CAPEC-646: Peripheral Footprinting

Standard Stable 严重程度: Medium 攻击可能性: Low

CAPEC版本: 3.9

更新日期: 2023-01-24

攻击模式描述

Adversaries may attempt to obtain information about attached peripheral devices and components connected to a computer system. Examples may include discovering the presence of iOS devices by searching for backups, analyzing the Windows registry to determine what USB devices have been connected, or infecting a victim system with malware to report when a USB device has been connected. This may allow the adversary to gain additional insight about the system or network environment, which may be useful in constructing further attacks.

前提条件

The adversary needs either physical or remote access to the victim system.

所需技能

Medium The adversary needs to be able to infect the victim system in a manner that gives them remote access.

Medium If analyzing the Windows registry, the adversary must understand the registry structure to know where to look for devices.

缓解措施

Identify programs that may be used to acquire peripheral information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist.

分类映射

分类名称	条目ID	条目名称
ATTACK	1120	Peripheral Device Discovery

关键信息

CAPEC ID: CAPEC-646

抽象级别: Standard

状态: Stable

典型严重程度: Medium

攻击可能性: Low

CAPEC-646: Peripheral Footprinting

攻击模式描述

前提条件

所需技能

缓解措施

分类映射

关键信息

相关攻击模式

相关CWE弱点

CAPEC-646: Peripheral Footprinting

攻击模式描述

前提条件

所需技能

缓解措施

分类映射

关键信息

相关攻击模式

ChildOf CAPEC-169

相关CWE弱点