Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-545:Pull Data from System Resources
Attack Pattern ID:545
Version:v3.9
Attack Pattern Name:Pull Data from System Resources
Abstraction:Standard
Status:Draft
Likelihood of Attack:
Typical Severity:
DetailsContent HistoryRelated WeaknessesReports
▼Description
An adversary who is authorized or has the ability to search known system resources, does so with the intention of gathering useful information. System resources include files, memory, and other aspects of the target system. In this pattern of attack, the adversary does not necessarily know what they are going to find when they start pulling data. This is different than CAPEC-150 where the adversary knows what they are looking for due to the common location.
▼Extended Description
▼Alternate Terms
▼Relationships
NatureTypeIDName
ChildOfM116Excavation
ParentOfD498Probe iOS Screenshots
ParentOfD546Incomplete Data Deletion in a Multi-Tenant Environment
ParentOfD634Probe Audio and Video Peripherals
ParentOfD639Probe System Files
CanFollowD561Windows Admin Shares with Stolen Credentials
CanFollowD643Identify Shared Files/Directories on System
CanFollowD644Use of Captured Hashes (Pass The Hash)
Nature: ChildOf
Type: Meta
ID: 116
Name: Excavation
Nature: ParentOf
Type: Detailed
ID: 498
Name: Probe iOS Screenshots
Nature: ParentOf
Type: Detailed
ID: 546
Name: Incomplete Data Deletion in a Multi-Tenant Environment
Nature: ParentOf
Type: Detailed
ID: 634
Name: Probe Audio and Video Peripherals
Nature: ParentOf
Type: Detailed
ID: 639
Name: Probe System Files
Nature: CanFollow
Type: Detailed
ID: 561
Name: Windows Admin Shares with Stolen Credentials
Nature: CanFollow
Type: Detailed
ID: 643
Name: Identify Shared Files/Directories on System
Nature: CanFollow
Type: Detailed
ID: 644
Name: Use of Captured Hashes (Pass The Hash)
▼Execution Flow
▼Prerequisites
▼Skills Required
▼Resources Required
▼Indicators
▼Consequences
ScopeLikelihoodImpactNote
▼Mitigations
▼Example Instances
▼Related Weaknesses
IDName
CWE-1239Improper Zeroization of Hardware Register
CWE-1243Sensitive Non-Volatile Information Not Protected During Debug
CWE-1258Exposure of Sensitive System Information Due to Uncleared Debug Information
CWE-1266Improper Scrubbing of Sensitive Data from Decommissioned Device
CWE-1272Sensitive Information Uncleared Before Debug/Power State Transition
CWE-1278Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
CWE-1323Improper Management of Sensitive Trace Data
CWE-1330Remanent Data Readable after Memory Erase
ID: CWE-1239
Name: Improper Zeroization of Hardware Register
ID: CWE-1243
Name: Sensitive Non-Volatile Information Not Protected During Debug
ID: CWE-1258
Name: Exposure of Sensitive System Information Due to Uncleared Debug Information
ID: CWE-1266
Name: Improper Scrubbing of Sensitive Data from Decommissioned Device
ID: CWE-1272
Name: Sensitive Information Uncleared Before Debug/Power State Transition
ID: CWE-1278
Name: Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
ID: CWE-1323
Name: Improper Management of Sensitive Trace Data
ID: CWE-1330
Name: Remanent Data Readable after Memory Erase
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
ATTACK1005Data from Local System
ATTACK1555.001Credentials from Password Stores:Keychain
Taxonomy Name: ATTACK
Entry ID: 1005
Entry Name: Data from Local System
Taxonomy Name: ATTACK
Entry ID: 1555.001
Entry Name: Credentials from Password Stores:Keychain
▼Notes
▼References
Details not found