CAPEC-581: Security Software Footprinting
Detailed
Draft
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
Adversaries may attempt to get a listing of security tools that are installed on the system and their configurations. This may include security related system features (such as a built-in firewall or anti-spyware) as well as third-party security software.
缓解措施
Identify programs that may be used to acquire security tool information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist.
分类映射
| 分类名称 | 条目ID | 条目名称 |
|---|---|---|
| ATTACK | 1518.001 | Software Discovery:Security Software Discovery |