Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-578:Disable Security Software
Attack Pattern ID:578
Version:v3.9
Attack Pattern Name:Disable Security Software
Abstraction:Standard
Status:Usable
Likelihood of Attack:Medium
Typical Severity:Medium
DetailsContent HistoryRelated WeaknessesReports
▼Description
An adversary exploits a weakness in access control to disable security tools so that detection does not occur. This can take the form of killing processes, deleting registry keys so that tools do not start at run time, deleting log files, or other methods.
▼Extended Description
▼Alternate Terms
▼Relationships
NatureTypeIDName
ChildOfM176Configuration/Environment Manipulation
Nature: ChildOf
Type: Meta
ID: 176
Name: Configuration/Environment Manipulation
▼Execution Flow
▼Prerequisites
The adversary must have the capability to interact with the configuration of the targeted system.
▼Skills Required
▼Resources Required
None: No specialized resources are required to execute this type of attack.
▼Indicators
▼Consequences
ScopeLikelihoodImpactNote
AvailabilityN/AHide ActivitiesBy disabling certain security tools, the adversary can hide malicious activity and avoid detection.
Scope: Availability
Likelihood: N/A
Impact: Hide Activities
Note: By disabling certain security tools, the adversary can hide malicious activity and avoid detection.
▼Mitigations
Ensure proper permissions are in place to prevent adversaries from altering the execution status of security tools.
▼Example Instances
▼Related Weaknesses
IDName
CWE-284Improper Access Control
ID: CWE-284
Name: Improper Access Control
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
ATTACK1556.006Modify Authentication Process: Multi-Factor Authentication
ATTACK1562.001Impair Defenses: Disable or Modify Tools
ATTACK1562.002Impair Defenses: Disable Windows Event Logging
ATTACK1562.004Impair Defenses: Disable or Modify System Firewall
ATTACK1562.007Impair Defenses: Disable or Modify Cloud Firewall
ATTACK1562.008Impair Defenses: Disable Cloud Logs
ATTACK1562.009Impair Defenses: Safe Mode Boot
Taxonomy Name: ATTACK
Entry ID: 1556.006
Entry Name: Modify Authentication Process: Multi-Factor Authentication
Taxonomy Name: ATTACK
Entry ID: 1562.001
Entry Name: Impair Defenses: Disable or Modify Tools
Taxonomy Name: ATTACK
Entry ID: 1562.002
Entry Name: Impair Defenses: Disable Windows Event Logging
Taxonomy Name: ATTACK
Entry ID: 1562.004
Entry Name: Impair Defenses: Disable or Modify System Firewall
Taxonomy Name: ATTACK
Entry ID: 1562.007
Entry Name: Impair Defenses: Disable or Modify Cloud Firewall
Taxonomy Name: ATTACK
Entry ID: 1562.008
Entry Name: Impair Defenses: Disable Cloud Logs
Taxonomy Name: ATTACK
Entry ID: 1562.009
Entry Name: Impair Defenses: Safe Mode Boot
▼Notes
▼References
Details not found