ByteOS Network

CAPEC-646:Peripheral Footprinting

Attack Pattern ID:646

Version:v3.9

Attack Pattern Name:Peripheral Footprinting

Abstraction:Standard

Status:Stable

Likelihood of Attack:Low

Typical Severity:Medium

Details Content History Related Weaknesses Reports

▼Description

Adversaries may attempt to obtain information about attached peripheral devices and components connected to a computer system. Examples may include discovering the presence of iOS devices by searching for backups, analyzing the Windows registry to determine what USB devices have been connected, or infecting a victim system with malware to report when a USB device has been connected. This may allow the adversary to gain additional insight about the system or network environment, which may be useful in constructing further attacks.

▼Relationships

Nature	Type	ID	Name
ChildOf	M	169	Footprinting
CanFollow	D	270	Modification of Registry Run Keys

Nature: ChildOf

Type: Meta

ID: 169

Name: Footprinting

Nature: CanFollow

Type: Detailed

ID: 270

Name: Modification of Registry Run Keys

▼Prerequisites

The adversary needs either physical or remote access to the victim system.

▼Skills Required

Medium

The adversary needs to be able to infect the victim system in a manner that gives them remote access.

Medium

If analyzing the Windows registry, the adversary must understand the registry structure to know where to look for devices.

▼Mitigations

Identify programs that may be used to acquire peripheral information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist.

▼Related Weaknesses

ID	Name
CWE-200	Exposure of Sensitive Information to an Unauthorized Actor

ID: CWE-200

Name: Exposure of Sensitive Information to an Unauthorized Actor

▼Taxonomy Mappings

Taxonomy Name	Entry ID	Entry Name
ATTACK	1120	Peripheral Device Discovery

Taxonomy Name: ATTACK

Entry ID: 1120

Entry Name: Peripheral Device Discovery