elevation-of-privilege

CAPEC-5: Blue Boxing
CAPEC-21: Exploitation of Trusted Identifiers
1. CAPEC-196: Session Credential Falsification through Forging
  1. CAPEC-226: Session Credential Falsification through Manipulation
  2. CAPEC-59: Session Credential Falsification through Prediction
2. CAPEC-510: SaaS User Request Forgery
3. CAPEC-593: Session Hijacking
  1. CAPEC-102: Session Sidejacking
  2. CAPEC-107: Cross Site Tracing
  3. CAPEC-60: Reusing Session IDs (aka Session Replay)
  4. CAPEC-61: Session Fixation
4. CAPEC-62: Cross Site Request Forgery
  1. CAPEC-467: Cross Site Identification
CAPEC-114: Authentication Abuse
1. CAPEC-629: Unauthorized Use of Device Resources
2. CAPEC-90: Reflection Attack in Authentication Protocol
CAPEC-115: Authentication Bypass
1. CAPEC-461: Web Services API Signature Forgery Leveraging Hash Function Extension Weakness
2. CAPEC-480: Escaping Virtualization
  1. CAPEC-237: Escaping a Sandbox by Calling Code in Another Language
3. CAPEC-664: Server Side Request Forgery
4. CAPEC-668: Key Negotiation of Bluetooth Attack (KNOB)
5. CAPEC-87: Forceful Browsing
CAPEC-22: Exploiting Trust in Client
1. CAPEC-202: Create Malicious Client
2. CAPEC-207: Removing Important Client Functionality
  1. CAPEC-200: Removal of filters: Input filters, output filters, data masking
  2. CAPEC-208: Removing/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements
3. CAPEC-39: Manipulating Opaque Client-based Data Tokens
  1. CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies
4. CAPEC-77: Manipulating User-Controlled Variables
  1. CAPEC-13: Subverting Environment Variable Values
  2. CAPEC-162: Manipulating Hidden Fields
CAPEC-94: Adversary in the Middle (AiTM)
1. CAPEC-219: XML Routing Detour Attacks
2. CAPEC-384: Application API Message Manipulation via Man-in-the-Middle
  1. CAPEC-385: Transaction or Event Tampering via Application API Manipulation
  2. CAPEC-389: Content Spoofing Via Application API Manipulation
3. CAPEC-386: Application API Navigation Remapping
  1. CAPEC-387: Navigation Remapping To Propagate Malicious Content
  2. CAPEC-388: Application API Button Hijacking
4. CAPEC-466: Leveraging Active Adversary in the Middle Attacks to Bypass Same Origin Policy
5. CAPEC-662: Adversary in the Browser (AiTB)
CAPEC-122: Privilege Abuse
1. CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
  1. CAPEC-58: Restful Privilege Elevation
  2. CAPEC-679: Exploitation of Improperly Configured or Implemented Memory Protections
  3. CAPEC-680: Exploitation of Improperly Controlled Registers
  4. CAPEC-681: Exploitation of Improperly Controlled Hardware Security Identifiers
  5. CAPEC-36: Using Unpublished Interfaces
  6. CAPEC-121: Exploit Non-Production Interfaces
    1. CAPEC-661: Root/Jailbreak Detection Evasion via Debugging
2. CAPEC-17: Using Malicious Files
  1. CAPEC-177: Create files with the same name as files protected with a higher classification
  2. CAPEC-263: Force Use of Corrupted Files
  3. CAPEC-562: Modify Shared File
  4. CAPEC-563: Add Malicious File to Shared Webroot
  5. CAPEC-642: Replace Binaries
  6. CAPEC-650: Upload a Web Shell to a Web Server
  7. CAPEC-35: Leveraging Executable Code in Non-Executable Files
3. CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels
4. CAPEC-221: Data Serialization External Entities Blowup
5. CAPEC-503: WebView Exposure
CAPEC-233: Privilege Escalation
1. CAPEC-104: Cross Zone Scripting
2. CAPEC-234: Hijacking a privileged process
3. CAPEC-30: Hijacking a Privileged Thread of Execution
4. CAPEC-68: Subvert Code-signing Facilities
5. CAPEC-69: Target Programs with Elevated Privileges
CAPEC-390: Bypassing Physical Security
1. CAPEC-391: Bypassing Physical Locks
  1. CAPEC-392: Lock Bumping
  2. CAPEC-393: Lock Picking
  3. CAPEC-394: Using a Snap Gun Lock to Force a Lock
2. CAPEC-395: Bypassing Electronic Locks and Access Controls
  1. CAPEC-397: Cloning Magnetic Strip Cards
  2. CAPEC-398: Magnetic Strip Card Brute Force Attacks
  3. CAPEC-399: Cloning RFID Cards or Chips
  4. CAPEC-400: RFID Chip Deactivation or Destruction
  5. CAPEC-626: Smudge Attack
CAPEC-507: Physical Theft
CAPEC-560: Use of Known Domain Credentials
1. CAPEC-555: Remote Services with Stolen Credentials
2. CAPEC-600: Credential Stuffing
3. CAPEC-652: Use of Known Kerberos Credentials
  1. CAPEC-509: Kerberoasting
  2. CAPEC-645: Use of Captured Tickets (Pass The Ticket)
4. CAPEC-653: Use of Known Windows Credentials
  1. CAPEC-561: Windows Admin Shares with Stolen Credentials
  2. CAPEC-644: Use of Captured Hashes (Pass The Hash)
Password Abuse
1. CAPEC-50: Password Recovery Exploitation
2. CAPEC-16: Dictionary Based Password Attack
3. CAPEC-49: Password Brute Forcing
  1. CAPEC-565: Password Spraying
4. CAPEC-70 Try Common or Default Usernames and Passwords
5. CAPEC-55: Rainbow Table Password Cracking
Encryption Abuse
1. CAPEC-112: Brute Force
2. CAPEC-20: Encryption Brute Forcing
CAPEC-549: Local Code Execution
1. CAPEC-542: Targeted Malware
  1. CAPEC-550: Install New Service
  2. CAPEC-551: Modify Existing Service
  3. CAPEC-552: Install Rootkit
  4. CAPEC-556: Replace File Extension Handlers
  5. CAPEC-558: Replace Trusted Executable
  6. CAPEC-564: Run Software at Login
  7. CAPEC-579: Replace Winlogon Helper DLL
CAPEC-248: Command Injection
1. CAPEC-136 LDAP Injection
2. CAPEC-66 SQL Injection
  1. CAPEC-7: Blind SQL Injection
  2. CAPEC-109: Object Relational Mapping Injection
  3. CAPEC-110: SQL Injection through SOAP Parameter Tampering
  4. CAPEC-108: Command Line Execution through SQL Injection
  5. CAPEC-470: Expanding Control over the Operating System from the Database
3. CAPEC-88 OS Command Injection
4. CAPEC-183 IMAP/SMTP Command Injection
5. CAPEC-250 XML Injection
  1. CAPEC-83: XPath Injection
  2. CAPEC-84: XQuery Injection
  3. CAPEC-228: DTD Injection
6. CAPEC-676 NoSQL Injection
7. CAPEC-40 Manipulating Writeable Terminal Devices
8. CAPEC-137: Parameter Injection
  1. CAPEC-6: Argument Injection
  2. CAPEC-15: Command Delimiters
    1. CAPEC-460: HTTP Parameter Pollution (HPP)
  3. CAPEC-134: Email Injection
  4. CAPEC-135: Format String Injection
  5. CAPEC-138: Reflection Injection
  6. CAPEC-182: Flash Injection
    1. CAPEC-174: Flash Parameter Injection
    2. CAPEC-178: Cross-Site Flashing
9. CAPEC-175: Code Inclusion
  1. CAPEC-251: Local Code Inclusion
    1. CAPEC-252: PHP Local File Inclusion
    2. CAPEC-640: Inclusion of Code in Existing Process
    3. CAPEC-660: Root/Jailbreak Detection Evasion via Hooking
  2. CAPEC-253: Remote Code Inclusion
    1. CAPEC-101: Server Side Include (SSI) Injection
    2. CAPEC-193: PHP Remote File Inclusion
    3. CAPEC-500: WebView Injection
CAPEC-242: Code Injection
1. CAPEC-19: Embedding Scripts within Scripts
2. CAPEC-23: File Content Injection
  1. CAPEC-44: Overflow Binary Resource File
3. CAPEC-41: Using Meta-Characters in E-mail Headers to Inject Malicious Payloads
4. CAPEC-63: Cross-site Scripting (XSS)
  1. CAPEC-588: DOM-Based XSS
    1. CAPEC-18: XSS Through Non-Script Elements
    2. CAPEC-32: XSS Through HTTP Query String
    3. CAPEC-86: XSS Through HTTP Headers
    4. CAPEC-198: XSS Targeting Error Pages
    5. CAPEC-199: XSS Using Alternate Syntax
    6. CAPEC-243: XSS Targeting HTML Attributes
    7. CAPEC-244: XSS Targeting URI Placeholders
    8. CAPEC-245: XSS Using Doubled Characters
    9. CAPEC-247: XSS Using Invalid Characters
  2. CAPEC-591: Reflected XSS
    1. CAPEC-18: XSS Through Non-Script Elements
    2. CAPEC-32: XSS Through HTTP Query String
    3. CAPEC-86: XSS Through HTTP Headers
    4. CAPEC-198: XSS Targeting Error Pages
    5. CAPEC-199: XSS Using Alternate Syntax
    6. CAPEC-243: XSS Targeting HTML Attributes
    7. CAPEC-244: XSS Targeting URI Placeholders
    8. CAPEC-245: XSS Using Doubled Characters
    9. CAPEC-247: XSS Using Invalid Characters
  3. CAPEC-592: Stored XSS
    1. CAPEC-18: XSS Through Non-Script Elements
    2. CAPEC-32: XSS Through HTTP Query String
    3. CAPEC-86: XSS Through HTTP Headers
    4. CAPEC-198: XSS Targeting Error Pages
    5. CAPEC-199: XSS Using Alternate Syntax
    6. CAPEC-243: XSS Targeting HTML Attributes
    7. CAPEC-244: XSS Targeting URI Placeholders
    8. CAPEC-245: XSS Using Doubled Characters
    9. CAPEC-247: XSS Using Invalid Characters
    10. CAPEC-209: XSS Using MIME Type Mismatch
5. CAPEC-468: Generic Cross-Browser Cross-Domain Theft
CAPEC-240: Resource Injection
1. CAPEC-610: Cellular Data Injection
CAPEC-586: Object Injection
LICENSE The MITRE Corporation (MITRE) hereby grants you a non-exclusive, royalty-free license to use Common Attack Pattern Enumeration and Classification (CAPEC™) for research, development, and commercial purposes. Any copy you make for such purposes is authorized provided that you reproduce MITRE’s copyright designation and this license in any such copy. DISCLAIMERS ALL DOCUMENTS AND THE INFORMATION CONTAINED THEREIN ARE PROVIDED ON AN "AS IS" BASIS AND THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS, AGENTS, AND EMPLOYEES, DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION THEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License. Brett Crawley