What does CAPEC stand for ?
Common Attack Pattern Enumeration and Classification
What is CAPEC ?
Collection of 500+ attack patterns and techniques
- Related to CWEs (Common Weakness Enumeration)
- Link attack (CAPEC-ID) to vulnerability (CWE-ID)
What is CAPEC useful for ?
Helps in understanding attacks and attackers’ mindset
- Helps in choosing preventive measures
- Design application
- Configure environment
Which categories of attack mechanisms exist in CAPEC ?
- Planning of attacks, collection of information
- Input handling
- Deceptive interactions, spoofing [authenticity]
- Injection [integrity]
- Abuse of existing functionality [availability]
- Probabilistic techniques: brute force/fuzzing
- Subversion of access control
- Manipulation of data structures (internal state)
- Manipulation of timing and state; race conditions
- Manipulation of system resources (environment)
What are possible Attack vectors ?
- Code (transition function)
- Internal state
- Input
- User (provides code, input)
What is Fuzzing ?
- Providing random input to program
- Observing how input leads to changes in control flow
What are the most likely results of fuzzing ?
- Program does not accept input
- Program crashes (-> availability; integrity)
- Program reveals data (-> confidentiality)
- Exception is thrown, security mechanisms are bypassed
What is reverse engeneering ?
Reverse engineering: find out rules of a machine/program by looking
only at machine/program and its behaviour without access to sourcecode
Where is the main difference between fuzzing and reverse engeneering ?
More systematic than fuzzing, uncover code paths that are hard (i.e.
unlikely) to trigger by random input
Insight into program behaviour
Which tools are used in reverse engeneering ?
- Decompiler
- Disassembler
- Debugger
- Virtual machine
What does a decompiler do ?
- Tool that converts machine code into source code
- Original names of methods, parameters, variables often not retrievable from binary
what does a dissassembler do ?
- Tool that converts machine code (machine-readable) into assembly
language (human-readable) - Reveal control flow, call graphs, code patterns
what does a debugger do ?
- Tool that attaches to and controls processes
- Breakpoints, step-wise execution, internal state (memory)
what does a virtual machine do ?
- Similar to program execution by debugger
- Observe program behaviour during controlled execution
