CAPEC攻击模式浏览

Common Attack Pattern Enumeration and Classification（通用攻击模式枚举与分类）- 常见攻击模式的综合字典和分类

总攻击模式数

615

分类数

78

视图数

13

列表视图树型视图

CAPEC攻击模式树型结构

CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs Standard

CAPEC-58 Restful Privilege Elevation Detailed

CAPEC-679 Exploitation of Improperly Configured or Implemented Memory Protections Detailed

CAPEC-680 Exploitation of Improperly Controlled Registers Detailed

CAPEC-681 Exploitation of Improperly Controlled Hardware Security Identifiers Detailed

CAPEC-100 Overflow Buffers Standard

CAPEC-10 Buffer Overflow via Environment Variables Detailed

CAPEC-14 Client-side Injection-induced Buffer Overflow Detailed

CAPEC-24 Filter Failure through Buffer Overflow Detailed

CAPEC-256 SOAP Array Overflow Detailed

CAPEC-42 MIME Conversion Detailed

CAPEC-44 Overflow Binary Resource File Detailed

CAPEC-45 Buffer Overflow via Symbolic Links Detailed

CAPEC-46 Overflow Variables and Tags Detailed

CAPEC-47 Buffer Overflow via Parameter Expansion Detailed

CAPEC-67 String Format Overflow in syslog() Detailed

CAPEC-8 Buffer Overflow in an API Call Detailed

CAPEC-9 Buffer Overflow in Local Command-Line Utilities Detailed

CAPEC-103 Clickjacking Standard

CAPEC-181 Flash File Overlay Detailed

CAPEC-222 iFrame Overlay Detailed

CAPEC-587 Cross Frame Scripting (XFS) Detailed

CAPEC-104 Cross Zone Scripting Standard

CAPEC-106 DEPRECATED: XSS through Log Files Detailed

CAPEC-111 JSON Hijacking (aka JavaScript Hijacking) Standard

CAPEC-112 Brute Force Meta

CAPEC-20 Encryption Brute Forcing Standard

CAPEC-49 Password Brute Forcing Standard

CAPEC-16 Dictionary-based Password Attack Detailed

CAPEC-55 Rainbow Table Password Cracking Detailed

CAPEC-565 Password Spraying Detailed

CAPEC-70 Try Common or Default Usernames and Passwords Detailed

CAPEC-113 Interface Manipulation Meta

CAPEC-121 Exploit Non-Production Interfaces Standard

CAPEC-661 Root/Jailbreak Detection Evasion via Debugging Detailed

CAPEC-133 Try All Common Switches Standard

CAPEC-160 Exploit Script-Based APIs Standard

CAPEC-36 Using Unpublished Interfaces or Functionality Standard

CAPEC-114 Authentication Abuse Meta

CAPEC-90 Reflection Attack in Authentication Protocol Standard

CAPEC-115 Authentication Bypass Meta

CAPEC-461 Web Services API Signature Forgery Leveraging Hash Function Extension Weakness Standard

CAPEC-480 Escaping Virtualization Standard

CAPEC-237 Escaping a Sandbox by Calling Code in Another Language Detailed

CAPEC-664 Server Side Request Forgery Standard

CAPEC-668 Key Negotiation of Bluetooth Attack (KNOB) Standard

CAPEC-87 Forceful Browsing Standard

CAPEC-116 Excavation Meta

CAPEC-150 Collect Data from Common Resource Locations Standard

CAPEC-143 Detect Unpublicized Web Pages Detailed

CAPEC-144 Detect Unpublicized Web Services Detailed

CAPEC-155 Screen Temporary Files for Sensitive Information Detailed

CAPEC-406 Dumpster Diving Detailed

CAPEC-637 Collect Data from Clipboard Detailed

CAPEC-647 Collect Data from Registries Detailed

CAPEC-648 Collect Data from Screen Capture Detailed

CAPEC-54 Query System for Information Standard

CAPEC-127 Directory Indexing Detailed

CAPEC-215 Fuzzing for application mapping Detailed

CAPEC-261 Fuzzing for garnering other adjacent user/sensitive data Detailed

CAPEC-462 Cross-Domain Search Timing Detailed

CAPEC-95 WSDL Scanning Detailed

CAPEC-545 Pull Data from System Resources Standard

CAPEC-498 Probe iOS Screenshots Detailed

CAPEC-546 Incomplete Data Deletion in a Multi-Tenant Environment Detailed

CAPEC-634 Probe Audio and Video Peripherals Detailed

CAPEC-639 Probe System Files Detailed

CAPEC-569 Collect Data as Provided by Users Standard

CAPEC-568 Capture Credentials via Keylogger Detailed

CAPEC-675 Retrieve Data from Decommissioned Devices Standard

CAPEC-117 Interception Meta

CAPEC-157 Sniffing Attacks Standard

CAPEC-158 Sniffing Network Traffic Detailed

CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies Detailed

CAPEC-57 Utilizing REST's Trust in the System Resource to Obtain Sensitive Data Detailed

CAPEC-609 Cellular Traffic Intercept Detailed

CAPEC-65 Sniff Application Code Detailed

CAPEC-499 Android Intent Intercept Standard

CAPEC-501 Android Activity Hijack Detailed

CAPEC-651 Eavesdropping Standard

CAPEC-508 Shoulder Surfing Detailed

CAPEC-699 Eavesdropping on a Monitor Meta

CAPEC-12 Choosing Message Identifier Standard

CAPEC-122 Privilege Abuse Meta

CAPEC-17 Using Malicious Files Standard

CAPEC-177 Create files with the same name as files protected with a higher classification Detailed

CAPEC-263 Force Use of Corrupted Files Detailed

CAPEC-562 Modify Shared File Detailed

CAPEC-563 Add Malicious File to Shared Webroot Detailed

CAPEC-642 Replace Binaries Detailed

CAPEC-650 Upload a Web Shell to a Web Server Detailed

CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels Standard

CAPEC-702 Exploiting Incorrect Chaining or Granularity of Hardware Debug Components Detailed

CAPEC-201 Serialized Data External Linking Detailed

CAPEC-503 WebView Exposure Standard

CAPEC-123 Buffer Manipulation Meta

CAPEC-540 Overread Buffers Standard

CAPEC-124 Shared Resource Manipulation Meta

CAPEC-125 Flooding Meta

CAPEC-482 TCP Flood Standard

CAPEC-486 UDP Flood Standard

CAPEC-487 ICMP Flood Standard

CAPEC-488 HTTP Flood Standard

CAPEC-489 SSL Flood Standard

CAPEC-490 Amplification Standard

CAPEC-528 XML Flood Standard

CAPEC-147 XML Ping of the Death Detailed

CAPEC-666 BlueSmacking Standard

CAPEC-126 Path Traversal Standard

CAPEC-139 Relative Path Traversal Detailed

CAPEC-597 Absolute Path Traversal Detailed

CAPEC-76 Manipulating Web Input to File System Calls Detailed

CAPEC-128 Integer Attacks Standard

CAPEC-92 Forced Integer Overflow Detailed

CAPEC-129 Pointer Manipulation Meta

CAPEC-130 Excessive Allocation Meta

CAPEC-230 Serialized Data with Nested Payloads Standard

CAPEC-197 Exponential Data Expansion Detailed

CAPEC-491 Quadratic Data Expansion Detailed

CAPEC-231 Oversized Serialized Data Payloads Standard

CAPEC-221 Data Serialization External Entities Blowup Detailed

CAPEC-229 Serialized Data Parameter Blowup Detailed

CAPEC-492 Regular Expression Exponential Blowup Standard

CAPEC-493 SOAP Array Blowup Standard

CAPEC-494 TCP Fragmentation Standard

CAPEC-495 UDP Fragmentation Standard

CAPEC-496 ICMP Fragmentation Standard

CAPEC-131 Resource Leak Exposure Meta

CAPEC-134 Email Injection Standard

CAPEC-41 Using Meta-characters in E-mail Headers to Inject Malicious Payloads Detailed

CAPEC-135 Format String Injection Standard

CAPEC-136 LDAP Injection Standard

CAPEC-137 Parameter Injection Meta

CAPEC-138 Reflection Injection Standard

CAPEC-15 Command Delimiters Standard

CAPEC-460 HTTP Parameter Pollution (HPP) Detailed

CAPEC-182 Flash Injection Standard

CAPEC-174 Flash Parameter Injection Detailed

CAPEC-178 Cross-Site Flashing Detailed

CAPEC-6 Argument Injection Standard

CAPEC-140 Bypassing of Intermediate Forms in Multiple-Form Sets Standard

CAPEC-141 Cache Poisoning Standard

CAPEC-142 DNS Cache Poisoning Detailed

CAPEC-148 Content Spoofing Meta

CAPEC-145 Checksum Spoofing Detailed

CAPEC-218 Spoofing of UDDI/ebXML Messages Detailed

CAPEC-502 Intent Spoof Standard

CAPEC-627 Counterfeit GPS Signals Standard

CAPEC-628 Carry-Off GPS Attack Detailed

CAPEC-151 Identity Spoofing Meta

CAPEC-194 Fake the Source of Data Standard

CAPEC-275 DNS Rebinding Detailed

CAPEC-543 Counterfeit Websites Detailed

CAPEC-544 Counterfeit Organizations Detailed

CAPEC-598 DNS Spoofing Detailed

CAPEC-633 Token Impersonation Detailed

CAPEC-697 DHCP Spoofing Standard

CAPEC-195 Principal Spoof Standard

CAPEC-599 Terrestrial Jamming Detailed

CAPEC-473 Signature Spoof Standard

CAPEC-459 Creating a Rogue Certification Authority Certificate Detailed

CAPEC-474 Signature Spoofing by Key Theft Detailed

CAPEC-475 Signature Spoofing by Improper Validation Detailed

CAPEC-476 Signature Spoofing by Misrepresentation Detailed

CAPEC-477 Signature Spoofing by Mixing Signed and Unsigned Content Detailed

CAPEC-479 Malicious Root Certificate Detailed

CAPEC-485 Signature Spoofing by Key Recreation Detailed

CAPEC-89 Pharming Standard

CAPEC-98 Phishing Standard

CAPEC-163 Spear Phishing Detailed

CAPEC-164 Mobile Phishing Detailed

CAPEC-656 Voice Phishing Detailed

CAPEC-153 Input Data Manipulation Meta

CAPEC-267 Leverage Alternate Encoding Standard

CAPEC-120 Double Encoding Detailed

CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters Detailed

CAPEC-4 Using Alternative IP Address Encodings Detailed

CAPEC-43 Exploiting Multiple Input Interpretation Layers Detailed

CAPEC-52 Embedding NULL Bytes Detailed

CAPEC-53 Postfix, Null Terminate, and Backslash Detailed

CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic Detailed

CAPEC-71 Using Unicode Encoding to Bypass Validation Logic Detailed

CAPEC-72 URL Encoding Detailed

CAPEC-78 Using Escaped Slashes in Alternate Encoding Detailed

CAPEC-79 Using Slashes in Alternate Encoding Detailed

CAPEC-80 Using UTF-8 Encoding to Bypass Validation Logic Detailed

CAPEC-154 Resource Location Spoofing Meta

CAPEC-159 Redirect Access to Libraries Standard

CAPEC-132 Symlink Attack Detailed

CAPEC-38 Leveraging/Manipulating Configuration File Search Paths Detailed

CAPEC-471 Search Order Hijacking Detailed

CAPEC-641 DLL Side-Loading Detailed

CAPEC-616 Establish Rogue Location Standard

CAPEC-505 Scheme Squatting Detailed

CAPEC-611 BitSquatting Detailed

CAPEC-615 Evil Twin Wi-Fi Attack Detailed

CAPEC-617 Cellular Rogue Base Station Detailed

CAPEC-630 TypoSquatting Detailed

CAPEC-631 SoundSquatting Detailed

CAPEC-632 Homograph Attack via Homoglyphs Detailed

CAPEC-667 Bluetooth Impersonation AttackS (BIAS) Detailed

CAPEC-695 Repo Jacking Detailed

CAPEC-161 Infrastructure Manipulation Meta

CAPEC-166 Force the System to Reset Values Standard

CAPEC-268 Audit Log Manipulation Standard

CAPEC-81 Web Server Logs Tampering Detailed

CAPEC-93 Log Injection-Tampering-Forging Detailed

CAPEC-481 Contradictory Destinations in Traffic Routing Schemes Standard

CAPEC-571 Block Logging to Central Repository Standard

CAPEC-700 Network Boundary Bridging Standard

CAPEC-165 File Manipulation Meta

CAPEC-572 Artificially Inflate File Sizes Standard

CAPEC-655 Avoid Security Tool Identification by Adding Data Detailed

CAPEC-635 Alternative Execution Due to Deceptive Filenames Standard

CAPEC-11 Cause Web Server Misclassification Detailed

CAPEC-649 Adding a Space to a File Extension Detailed

CAPEC-636 Hiding Malicious Data or Code within Files Standard

CAPEC-168 Windows ::DATA Alternate Data Stream Detailed

CAPEC-35 Leverage Executable Code in Non-Executable Files Detailed

CAPEC-73 User-Controlled Filename Standard

CAPEC-167 White Box Reverse Engineering Standard

CAPEC-190 Reverse Engineer an Executable to Expose Assumed Hidden Functionality Detailed

CAPEC-191 Read Sensitive Constants Within an Executable Detailed

CAPEC-204 Lifting Sensitive Data Embedded in Cache Detailed

CAPEC-37 Retrieve Embedded Sensitive Data Detailed

CAPEC-169 Footprinting Meta

CAPEC-292 Host Discovery Standard

CAPEC-285 ICMP Echo Request Ping Detailed

CAPEC-294 ICMP Address Mask Request Detailed

CAPEC-295 Timestamp Request Detailed

CAPEC-296 ICMP Information Request Detailed

CAPEC-297 TCP ACK Ping Detailed

CAPEC-298 UDP Ping Detailed

CAPEC-299 TCP SYN Ping Detailed

CAPEC-612 WiFi MAC Address Tracking Detailed

CAPEC-613 WiFi SSID Tracking Detailed

CAPEC-618 Cellular Broadcast Message Request Detailed

CAPEC-619 Signal Strength Tracking Detailed

CAPEC-300 Port Scanning Standard

CAPEC-287 TCP SYN Scan Detailed

CAPEC-301 TCP Connect Scan Detailed

CAPEC-302 TCP FIN Scan Detailed

CAPEC-303 TCP Xmas Scan Detailed

CAPEC-304 TCP Null Scan Detailed

CAPEC-305 TCP ACK Scan Detailed

CAPEC-306 TCP Window Scan Detailed

CAPEC-307 TCP RPC Scan Detailed

CAPEC-308 UDP Scan Detailed

CAPEC-309 Network Topology Mapping Standard

CAPEC-290 Enumerate Mail Exchange (MX) Records Detailed

CAPEC-291 DNS Zone Transfers Detailed

CAPEC-293 Traceroute Route Enumeration Detailed

CAPEC-643 Identify Shared Files/Directories on System Detailed

CAPEC-497 File Discovery Standard

CAPEC-149 Explore for Predictable Temporary File Names Detailed

CAPEC-529 Malware-Directed Internal Reconnaissance Standard

CAPEC-573 Process Footprinting Standard

CAPEC-574 Services Footprinting Standard

CAPEC-575 Account Footprinting Standard

CAPEC-576 Group Permission Footprinting Standard

CAPEC-577 Owner Footprinting Standard

CAPEC-580 System Footprinting Standard

CAPEC-581 Security Software Footprinting Detailed

CAPEC-85 AJAX Footprinting Detailed

CAPEC-646 Peripheral Footprinting Standard

CAPEC-694 System Location Discovery Standard

CAPEC-171 DEPRECATED: Variable Manipulation Meta

CAPEC-173 Action Spoofing Meta

CAPEC-504 Task Impersonation Standard

CAPEC-654 Credential Prompt Impersonation Detailed

CAPEC-506 Tapjacking Standard

CAPEC-175 Code Inclusion Meta

CAPEC-251 Local Code Inclusion Standard

CAPEC-252 PHP Local File Inclusion Detailed

CAPEC-640 Inclusion of Code in Existing Process Detailed

CAPEC-660 Root/Jailbreak Detection Evasion via Hooking Detailed

CAPEC-253 Remote Code Inclusion Standard

CAPEC-101 Server Side Include (SSI) Injection Detailed

CAPEC-193 PHP Remote File Inclusion Detailed

CAPEC-500 WebView Injection Detailed

CAPEC-176 Configuration/Environment Manipulation Meta

CAPEC-203 Manipulate Registry Information Standard

CAPEC-270 Modification of Registry Run Keys Detailed

CAPEC-478 Modification of Windows Service Configuration Detailed

CAPEC-51 Poison Web Service Registry Detailed

CAPEC-271 Schema Poisoning Standard

CAPEC-146 XML Schema Poisoning Detailed

CAPEC-536 Data Injected During Configuration Standard

CAPEC-578 Disable Security Software Standard

CAPEC-75 Manipulating Writeable Configuration Files Standard

CAPEC-179 Calling Micro-Services Directly Standard

CAPEC-183 IMAP/SMTP Command Injection Standard

CAPEC-184 Software Integrity Attack Meta

CAPEC-185 Malicious Software Download Standard

CAPEC-186 Malicious Software Update Standard

CAPEC-187 Malicious Automated Software Update via Redirection Detailed

CAPEC-533 Malicious Manual Software Update Detailed

CAPEC-614 Rooting SIM Cards Detailed

CAPEC-657 Malicious Automated Software Update via Spoofing Detailed

CAPEC-663 Exploitation of Transient Instruction Execution Standard

CAPEC-696 Load Value Injection Detailed

CAPEC-669 Alteration of a Software Update Standard

CAPEC-188 Reverse Engineering Meta

CAPEC-189 Black Box Reverse Engineering Standard

CAPEC-621 Analysis of Packet Timing and Sizes Detailed

CAPEC-622 Electromagnetic Side-Channel Attack Detailed

CAPEC-623 Compromising Emanations Attack Detailed

CAPEC-19 Embedding Scripts within Scripts Standard

CAPEC-192 Protocol Analysis Meta

CAPEC-97 Cryptanalysis Standard

CAPEC-463 Padding Oracle Crypto Attack Detailed

CAPEC-608 Cryptanalysis of Cellular Encryption Detailed

CAPEC-196 Session Credential Falsification through Forging Standard

CAPEC-226 Session Credential Falsification through Manipulation Detailed

CAPEC-59 Session Credential Falsification through Prediction Detailed

CAPEC-2 Inducing Account Lockout Standard

CAPEC-202 Create Malicious Client Standard

CAPEC-205 DEPRECATED: Lifting credential(s)/key material embedded in client distributions (thick or thin) Detailed

CAPEC-207 Removing Important Client Functionality Standard

CAPEC-200 Removal of filters: Input filters, output filters, data masking Detailed

CAPEC-208 Removing/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements Detailed

CAPEC-21 Exploitation of Trusted Identifiers Meta

CAPEC-510 SaaS User Request Forgery Standard

CAPEC-593 Session Hijacking Standard

CAPEC-102 Session Sidejacking Detailed

CAPEC-107 Cross Site Tracing Detailed

CAPEC-60 Reusing Session IDs (aka Session Replay) Detailed

CAPEC-61 Session Fixation Detailed

CAPEC-62 Cross Site Request Forgery Standard

CAPEC-467 Cross Site Identification Detailed

CAPEC-211 DEPRECATED: Leveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change application behavior Detailed

CAPEC-212 Functionality Misuse Meta

CAPEC-48 Passing Local Filenames to Functions That Expect a URL Standard

CAPEC-50 Password Recovery Exploitation Standard

CAPEC-620 Drop Encryption Level Standard

CAPEC-606 Weakening of Cellular Encryption Detailed

CAPEC-682 Exploitation of Firmware or ROM Code with Unpatchable Vulnerabilities Standard

CAPEC-213 DEPRECATED: Directory Traversal Standard

CAPEC-214 DEPRECATED: Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping Detailed

CAPEC-216 Communication Channel Manipulation Meta

CAPEC-217 Exploiting Incorrectly Configured SSL/TLS Standard

CAPEC-219 XML Routing Detour Attacks Standard

CAPEC-22 Exploiting Trust in Client Meta

CAPEC-39 Manipulating Opaque Client-based Data Tokens Standard

CAPEC-77 Manipulating User-Controlled Variables Standard

CAPEC-13 Subverting Environment Variable Values Detailed

CAPEC-162 Manipulating Hidden Fields Detailed

CAPEC-220 Client-Server Protocol Manipulation Standard

CAPEC-105 HTTP Request Splitting Detailed

CAPEC-273 HTTP Response Smuggling Detailed

CAPEC-274 HTTP Verb Tampering Detailed

CAPEC-33 HTTP Request Smuggling Detailed

CAPEC-34 HTTP Response Splitting Detailed

CAPEC-5 Blue Boxing Detailed

CAPEC-224 Fingerprinting Meta

CAPEC-312 Active OS Fingerprinting Standard

CAPEC-317 IP ID Sequencing Probe Detailed

CAPEC-318 IP 'ID' Echoed Byte-Order Probe Detailed

CAPEC-319 IP (DF) 'Don't Fragment Bit' Echoing Probe Detailed

CAPEC-320 TCP Timestamp Probe Detailed

CAPEC-321 TCP Sequence Number Probe Detailed

CAPEC-322 TCP (ISN) Greatest Common Divisor Probe Detailed

CAPEC-323 TCP (ISN) Counter Rate Probe Detailed

CAPEC-324 TCP (ISN) Sequence Predictability Probe Detailed

CAPEC-325 TCP Congestion Control Flag (ECN) Probe Detailed

CAPEC-326 TCP Initial Window Size Probe Detailed

CAPEC-327 TCP Options Probe Detailed

CAPEC-328 TCP 'RST' Flag Checksum Probe Detailed

CAPEC-329 ICMP Error Message Quoting Probe Detailed

CAPEC-330 ICMP Error Message Echoing Integrity Probe Detailed

CAPEC-331 ICMP IP Total Length Field Probe Detailed

CAPEC-332 ICMP IP 'ID' Field Error Message Probe Detailed

CAPEC-313 Passive OS Fingerprinting Standard

CAPEC-541 Application Fingerprinting Standard

CAPEC-170 Web Application Fingerprinting Detailed

CAPEC-310 Scanning for Vulnerable Software Detailed

CAPEC-472 Browser Fingerprinting Detailed

CAPEC-227 Sustained Client Engagement Meta

CAPEC-469 HTTP DoS Standard

CAPEC-23 File Content Injection Standard

CAPEC-233 Privilege Escalation Meta

CAPEC-234 Hijacking a privileged process Standard

CAPEC-30 Hijacking a Privileged Thread of Execution Standard

CAPEC-68 Subvert Code-signing Facilities Standard

CAPEC-69 Target Programs with Elevated Privileges Standard

CAPEC-235 DEPRECATED: Implementing a callback to system routine (old AWT Queue) Detailed

CAPEC-236 DEPRECATED: Catching exception throw/signal from privileged block Detailed

CAPEC-238 DEPRECATED: Using URL/codebase / G.A.C. (code source) to convince sandbox of privilege Detailed

CAPEC-239 DEPRECATED: Subversion of Authorization Checks: Cache Filtering, Programmatic Security, etc. Detailed

CAPEC-240 Resource Injection Meta

CAPEC-610 Cellular Data Injection Standard

CAPEC-241 DEPRECATED: Code Injection Meta

CAPEC-242 Code Injection Meta

CAPEC-468 Generic Cross-Browser Cross-Domain Theft Standard

CAPEC-63 Cross-Site Scripting (XSS) Standard

CAPEC-588 DOM-Based XSS Detailed

CAPEC-18 XSS Targeting Non-Script Elements Detailed

CAPEC-198 XSS Targeting Error Pages Detailed

CAPEC-199 XSS Using Alternate Syntax Detailed

CAPEC-243 XSS Targeting HTML Attributes Detailed

CAPEC-244 XSS Targeting URI Placeholders Detailed

CAPEC-245 XSS Using Doubled Characters Detailed

CAPEC-247 XSS Using Invalid Characters Detailed

CAPEC-32 XSS Through HTTP Query Strings Detailed

CAPEC-86 XSS Through HTTP Headers Detailed

CAPEC-591 Reflected XSS Detailed

CAPEC-592 Stored XSS Detailed

CAPEC-209 XSS Using MIME Type Mismatch Detailed

CAPEC-246 DEPRECATED: XSS Using Flash Detailed

CAPEC-248 Command Injection Meta

CAPEC-250 XML Injection Standard

CAPEC-228 DTD Injection Detailed

CAPEC-83 XPath Injection Detailed

CAPEC-84 XQuery Injection Detailed

CAPEC-40 Manipulating Writeable Terminal Devices Standard

CAPEC-66 SQL Injection Standard

CAPEC-108 Command Line Execution through SQL Injection Detailed

CAPEC-109 Object Relational Mapping Injection Detailed

CAPEC-110 SQL Injection through SOAP Parameter Tampering Detailed

CAPEC-470 Expanding Control over the Operating System from the Database Detailed

CAPEC-7 Blind SQL Injection Detailed

CAPEC-676 NoSQL Injection Standard

CAPEC-88 OS Command Injection Standard

CAPEC-249 DEPRECATED: Linux Terminal Injection Standard

CAPEC-25 Forced Deadlock Meta

CAPEC-254 DEPRECATED: DTD Injection in a SOAP Message Detailed

CAPEC-257 DEPRECATED: Abuse of Transaction Data Structure Meta

CAPEC-258 DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update Detailed

CAPEC-259 DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching Standard

CAPEC-26 Leveraging Race Conditions Meta

CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions Standard

CAPEC-27 Leveraging Race Conditions via Symbolic Links Detailed

CAPEC-260 DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution Detailed

CAPEC-264 DEPRECATED: Environment Variable Manipulation Meta

CAPEC-265 DEPRECATED: Global variable manipulation Meta

CAPEC-266 DEPRECATED: Manipulate Canonicalization Meta

CAPEC-269 DEPRECATED: Registry Manipulation Meta

CAPEC-272 Protocol Manipulation Meta

CAPEC-276 Inter-component Protocol Manipulation Standard

CAPEC-665 Exploitation of Thunderbolt Protection Flaws Detailed

CAPEC-277 Data Interchange Protocol Manipulation Standard

CAPEC-278 Web Services Protocol Manipulation Standard

CAPEC-279 SOAP Manipulation Detailed

CAPEC-28 Fuzzing Meta

CAPEC-280 DEPRECATED: SOAP Parameter Tampering Detailed

CAPEC-288 DEPRECATED: ICMP Echo Request Ping Meta

CAPEC-289 DEPRECATED: Infrastructure-based footprinting Meta

CAPEC-311 DEPRECATED: OS Fingerprinting Standard

CAPEC-314 DEPRECATED: IP Fingerprinting Probes Standard

CAPEC-315 DEPRECATED: TCP/IP Fingerprinting Probes Standard

CAPEC-316 DEPRECATED: ICMP Fingerprinting Probes Standard

CAPEC-384 Application API Message Manipulation via Man-in-the-Middle Standard

CAPEC-385 Transaction or Event Tampering via Application API Manipulation Detailed

CAPEC-389 Content Spoofing Via Application API Manipulation Detailed

CAPEC-386 Application API Navigation Remapping Standard

CAPEC-387 Navigation Remapping To Propagate Malicious Content Detailed

CAPEC-388 Application API Button Hijacking Detailed

CAPEC-390 Bypassing Physical Security Meta

CAPEC-391 Bypassing Physical Locks Standard

CAPEC-392 Lock Bumping Detailed

CAPEC-393 Lock Picking Detailed

CAPEC-394 Using a Snap Gun Lock to Force a Lock Detailed

CAPEC-395 Bypassing Electronic Locks and Access Controls Standard

CAPEC-397 Cloning Magnetic Strip Cards Detailed

CAPEC-398 Magnetic Strip Card Brute Force Attacks Detailed

CAPEC-399 Cloning RFID Cards or Chips Detailed

CAPEC-400 RFID Chip Deactivation or Destruction Detailed

CAPEC-626 Smudge Attack Detailed

CAPEC-396 DEPRECATED: Bypassing Card or Badge-Based Systems Standard

CAPEC-401 Physically Hacking Hardware Standard

CAPEC-402 Bypassing ATA Password Security Detailed

CAPEC-404 DEPRECATED: Social Information Gathering Attacks Meta

CAPEC-405 DEPRECATED: Social Information Gathering via Research Meta

CAPEC-407 Pretexting Standard

CAPEC-383 Harvesting Information via API Event Monitoring Detailed

CAPEC-412 Pretexting via Customer Service Detailed

CAPEC-413 Pretexting via Tech Support Detailed

CAPEC-414 Pretexting via Delivery Person Detailed

CAPEC-415 Pretexting via Phone Detailed

CAPEC-408 DEPRECATED: Information Gathering from Traditional Sources Meta

CAPEC-409 DEPRECATED: Information Gathering from Non-Traditional Sources Meta

CAPEC-410 Information Elicitation Meta

CAPEC-411 DEPRECATED: Pretexting Meta

CAPEC-416 Manipulate Human Behavior Meta

CAPEC-417 Influence Perception Standard

CAPEC-418 Influence Perception of Reciprocation Detailed

CAPEC-420 Influence Perception of Scarcity Detailed

CAPEC-421 Influence Perception of Authority Detailed

CAPEC-422 Influence Perception of Commitment and Consistency Detailed

CAPEC-423 Influence Perception of Liking Detailed

CAPEC-424 Influence Perception of Consensus or Social Proof Detailed

CAPEC-425 Target Influence via Framing Standard

CAPEC-426 Influence via Incentives Standard

CAPEC-427 Influence via Psychological Principles Standard

CAPEC-428 Influence via Modes of Thinking Detailed

CAPEC-429 Target Influence via Eye Cues Detailed

CAPEC-433 Target Influence via The Human Buffer Overflow Detailed

CAPEC-434 Target Influence via Interview and Interrogation Detailed

CAPEC-435 Target Influence via Instant Rapport Detailed

CAPEC-419 DEPRECATED: Target Influence via Perception of Concession Meta

CAPEC-430 DEPRECATED: Target Influence via Micro-Expressions Detailed

CAPEC-431 DEPRECATED: Target Influence via Neuro-Linguistic Programming (NLP) Detailed

CAPEC-432 DEPRECATED: Target Influence via Voice in NLP Detailed

CAPEC-438 Modification During Manufacture Meta

CAPEC-444 Development Alteration Standard

CAPEC-206 Signing Malicious Code Detailed

CAPEC-443 Malicious Logic Inserted Into Product by Authorized Developer Detailed

CAPEC-445 Malicious Logic Insertion into Product Software via Configuration Management Manipulation Detailed

CAPEC-446 Malicious Logic Insertion into Product via Inclusion of Third-Party Component Detailed

CAPEC-511 Infiltration of Software Development Environment Detailed

CAPEC-516 Hardware Component Substitution During Baselining Detailed

CAPEC-520 Counterfeit Hardware Component Inserted During Product Assembly Detailed

CAPEC-532 Altered Installed BIOS Detailed

CAPEC-537 Infiltration of Hardware Development Environment Detailed

CAPEC-538 Open-Source Library Manipulation Detailed

CAPEC-539 ASIC With Malicious Functionality Detailed

CAPEC-670 Software Development Tools Maliciously Altered Detailed

CAPEC-672 Malicious Code Implanted During Chip Programming Detailed

CAPEC-673 Developer Signing Maliciously Altered Software Detailed

CAPEC-678 System Build Data Maliciously Altered Detailed

CAPEC-447 Design Alteration Standard

CAPEC-517 Documentation Alteration to Circumvent Dial-down Detailed

CAPEC-518 Documentation Alteration to Produce Under-performing Systems Detailed

CAPEC-519 Documentation Alteration to Cause Errors in System Design Detailed

CAPEC-521 Hardware Design Specifications Are Altered Detailed

CAPEC-671 Requirements for ASIC Functionality Maliciously Altered Detailed

CAPEC-674 Design for FPGA Maliciously Altered Detailed

CAPEC-439 Manipulation During Distribution Meta

CAPEC-522 Malicious Hardware Component Replacement Standard

CAPEC-523 Malicious Software Implanted Standard

CAPEC-524 Rogue Integration Procedures Standard

CAPEC-440 Hardware Integrity Attack Meta

CAPEC-534 Malicious Hardware Update Standard

CAPEC-531 Hardware Component Substitution Detailed

CAPEC-530 Provide Counterfeit Component Detailed

CAPEC-535 Malicious Gray Market Hardware Detailed

CAPEC-677 Server Motherboard Compromise Detailed

CAPEC-441 Malicious Logic Insertion Meta

CAPEC-442 Infected Software Standard

CAPEC-448 Embed Virus into DLL Detailed

CAPEC-452 Infected Hardware Standard

CAPEC-638 Altered Component Firmware Detailed

CAPEC-456 Infected Memory Standard

CAPEC-457 USB Memory Attacks Detailed

CAPEC-458 Flash Memory Attacks Detailed

CAPEC-449 DEPRECATED: Malware Propagation via USB Stick Detailed

CAPEC-450 DEPRECATED: Malware Propagation via USB U3 Autorun Standard

CAPEC-451 DEPRECATED: Malware Propagation via Infected Peripheral Device Detailed

CAPEC-453 DEPRECATED: Malicious Logic Insertion via Counterfeit Hardware Standard

CAPEC-454 DEPRECATED: Modification of Existing Components with Counterfeit Hardware Detailed

CAPEC-455 DEPRECATED: Malicious Logic Insertion via Inclusion of Counterfeit Hardware Components Detailed

CAPEC-464 Evercookie Standard

CAPEC-465 Transparent Proxy Abuse Standard

CAPEC-466 Leveraging Active Adversary in the Middle Attacks to Bypass Same Origin Policy Standard

CAPEC-484 DEPRECATED: XML Client-Side Attack Standard

CAPEC-507 Physical Theft Meta

CAPEC-542 Targeted Malware Standard

CAPEC-550 Install New Service Detailed

CAPEC-551 Modify Existing Service Detailed

CAPEC-552 Install Rootkit Detailed

CAPEC-556 Replace File Extension Handlers Detailed

CAPEC-558 Replace Trusted Executable Detailed

CAPEC-564 Run Software at Logon Detailed

CAPEC-579 Replace Winlogon Helper DLL Detailed

CAPEC-698 Install Malicious Extension Detailed

CAPEC-547 Physical Destruction of Device or Component Standard

CAPEC-548 Contaminate Resource Meta

CAPEC-549 Local Execution of Code Meta

CAPEC-554 Functionality Bypass Meta

CAPEC-555 Remote Services with Stolen Credentials Standard

CAPEC-557 DEPRECATED: Schedule Software To Run Detailed

CAPEC-56 DEPRECATED: Removing/short-circuiting 'guard logic' Standard

CAPEC-560 Use of Known Domain Credentials Meta

CAPEC-600 Credential Stuffing Standard

CAPEC-652 Use of Known Kerberos Credentials Standard

CAPEC-509 Kerberoasting Detailed

CAPEC-645 Use of Captured Tickets (Pass The Ticket) Detailed

CAPEC-653 Use of Known Operating System Credentials Standard

CAPEC-561 Windows Admin Shares with Stolen Credentials Detailed

CAPEC-644 Use of Captured Hashes (Pass The Hash) Detailed

CAPEC-566 DEPRECATED: Dump Password Hashes Detailed

CAPEC-567 DEPRECATED: Obtain Data via Utilities Standard

CAPEC-570 DEPRECATED: Signature-Based Avoidance Detailed

CAPEC-582 Route Disabling Standard

CAPEC-583 Disabling Network Hardware Detailed

CAPEC-584 BGP Route Disabling Detailed

CAPEC-585 DNS Domain Seizure Detailed

CAPEC-586 Object Injection Meta

CAPEC-594 Traffic Injection Meta

CAPEC-595 Connection Reset Standard

CAPEC-596 TCP RST Injection Detailed

CAPEC-601 Jamming Standard

CAPEC-559 Orbital Jamming Detailed

CAPEC-604 Wi-Fi Jamming Detailed

CAPEC-605 Cellular Jamming Detailed

CAPEC-602 DEPRECATED: Degradation Meta

CAPEC-603 Blockage Standard

CAPEC-589 DNS Blocking Detailed

CAPEC-590 IP Address Blocking Detailed

CAPEC-96 Block Access to Libraries Detailed

CAPEC-607 Obstruction Meta

CAPEC-624 Hardware Fault Injection Meta

CAPEC-625 Mobile Device Fault Injection Standard

CAPEC-629 DEPRECATED: Unauthorized Use of Device Resources Standard

CAPEC-662 Adversary in the Browser (AiTB) Standard

CAPEC-690 Metadata Spoofing Meta

CAPEC-691 Spoof Open-Source Software Metadata Standard

CAPEC-692 Spoof Version Control System Commit Metadata Detailed

CAPEC-693 StarJacking Detailed

CAPEC-701 Browser in the Middle (BiTM) Standard

CAPEC-74 Manipulating State Meta

CAPEC-82 DEPRECATED: Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS)) Standard

CAPEC-91 DEPRECATED: XSS in IMG Tags Detailed

CAPEC-94 Adversary in the Middle (AiTM) Meta

CAPEC-99 DEPRECATED: XML Parser Attack Standard