CAPEC-268: Audit Log Manipulation
Standard
Draft
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
The attacker injects, manipulates, deletes, or forges malicious log entries into the log file, in an attempt to mislead an audit of the log file or cover tracks of an attack. Due to either insufficient access controls of the log files or the logging mechanism, the attacker is able to perform such actions.
前提条件
- The target host is logging the action and data of the user.
- The target host insufficiently protects access to the logs or logging mechanisms.
所需资源
分类映射
| 分类名称 | 条目ID | 条目名称 |
|---|---|---|
| ATTACK | 1070 | Indicator Removal on Host |
| ATTACK | 1562.002 | Impair Defenses: Disable Windows Event Logging |
| ATTACK | 1562.003 | Impair Defenses: Impair Command History Logging |
| ATTACK | 1562.008 | Impair Defenses: Disable Cloud Logs |
| OWASP Attacks | - | Log Injection |