1. CAPEC-129: Pointer Manipulation
  2. CAPEC-212: Functionality Misuse
    1. CAPEC-48: Passing Local Filenames to Functions That Expect a URL
    2. CAPEC-111: JSON Hijacking (aka JavaScript Hijacking)
    3. CAPEC-620: Drop Encryption Level
      1. CAPEC-606: Weakening of Cellular Encryption
  3. CAPEC-216: Communication Channel Manipulation
    1. CAPEC-12: Choosing Message Identifier
    2. CAPEC-217: Exploiting Incorrectly Configured SSL
  4. CAPEC-554: Functionality Bypass
    1. CAPEC-179: Calling Micro-Services Directly
    2. CAPEC-464: Evercookie
    3. CAPEC-465: Transparent Proxy Abuse
  5. CAPEC-117: Interception
    1. CAPEC-157: Sniffing Attacks
      1. CAPEC-57: Utilising REST's Trust in the System Resources to Obtain Sensitive Data
      2. CAPEC-65: Sniff Application Code
      3. CAPEC-158: Sniffing Network Traffic
      4. CAPEC-609: Cellular Traffic Intercept
    2. CAPEC-499: Android Intent Intercept
      1. CAPEC-501: Android Activity Hijack
    3. CAPEC-651: Eavesdropping
      1. CAPEC-508: Shoulder Surfing
      2. CAPEC-634: Probe Audio and Video Peripherals
  6. CAPEC-116: Excavation
    1. CAPEC-54: Query System for Information
      1. CAPEC-127: Directory Indexing
      2. CAPEC-95: WSDL Scanning
      3. CAPEC-215: Fuzzing for Application Mapping
      4. CAPEC-261: Fuzzing for Garnering Other Adjacent user/sensitive data
      5. CAPEC-462: Cross-Domain Search Timing
    2. CAPEC:150: Collect Data From Common Resource Locations
      1. CAPEC-143: Detect Unpublicised Web Pages
      2. CAPEC-144: Detect Unpublicised Web Services
      3. CAPEC-155: Screen Temporary Files for Sensitive Information
      4. CAPEC-406: Dumpster Diving
      5. CAPEC-637: Collect Data from Clipboard
      6. CAPEC-647: Collect Data from Registries
      7. CAPEC-648: Collect Data from Screen Capture
    3. CAPEC-545: Pull Data From System Resources
      1. CAPEC-498: Probe iOS Screenshots
      2. CAPEC-546: Incomplete Data Deletion in a Multi-Tenant Environment
      3. CAPEC-634: Probe Audio and Video Peripherals
      4. CAPEC-639: Probe System Files
    4. CAPEC-569: Collect Data as Provided by Users
      1. CAPEC-568: Capture Credentials via Keylogger
    5. CAPEC-675: Retrieve Data from Decommissioned Devices
  7. CAPEC-169: Footprinting
    1. CAPEC-292: Host Discovery
      1. CAPEC-285: ICMP Echo Request Ping
      2. CAPEC-294: ICMP Address Mask Request
      3. CAPEC-295: Timestamp Request
      4. CAPEC-296: ICMP Information Request
      5. CAPEC-297: TCP ACK Ping
      6. CAPEC-298: UDP Ping
      7. CAPEC-299: TCP SYN Ping
      8. CAPEC-612: WiFi MAC Address Tracking
      9. CAPEC-613: WiFi SSID Tracking
      10. CAPEC-618: Cellular Broadcast Message Request
      11. CAPEC-619: Signal Strength Tracking
    2. CAPEC-300: Port Scanning
      1. CAPEC-287: TCP SYN Scan
      2. CAPEC-301: TCP Connect Scan
      3. CAPEC-302: TCP FIN Scan
      4. CAPEC-303: TCP Xmas Scan
      5. CAPEC-304: TCP Null Scan
      6. CAPEC-305: TCP ACK Scan
      7. CAPEC-306: TCP Window Scan
      8. CAPEC-307: TCP RPC Scan
      9. CAPEC-308: UDP Scan
    3. CAPEC-309: Network Topology Mapping
      1. CAPEC-290: Enumerate Mail Exchange Records
      2. CAPEC-291: DNS Zone Transfers
      3. CAPEC-293: Traceroute Route Enumeration
      4. CAPEC-643: Identify Shared Files/Directories on System
    4. CAPEC-497: File Discovery
      1. CAPEC-149: Explore for Predictable Temporary File Names
    5. CAPEC-529: Malware-Directed Internal Reconnaissance
    6. CAPEC-573: Process Footprinting
    7. CAPEC-574: Services Footprinting
    8. CAPEC-575: Account Footprinting
    9. CAPEC-576: Group Permission Footprinting
    10. CAPEC-577: Owner Footprinting
    11. CAPEC-580: System Footprinting
      1. CAPEC-85: AJAX Footprinting
      2. CAPEC-581: Security Software Footprinting
    12. CAPEC-646: Peripheral Footprinting
  8. CAPEC-224: Fingerprinting
    1. CAPEC-312: Active OS Fingerprinting
      1. CAPEC-317: IP ID Sequencing Probe
      2. CAPEC-318: IP 'ID' Echoed Byte-Order Probe
      3. CAPEC-319: IP (DF) 'Don't Fragment Bit' Echoing Probe
      4. CAPEC-320: TCP Timestamp Probe
      5. CAPEC-321: TCP Sequence Number Probe
      6. CAPEC-322: TCP (ISN) Greatest Common Divisor Probe
      7. CAPEC-323: TCP (ISN) Counter Rate Probe
      8. CAPEC-324: TCP (ISN) Sequence Predictability Probe
      9. CAPEC-325: TCP Congestion Control Flag (ECN) Probe
      10. CAPEC-326: TCP Initial Window Size Probe
      11. CAPEC-327: TCP Options Probe
      12. CAPEC-328: TCP 'RST' Flag Checksum Probe
      13. CAPEC-329: ICMP Error Message Quoting Probe
      14. CAPEC-330: ICMP Error Message Echoing Integrity Probe
      15. CAPEC-331: ICMP IP Total Length Field Probe
      16. CAPEC-332: ICMP IP 'ID' Field Error Message Probe
    2. CAPEC-313: Passive OS Fingerprinting
    3. CAPEC-541: Application Fingerprinting
      1. CAPEC-170: Web Application Fingerprinting
      2. CAPEC-310: Scanning for Vulnerable Software
      3. CAPEC-472: Browser Fingerprinting
  9. CAPEC-11: Cause Web Server Misclassification
  10. CAPEC-192: Protocol Analysis
    1. CAPEC-97: Cryptanalysis
      1. CAPEC-463: Padding Oracle Crypto Attack
      2. CAPEC-608: Cryptanalysis of Cellular Encryption
  11. CAPEC-188: Reverse Engineering
    1. CAPEC-167: White Box Reverse Engineering
      1. CAPEC-37: Retrieve Embedded Sensitive Information
      2. CAPEC-190: Reverse Engineer an Executable to Expose Assumed Hidden Functionality
      3. CAPEC-191: Read Sensitive Constants Within an Executable
      4. CAPEC-204: Lifting Sensitive Data Embedded in Cache
    2. CAPEC-189: Black Box Reverse Engineering
      1. CAPEC-621: Analysis of Packet Timing and Sizes
      2. CAPEC-622: Electromagnetic Side-Channel Attack
      3. CAPEC-623: Compromising Emanations Attack
  12. CAPEC-410: Information Elicitation
    1. CAPEC-407: Pretexting
      1. CAPEC-383: Harvesting Information via API Event Monitoring
      2. CAPEC-412: Pretexting via Customer Service
      3. CAPEC-413: Pretexting via Tech Support
      4. CAPEC-414: Pretexting via Delivery Person
      5. CAPEC-415: Pretexting via Phone
  13. This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License. Brett Crawley
  14. LICENSE The MITRE Corporation (MITRE) hereby grants you a non-exclusive, royalty-free license to use Common Attack Pattern Enumeration and Classification (CAPEC™) for research, development, and commercial purposes. Any copy you make for such purposes is authorized provided that you reproduce MITRE’s copyright designation and this license in any such copy. DISCLAIMERS ALL DOCUMENTS AND THE INFORMATION CONTAINED THEREIN ARE PROVIDED ON AN "AS IS" BASIS AND THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS, AGENTS, AND EMPLOYEES, DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION THEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.