Common Attack Pattern Enumeration and Classification : CAPEC
CAPEC™ helps by providing a comprehensive dictionary of known patterns of attack employed by adversaries to
exploit known weaknesses in cyber-enabled capabilities. It can be used by analysts, developers, testers, and
educators to advance community understanding and enhance defenses.
ID
Name
Action
CAPEC-401
Physically Hacking Hardware
CAPEC-402
Bypassing ATA Password Security
CAPEC-406
Dumpster Diving
CAPEC-407
Pretexting
CAPEC-410
Information Elicitation
CAPEC-412
Pretexting via Customer Service
CAPEC-413
Pretexting via Tech Support
CAPEC-414
Pretexting via Delivery Person
CAPEC-415
Pretexting via Phone
CAPEC-416
Manipulate Human Behavior
CAPEC-417
Influence Perception
CAPEC-418
Influence Perception of Reciprocation
CAPEC-420
Influence Perception of Scarcity
CAPEC-421
Influence Perception of Authority
CAPEC-422
Influence Perception of Commitment and Consistency
CAPEC-423
Influence Perception of Liking
CAPEC-424
Influence Perception of Consensus or Social Proof
CAPEC-425
Target Influence via Framing
CAPEC-426
Influence via Incentives
CAPEC-427
Influence via Psychological Principles
CAPEC-428
Influence via Modes of Thinking
CAPEC-429
Target Influence via Eye Cues
CAPEC-433
Target Influence via The Human Buffer Overflow
CAPEC-434
Target Influence via Interview and Interrogation
CAPEC-435
Target Influence via Instant Rapport
CAPEC-438
Modification During Manufacture
CAPEC-439
Manipulation During Distribution
CAPEC-440
Hardware Integrity Attack
CAPEC-441
Malicious Logic Insertion
CAPEC-442
Infected Software
CAPEC-443
Malicious Logic Inserted Into Product by Authorized Developer
CAPEC-444
Development Alteration
CAPEC-445
Malicious Logic Insertion into Product Software via Configuration Management Manipulation
CAPEC-446
Malicious Logic Insertion into Product via Inclusion of Third-Party Component
CAPEC-447
Design Alteration
CAPEC-448
Embed Virus into DLL
CAPEC-452
Infected Hardware
CAPEC-456
Infected Memory
CAPEC-457
USB Memory Attacks
CAPEC-458
Flash Memory Attacks
CAPEC-459
Creating a Rogue Certification Authority Certificate
CAPEC-460
HTTP Parameter Pollution (HPP)
CAPEC-461
Web Services API Signature Forgery Leveraging Hash Function Extension Weakness
CAPEC-462
Cross-Domain Search Timing
CAPEC-463
Padding Oracle Crypto Attack
CAPEC-464
Evercookie
CAPEC-465
Transparent Proxy Abuse
CAPEC-466
Leveraging Active Adversary in the Middle Attacks to Bypass Same Origin Policy
