of Sensitive Data

Taxonomy Mappings

Relevant to the ATT&CK taxonomy mapping

Entry ID	Entry Name
1111	Multi-Factor Authentication Interception

Content History

Submissions
Submission Date	Submitter	Organization
2015-11-09 (Version 2.7)	CAPEC Content Team	The MITRE Corporation
2015-11-09 (Version 2.7)
Modifications
Modification Date	Modifier	Organization
2015-12-07 (Version 2.8)	CAPEC Content Team	The MITRE Corporation
2015-12-07 (Version 2.8)	Updated Related_Attack_Patterns
2018-07-31 (Version 2.12)	CAPEC Content Team	The MITRE Corporation
2018-07-31 (Version 2.12)	Updated Attack_Motivation-Consequences
2019-04-04 (Version 3.1)	CAPEC Content Team	The MITRE Corporation
2019-04-04 (Version 3.1)	Updated Related_Weaknesses
2019-09-30 (Version 3.2)	CAPEC Content Team	The MITRE Corporation
2019-09-30 (Version 3.2)	Updated Related_Attack_Patterns, Skills_Required
2022-09-29 (Version 3.8)	CAPEC Content Team	The MITRE Corporation
2022-09-29 (Version 3.8)	Updated Taxonomy_Mappings

CAPEC-145: Checksum Spoofing

Attack Pattern ID: 145

Abstraction: Detailed

View customized information:

Description

An adversary spoofs a checksum message for the purpose of making a payload appear to have a valid corresponding checksum. Checksums are used to verify message integrity. They consist of some value based on the value of the message they are protecting. Hash codes are a common checksum mechanism. Both the sender and recipient are able to compute the checksum based on the contents of the message. If the message contents change between the sender and recipient, the sender and recipient will compute different checksum values. Since the sender's checksum value is transmitted with the message, the recipient would know that a modification occurred. In checksum spoofing an adversary modifies the message body and then modifies the corresponding checksum so that the recipient's checksum calculation will match the checksum (created by the adversary) in the message. This would prevent the recipient from realizing that a change occurred.

Typical Severity

Medium

Relationships

Nature	Type	ID	Name
ChildOf	Meta Attack Pattern - A meta level attack pattern in CAPEC is a decidedly abstract characterization of a specific methodology or technique used in an attack. A meta attack pattern is often void of a specific technology or implementation and is meant to provide an understanding of a high level approach. A meta level attack pattern is a generalization of related group of standard level attack patterns. Meta level attack patterns are particularly useful for architecture and design level threat modeling exercises.	148	Content Spoofing

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Software
Mechanisms of Attack	Engage in Deceptive Interactions

Prerequisites

The adversary must be able to intercept a message from the sender (keeping the recipient from getting it), modify it, and send the modified message to the recipient.

The sender and recipient must use a checksum to protect the integrity of their message and transmit this checksum in a manner where the adversary can intercept and modify it.

The checksum value must be computable using information known to the adversary. A cryptographic checksum, which uses a key known only to the sender and recipient, would thwart this attack.

Resources Required

The adversary must have a utility that can intercept and modify messages between the sender and recipient.

Related Weaknesses

CWE-ID	Weakness Name
354	Improper Validation of Integrity Check Value

Taxonomy Mappings

Relevant to the ATT&CK taxonomy mapping (see parent )

Content History

Submissions
Submission Date	Submitter	Organization
2014-06-23 (Version 2.6)	CAPEC Content Team	The MITRE Corporation
2014-06-23 (Version 2.6)
Modifications
Modification Date	Modifier	Organization
2017-08-04 (Version 2.11)	CAPEC Content Team	The MITRE Corporation
2017-08-04 (Version 2.11)	Updated Attack_Prerequisites, Description Summary, Resources_Required
2019-04-04 (Version 3.1)	CAPEC Content Team	The MITRE Corporation
2019-04-04 (Version 3.1)	Updated Related_Attack_Patterns, Related_Weaknesses

CAPEC-14: Client-side Injection-induced Buffer Overflow

Attack Pattern ID: 14

Abstraction: Detailed

View customized information:

Description

This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service. This hostile service is created to deliver the correct content to the client software. For example, if the client-side application is a browser, the service will host a webpage that the browser loads.

Likelihood Of Attack

Medium

Typical Severity

High

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	100	Overflow Buffers
CanFollow	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	13	Subverting Environment Variable Values

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Software
Mechanisms of Attack	Manipulate Data Structures

Execution Flow

Explore

Identify target client-side application: The adversary identifies a target client-side application to perform the buffer overflow on. The most common are browsers. If there is a known browser vulnerability an adversary could target that.

Experiment

Find injection vector: The adversary identifies an injection vector to deliver the excessive content to the targeted application's buffer.

Techniques
Many times client side applications will be open source, so an adversary can examine the source code to identify possible injection vectors.
Examine APIs of the client-side application and look for areas where a buffer overflow might be possible.

Create hostile service: The adversary creates a hostile service that will deliver content to the client-side application. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary crafts the payload in such a way that the overwritten return address is replaced with one of the adversary's choosing.

Techniques
If the client-side application is a browser, the adversary will create a service that delivers a malicious webpage to the browser.
Create malicious shellcode that will execute when the program execution is returned to it.
Use a NOP-sled in the overflow content to more easily "slide" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs

Exploit

Overflow the buffer: Using the injection vector, the adversary delivers the content to the client-side application using the hostile service and overflows the buffer.

Techniques
If the adversary is targeting a local client-side application, they just need to use the service themselves.
If the adversary is attempting to cause an overflow on an external user's client-side application, they must get the user to attach to their service by some other means. This could be getting a user to visit their hostile webpage to target a user's browser.

Prerequisites

The targeted client software communicates with an external server.

The targeted client software has a buffer overflow vulnerability.

Skills Required

[Level: Low]

To achieve a denial of service, an attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector.

[Level: High]

Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap requires a more in-depth knowledge and higher skill level.

Indicators

An example of indicator is when the client software crashes after executing code downloaded from a hostile server.

Consequences

Scope	Impact	Likelihood
Confidentiality	Read Data
Integrity	Modify Data
Availability	Resource Consumption
Confidentiality Integrity Availability	Execute Unauthorized Commands

Mitigations

The client software should not install untrusted code from a non-authenticated server.

The client software should have the latest patches and should be audited for vulnerabilities before being used to communicate with potentially hostile servers.

Perform input validation for length of buffer inputs.

Use a language or compiler that performs automatic bounds checking.

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.

Ensure all buffer uses are consistently bounds-checked.

Use OS-level preventative functionality. Not a complete solution.

Example Instances

Authors often use <EMBED> tags in HTML documents. For example

In Internet Explorer 4.0 an adversary attacker supplies an overly long path in the SRC= directive, the mshtml.dll component will suffer a buffer overflow. This is a standard example of content in a Web page being directed to exploit a faulty module in the system. There are potentially thousands of different ways data can propagate into a given system, thus these kinds of attacks will continue to be found in the wild.

Related Weaknesses

CWE-ID	Weakness Name
120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
353	Missing Support for Integrity Check
118	Incorrect Access of Indexable Resource ('Range Error')
119	Improper Restriction of Operations within the Bounds of a Memory Buffer
74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
20	Improper Input Validation
680	Integer Overflow to Buffer Overflow
697	Incorrect Comparison

References

[REF-1] G. Hoglund and G. McGraw. "Exploiting Software: How to Break Code". Addison-Wesley. 2004-02.

Content History

Submissions
Submission Date	Submitter	Organization
2014-06-23 (Version 2.6)	CAPEC Content Team	The MITRE Corporation
2014-06-23 (Version 2.6)
Modifications
Modification Date	Modifier	Organization
2017-01-09 (Version 2.9)	CAPEC Content Team	The MITRE Corporation
2017-01-09 (Version 2.9)	Updated Related_Attack_Patterns
2018-07-31 (Version 2.12)	CAPEC Content Team	The MITRE Corporation
2018-07-31 (Version 2.12)	Updated References
2020-07-30 (Version 3.3)	CAPEC Content Team	The MITRE Corporation
2020-07-30 (Version 3.3)	Updated Execution_Flow
2021-06-24 (Version 3.5)	CAPEC Content Team	The MITRE Corporation
2021-06-24 (Version 3.5)	Updated Related_Weaknesses
2021-10-21 (Version 3.6)	CAPEC Content Team	The MITRE Corporation
2021-10-21 (Version 3.6)	Updated Description, Execution_Flow
2022-09-29 (Version 3.8)	CAPEC Content Team	The MITRE Corporation
2022-09-29 (Version 3.8)	Updated Example_Instances

CAPEC-397: Cloning Magnetic Strip Cards

Attack Pattern ID: 397

Abstraction: Detailed

View customized information:

Description

An attacker duplicates the data on a Magnetic strip card (i.e. 'swipe card' or 'magstripe') to gain unauthorized access to a physical location or a person's private information. Magstripe cards encode data on a band of iron-based magnetic particles arrayed in a stripe along a rectangular card. Most magstripe card data formats conform to ISO standards 7810, 7811, 7813, 8583, and 4909. The primary advantage of magstripe technology is ease of encoding and portability, but this also renders magnetic strip cards susceptible to unauthorized duplication. If magstripe cards are used for access control, all an attacker need do is obtain a valid card long enough to make a copy of the card and then return the card to its location (i.e. a co-worker's desk). Magstripe reader/writers are widely available as well as software for analyzing data encoded on the cards. By swiping a valid card, it becomes trivial to make any number of duplicates that function as the original.

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	395	Bypassing Electronic Locks and Access Controls

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Physical Security
Mechanisms of Attack	Subvert Access Control

Related Weaknesses

Physical Security: The term "Physical Security" is used by both CAPEC and CWE, but has different definitions in each corpus. CAPEC uses this term to discuss physical access to buildings and/or specific rooms. In contrast, CWE typically uses this term to discuss physical access to hardware components. CWE does not cover "Physical Security" in the essence described by this CAPEC, so there is no mapping between to the two corpuses at this time.

References

[REF-33] Stuart McClure, Joel Scambray and George Kurtz. "Hacking Exposed: Network Security Secrets & Solutions". Chapter 9: Hacking Hardware. 6th Edition. McGraw Hill. 2009.

Content History

Submissions
Submission Date	Submitter	Organization
2014-06-23 (Version 2.6)	CAPEC Content Team	The MITRE Corporation
2014-06-23 (Version 2.6)
Modifications
Modification Date	Modifier	Organization
2019-09-30 (Version 3.2)	CAPEC Content Team	The MITRE Corporation
2019-09-30 (Version 3.2)	Updated @Abstraction, Related_Attack_Patterns

CAPEC-399: Cloning RFID Cards or Chips

Attack Pattern ID: 399

Abstraction: Detailed

View customized information:

Description

An attacker analyzes data returned by an RFID chip and uses this information to duplicate a RFID signal that responds identically to the target chip. In some cases RFID chips are used for building access control, employee identification, or as markers on products being delivered along a supply chain. Some organizations also embed RFID tags inside computer assets to trigger alarms if they are removed from particular rooms, zones, or buildings. Similar to Magnetic strip cards, RFID cards are susceptible to duplication (cloning) and reuse.

Extended Description

RFID (Radio Frequency Identification) are passive devices which consist of an integrated circuit for processing RF signals and an antenna. RFID devices are passive in that they lack an on on-board power source. The majority of RFID chips operate on either the 13.56 MHz or 135 KHz frequency. The chip is powered when a signal is received by the antenna on the chip, powering the chip long enough to send a reply message. An attacker is able to capture and analyze RFID data by either stimulating the chip to respond or being proximate to the chip when it sends a response to a remote transmitter. This allows the attacker to duplicate the signal and conduct attacks such as gaining unauthorized access to a building or impersonating a user's identification.

Relationships

Nature	Type	ID	Name
ChildOf	Standard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.	395	Bypassing Electronic Locks and Access Controls

This table shows the views that this attack pattern belongs to and top level categories within that view.

View Name	Top Level Categories
Domains of Attack	Physical Security
Mechanisms of Attack	Subvert Access Control

Related Weaknesses

References

[REF-33] Stuart McClure, Joel Scambray and George Kurtz. "Hacking Exposed: Network Security Secrets & Solutions". Chapter 9: Hacking Hardware. 6th Edition. McGraw Hill. 2009.

Content History

Submissions
Submission Date	Submitter	Organization
2014-06-23 (Version 2.6)	CAPEC Content Team	The MITRE Corporation
2014-06-23 (Version 2.6)
Modifications
Modification Date	Modifier	Organization
2019-09-30 (Version 3.2)	CAPEC Content Team	The MITRE Corporation
2019-09-30 (Version 3.2)	Updated @Abstraction, Related_Attack_Patterns
2022-02-22 (Version 3.7)	CAPEC Content Team	The MITRE Corporation
2022-02-22 (Version 3.7)	Updated Description, Extended_Description

CAPEC-637: Collect Data from Clipboard

Attack Pattern ID: 637

Abstraction: Detailed

View customized information:

Description

The adversary exploits an application that allows for the copying of sensitive data or information by collecting information copied to the clipboard. Data copied to the clipboard can be accessed by other applications, such as malware built to exfiltrate or log clipboard contents on a periodic basis. In this way, the adversary aims to garner information to which they are unauthorized.

Likelihood Of Attack

Low

Typical Severity

Low

Relationships

This table shows the other attack patterns and high level

Common Attack Pattern Enumeration and Classification

CAPEC VIEW: Detailed Abstractions

CAPEC-597: Absolute Path Traversal

CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies

CAPEC-563: Add Malicious File to Shared Webroot

CAPEC-649: Adding a Space to a File Extension

CAPEC-85: AJAX Footprinting

CAPEC-638: Altered Component Firmware

CAPEC-532: Altered Installed BIOS

CAPEC-621: Analysis of Packet Timing and Sizes

CAPEC-501: Android Activity Hijack

CAPEC-388: Application API Button Hijacking

CAPEC-539: ASIC With Malicious Functionality

CAPEC-655: Avoid Security Tool Identification by Adding Data

CAPEC-584: BGP Route Disabling

CAPEC-611: BitSquatting

CAPEC-7: Blind SQL Injection

CAPEC-96: Block Access to Libraries

CAPEC-5: Blue Boxing

CAPEC-667: Bluetooth Impersonation AttackS (BIAS)

CAPEC-472: Browser Fingerprinting

CAPEC-8: Buffer Overflow in an API Call

CAPEC-9: Buffer Overflow in Local Command-Line Utilities

CAPEC-10: Buffer Overflow via Environment Variables

CAPEC-47: Buffer Overflow via Parameter Expansion

CAPEC-45: Buffer Overflow via Symbolic Links

CAPEC-402: Bypassing ATA Password Security

CAPEC-568: Capture Credentials via Keylogger

CAPEC-628: Carry-Off GPS Attack

CAPEC-11: Cause Web Server Misclassification

CAPEC-618: Cellular Broadcast Message Request

CAPEC-605: Cellular Jamming

CAPEC-617: Cellular Rogue Base Station

CAPEC-609: Cellular Traffic Intercept

CAPEC-145: Checksum Spoofing

CAPEC-14: Client-side Injection-induced Buffer Overflow

CAPEC-397: Cloning Magnetic Strip Cards

CAPEC-399: Cloning RFID Cards or Chips

CAPEC-637: Collect Data from Clipboard