-
Notifications
You must be signed in to change notification settings - Fork 4
/
ap_names.json
548 lines (548 loc) · 18.5 KB
/
ap_names.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
[
"Accessing Functionality Not Properly Constrained by ACLs",
"Inducing Account Lockout",
"Using Leading 'Ghost' Character Sequences to Bypass Input Filters",
"Using Alternative IP Address Encodings",
"Blue Boxing",
"Argument Injection",
"Blind SQL Injection",
"Buffer Overflow in an API Call",
"Buffer Overflow in Local Command-Line Utilities",
"Buffer Overflow via Environment Variables",
"Cause Web Server Misclassification",
"Choosing Message Identifier",
"Subverting Environment Variable Values",
"Client-side Injection-induced Buffer Overflow",
"Command Delimiters",
"Dictionary-based Password Attack",
"Using Malicious Files",
"XSS Targeting Non-Script Elements",
"Embedding Scripts within Scripts",
"Encryption Brute Forcing",
"Exploitation of Trusted Identifiers",
"Exploiting Trust in Client",
"File Content Injection",
"Filter Failure through Buffer Overflow",
"Forced Deadlock",
"Leveraging Race Conditions",
"Leveraging Race Conditions via Symbolic Links",
"Fuzzing",
"Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions",
"Hijacking a Privileged Thread of Execution",
"Accessing/Intercepting/Modifying HTTP Cookies",
"XSS Through HTTP Query Strings",
"HTTP Request Smuggling",
"HTTP Response Splitting",
"Leverage Executable Code in Non-Executable Files",
"Using Unpublished Interfaces",
"Retrieve Embedded Sensitive Data",
"Leveraging/Manipulating Configuration File Search Paths",
"Manipulating Opaque Client-based Data Tokens",
"Manipulating Writeable Terminal Devices",
"Using Meta-characters in E-mail Headers to Inject Malicious Payloads",
"MIME Conversion",
"Exploiting Multiple Input Interpretation Layers",
"Overflow Binary Resource File",
"Buffer Overflow via Symbolic Links",
"Overflow Variables and Tags",
"Buffer Overflow via Parameter Expansion",
"Passing Local Filenames to Functions That Expect a URL",
"Password Brute Forcing",
"Password Recovery Exploitation",
"Poison Web Service Registry",
"Embedding NULL Bytes",
"Postfix, Null Terminate, and Backslash",
"Query System for Information",
"Rainbow Table Password Cracking",
"Utilizing REST's Trust in the System Resource to Obtain Sensitive Data",
"Restful Privilege Elevation",
"Session Credential Falsification through Prediction",
"Reusing Session IDs (aka Session Replay)",
"Session Fixation",
"Cross Site Request Forgery",
"Cross-Site Scripting (XSS)",
"Using Slashes and URL Encoding Combined to Bypass Validation Logic",
"Sniff Application Code",
"SQL Injection",
"String Format Overflow in syslog()",
"Subvert Code-signing Facilities",
"Target Programs with Elevated Privileges",
"Try Common or Default Usernames and Passwords",
"Using Unicode Encoding to Bypass Validation Logic",
"URL Encoding",
"User-Controlled Filename",
"Manipulating State",
"Manipulating Writeable Configuration Files",
"Manipulating Web Input to File System Calls",
"Manipulating User-Controlled Variables",
"Using Escaped Slashes in Alternate Encoding",
"Using Slashes in Alternate Encoding",
"Using UTF-8 Encoding to Bypass Validation Logic",
"Web Logs Tampering",
"XPath Injection",
"XQuery Injection",
"AJAX Footprinting",
"XSS Through HTTP Headers",
"Forceful Browsing",
"OS Command Injection",
"Pharming",
"Reflection Attack in Authentication Protocol",
"Forced Integer Overflow",
"Log Injection-Tampering-Forging",
"Adversary in the Middle (AiTM)",
"WSDL Scanning",
"Block Access to Libraries",
"Cryptanalysis",
"Phishing",
"Overflow Buffers",
"Server Side Include (SSI) Injection",
"Session Sidejacking",
"Clickjacking",
"Cross Zone Scripting",
"HTTP Request Splitting",
"Cross Site Tracing",
"Command Line Execution through SQL Injection",
"Object Relational Mapping Injection",
"SQL Injection through SOAP Parameter Tampering",
"JSON Hijacking (aka JavaScript Hijacking)",
"Brute Force",
"Interface Manipulation",
"Authentication Abuse",
"Authentication Bypass",
"Excavation",
"Interception",
"Double Encoding",
"Exploit Non-Production Interfaces",
"Privilege Abuse",
"Buffer Manipulation",
"Shared Resource Manipulation",
"Flooding",
"Path Traversal",
"Directory Indexing",
"Integer Attacks",
"Pointer Manipulation",
"Excessive Allocation",
"Resource Leak Exposure",
"Symlink Attack",
"Try All Common Switches",
"Email Injection",
"Format String Injection",
"LDAP Injection",
"Parameter Injection",
"Reflection Injection",
"Relative Path Traversal",
"Bypassing of Intermediate Forms in Multiple-Form Sets",
"Cache Poisoning",
"DNS Cache Poisoning",
"Detect Unpublicized Web Pages",
"Detect Unpublicized Web Services",
"Checksum Spoofing",
"XML Schema Poisoning",
"XML Ping of the Death",
"Content Spoofing",
"Explore for Predictable Temporary File Names",
"Collect Data from Common Resource Locations",
"Identity Spoofing",
"Input Data Manipulation",
"Resource Location Spoofing",
"Screen Temporary Files for Sensitive Information",
"Sniffing Attacks",
"Sniffing Network Traffic",
"Redirect Access to Libraries",
"Exploit Script-Based APIs",
"Infrastructure Manipulation",
"Manipulating Hidden Fields",
"Spear Phishing",
"Mobile Phishing",
"File Manipulation",
"Force the System to Reset Values",
"White Box Reverse Engineering",
"Windows ::DATA Alternate Data Stream",
"Footprinting",
"Web Application Fingerprinting",
"Action Spoofing",
"Flash Parameter Injection",
"Code Inclusion",
"Configuration/Environment Manipulation",
"Create files with the same name as files protected with a higher classification",
"Cross-Site Flashing",
"Calling Micro-Services Directly",
"Exploiting Incorrectly Configured Access Control Security Levels",
"Flash File Overlay",
"Flash Injection",
"IMAP/SMTP Command Injection",
"Software Integrity Attack",
"Malicious Software Download",
"Malicious Software Update",
"Malicious Automated Software Update via Redirection",
"Reverse Engineering",
"Black Box Reverse Engineering",
"Reverse Engineer an Executable to Expose Assumed Hidden Functionality",
"Read Sensitive Constants Within an Executable",
"Protocol Analysis",
"PHP Remote File Inclusion",
"Fake the Source of Data",
"Principal Spoof",
"Session Credential Falsification through Forging",
"Exponential Data Expansion",
"XSS Targeting Error Pages",
"XSS Using Alternate Syntax",
"Removal of filters: Input filters, output filters, data masking",
"Serialized Data External Linking",
"Create Malicious Client",
"Manipulate Registry Information",
"Lifting Sensitive Data Embedded in Cache",
"Signing Malicious Code",
"Removing Important Client Functionality",
"Removing/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements",
"XSS Using MIME Type Mismatch",
"Functionality Misuse",
"Fuzzing for application mapping",
"Communication Channel Manipulation",
"Exploiting Incorrectly Configured SSL",
"Spoofing of UDDI/ebXML Messages",
"XML Routing Detour Attacks",
"Client-Server Protocol Manipulation",
"Data Serialization External Entities Blowup",
"iFrame Overlay",
"Fingerprinting",
"Session Credential Falsification through Manipulation",
"Sustained Client Engagement",
"DTD Injection",
"Serialized Data Parameter Blowup",
"Serialized Data with Nested Payloads",
"Oversized Serialized Data Payloads",
"Privilege Escalation",
"Hijacking a privileged process",
"Escaping a Sandbox by Calling Code in Another Language",
"Resource Injection",
"Code Injection",
"XSS Targeting HTML Attributes",
"XSS Targeting URI Placeholders",
"XSS Using Doubled Characters",
"XSS Using Invalid Characters",
"Command Injection",
"XML Injection",
"Local Code Inclusion",
"PHP Local File Inclusion",
"Remote Code Inclusion",
"SOAP Array Overflow",
"Fuzzing for garnering other adjacent user/sensitive data",
"Force Use of Corrupted Files",
"Leverage Alternate Encoding",
"Audit Log Manipulation",
"Modification of Registry Run Keys",
"Schema Poisoning",
"Protocol Manipulation",
"HTTP Response Smuggling",
"HTTP Verb Tampering",
"DNS Rebinding",
"Inter-component Protocol Manipulation",
"Data Interchange Protocol Manipulation",
"Web Services Protocol Manipulation",
"SOAP Manipulation",
"ICMP Echo Request Ping",
"TCP SYN Scan",
"Enumerate Mail Exchange (MX) Records",
"DNS Zone Transfers",
"Host Discovery",
"Traceroute Route Enumeration",
"ICMP Address Mask Request",
"Timestamp Request",
"ICMP Information Request",
"TCP ACK Ping",
"UDP Ping",
"TCP SYN Ping",
"Port Scanning",
"TCP Connect Scan",
"TCP FIN Scan",
"TCP Xmas Scan",
"TCP Null Scan",
"TCP ACK Scan",
"TCP Window Scan",
"TCP RPC Scan",
"UDP Scan",
"Network Topology Mapping",
"Scanning for Vulnerable Software",
"Active OS Fingerprinting",
"Passive OS Fingerprinting",
"IP ID Sequencing Probe",
"IP 'ID' Echoed Byte-Order Probe",
"IP (DF) 'Don't Fragment Bit' Echoing Probe",
"TCP Timestamp Probe",
"TCP Sequence Number Probe",
"TCP (ISN) Greatest Common Divisor Probe",
"TCP (ISN) Counter Rate Probe",
"TCP (ISN) Sequence Predictability Probe",
"TCP Congestion Control Flag (ECN) Probe",
"TCP Initial Window Size Probe",
"TCP Options Probe",
"TCP 'RST' Flag Checksum Probe",
"ICMP Error Message Quoting Probe",
"ICMP Error Message Echoing Integrity Probe",
"ICMP IP Total Length Field Probe",
"ICMP IP 'ID' Field Error Message Probe",
"Harvesting Information via API Event Monitoring",
"Application API Message Manipulation via Man-in-the-Middle",
"Transaction or Event Tampering via Application API Manipulation",
"Application API Navigation Remapping",
"Navigation Remapping To Propagate Malicious Content",
"Application API Button Hijacking",
"Content Spoofing Via Application API Manipulation",
"Bypassing Physical Security",
"Bypassing Physical Locks",
"Lock Bumping",
"Lock Picking",
"Using a Snap Gun Lock to Force a Lock",
"Bypassing Electronic Locks and Access Controls",
"Cloning Magnetic Strip Cards",
"Magnetic Strip Card Brute Force Attacks",
"Cloning RFID Cards or Chips",
"RFID Chip Deactivation or Destruction",
"Physically Hacking Hardware",
"Bypassing ATA Password Security",
"Dumpster Diving",
"Pretexting",
"Information Elicitation",
"Pretexting via Customer Service",
"Pretexting via Tech Support",
"Pretexting via Delivery Person",
"Pretexting via Phone",
"Manipulate Human Behavior",
"Influence Perception",
"Influence Perception of Reciprocation",
"Influence Perception of Scarcity",
"Influence Perception of Authority",
"Influence Perception of Commitment and Consistency",
"Influence Perception of Liking",
"Influence Perception of Consensus or Social Proof",
"Target Influence via Framing",
"Influence via Incentives",
"Influence via Psychological Principles",
"Influence via Modes of Thinking",
"Target Influence via Eye Cues",
"Target Influence via The Human Buffer Overflow",
"Target Influence via Interview and Interrogation",
"Target Influence via Instant Rapport",
"Modification During Manufacture",
"Manipulation During Distribution",
"Hardware Integrity Attack",
"Malicious Logic Insertion",
"Infected Software",
"Malicious Logic Inserted Into Product Software by Authorized Developer",
"Development Alteration",
"Malicious Logic Insertion into Product Software via Configuration Management Manipulation",
"Malicious Logic Insertion into Product Software via Inclusion of 3rd Party Component Dependency",
"Design Alteration",
"Embed Virus into DLL",
"Infected Hardware",
"Infected Memory",
"USB Memory Attacks",
"Flash Memory Attacks",
"Creating a Rogue Certification Authority Certificate",
"HTTP Parameter Pollution (HPP)",
"Web Services API Signature Forgery Leveraging Hash Function Extension Weakness",
"Cross-Domain Search Timing",
"Padding Oracle Crypto Attack",
"Evercookie",
"Transparent Proxy Abuse",
"Leveraging Active Adversary in the Middle Attacks to Bypass Same Origin Policy",
"Cross Site Identification",
"Generic Cross-Browser Cross-Domain Theft",
"HTTP DoS",
"Expanding Control over the Operating System from the Database",
"Search Order Hijacking",
"Browser Fingerprinting",
"Signature Spoof",
"Signature Spoofing by Key Theft",
"Signature Spoofing by Improper Validation",
"Signature Spoofing by Misrepresentation",
"Signature Spoofing by Mixing Signed and Unsigned Content",
"Modification of Windows Service Configuration",
"Malicious Root Certificate",
"Escaping Virtualization",
"Contradictory Destinations in Traffic Routing Schemes",
"TCP Flood",
"Signature Spoofing by Key Recreation",
"UDP Flood",
"ICMP Flood",
"HTTP Flood",
"SSL Flood",
"Amplification",
"Quadratic Data Expansion",
"Regular Expression Exponential Blowup",
"SOAP Array Blowup",
"TCP Fragmentation",
"UDP Fragmentation",
"ICMP Fragmentation",
"File Discovery",
"Probe iOS Screenshots",
"Android Intent Intercept",
"WebView Injection",
"Android Activity Hijack",
"Intent Spoof",
"WebView Exposure",
"Task Impersonation",
"Scheme Squatting",
"Tapjacking",
"Physical Theft",
"Shoulder Surfing",
"Kerberoasting",
"SaaS User Request Forgery",
"Infiltration of Software Development Environment",
"Hardware Component Substitution During Baselining",
"Documentation Alteration to Circumvent Dial-down",
"Documentation Alteration to Produce Under-performing Systems",
"Documentation Alteration to Cause Errors in System Design",
"Counterfeit Hardware Component Inserted During Product Assembly",
"Hardware Design Specifications Are Altered",
"Malicious Hardware Component Replacement",
"Malicious Software Implanted",
"Rogue Integration Procedures",
"XML Flood",
"Malware-Directed Internal Reconnaissance",
"Provide Counterfeit Component",
"Hardware Component Substitution",
"Altered Installed BIOS",
"Malicious Manual Software Update",
"Malicious Hardware Update",
"Malicious Gray Market Hardware",
"Data Injected During Configuration",
"Infiltration of Hardware Development Environment",
"Open-Source Library Manipulation",
"ASIC With Malicious Functionality",
"Overread Buffers",
"Application Fingerprinting",
"Targeted Malware",
"Counterfeit Websites",
"Counterfeit Organizations",
"Pull Data from System Resources",
"Incomplete Data Deletion in a Multi-Tenant Environment",
"Physical Destruction of Device or Component",
"Contaminate Resource",
"Local Execution of Code",
"Install New Service",
"Modify Existing Service",
"Install Rootkit ",
"Functionality Bypass",
"Remote Services with Stolen Credentials",
"Replace File Extension Handlers",
"Replace Trusted Executable",
"Orbital Jamming",
"Use of Known Domain Credentials",
"Windows Admin Shares with Stolen Credentials",
"Modify Shared File",
"Add Malicious File to Shared Webroot",
"Run Software at Logon",
"Password Spraying",
"Capture Credentials via Keylogger",
"Collect Data as Provided by Users",
"Block Logging to Central Repository",
"Artificially Inflate File Sizes",
"Process Footprinting",
"Services Footprinting",
"Account Footprinting",
"Group Permission Footprinting",
"Owner Footprinting",
"Disable Security Software",
"Replace Winlogon Helper DLL",
"System Footprinting",
"Security Software Footprinting",
"Route Disabling",
"Disabling Network Hardware",
"BGP Route Disabling",
"DNS Domain Seizure",
"Object Injection",
"Cross Frame Scripting (XFS)",
"DOM-Based XSS",
"DNS Blocking",
"IP Address Blocking",
"Reflected XSS",
"Stored XSS",
"Session Hijacking",
"Traffic Injection",
"Connection Reset",
"TCP RST Injection",
"Absolute Path Traversal",
"DNS Spoofing",
"Terrestrial Jamming",
"Credential Stuffing",
"Jamming",
"Blockage",
"Wi-Fi Jamming",
"Cellular Jamming",
"Weakening of Cellular Encryption",
"Obstruction",
"Cryptanalysis of Cellular Encryption",
"Cellular Traffic Intercept",
"Cellular Data Injection",
"BitSquatting",
"WiFi MAC Address Tracking",
"WiFi SSID Tracking",
"Rooting SIM Cards",
"Evil Twin Wi-Fi Attack",
"Establish Rogue Location",
"Cellular Rogue Base Station",
"Cellular Broadcast Message Request",
"Signal Strength Tracking",
"Drop Encryption Level",
"Analysis of Packet Timing and Sizes",
"Electromagnetic Side-Channel Attack",
"Compromising Emanations Attack",
"Hardware Fault Injection",
"Mobile Device Fault Injection",
"Smudge Attack",
"Counterfeit GPS Signals",
"Carry-Off GPS Attack",
"Unauthorized Use of Device Resources",
"TypoSquatting",
"SoundSquatting",
"Homograph Attack via Homoglyphs",
"Token Impersonation",
"Probe Audio and Video Peripherals",
"Alternative Execution Due to Deceptive Filenames",
"Hiding Malicious Data or Code within Files",
"Collect Data from Clipboard",
"Altered Component Firmware",
"Probe System Files",
"Inclusion of Code in Existing Process",
"DLL Side-Loading",
"Replace Binaries",
"Identify Shared Files/Directories on System",
"Use of Captured Hashes (Pass The Hash)",
"Use of Captured Tickets (Pass The Ticket)",
"Peripheral Footprinting",
"Collect Data from Registries",
"Collect Data from Screen Capture",
"Adding a Space to a File Extension",
"Upload a Web Shell to a Web Server",
"Eavesdropping",
"Use of Known Kerberos Credentials",
"Use of Known Windows Credentials",
"Credential Prompt Impersonation",
"Avoid Security Tool Identification by Adding Data",
"Voice Phishing",
"Malicious Automated Software Update via Spoofing",
"Root/Jailbreak Detection Evasion via Hooking",
"Root/Jailbreak Detection Evasion via Debugging",
"Adversary in the Browser (AiTB)",
"Exploitation of Transient Instruction Execution",
"Server Side Request Forgery",
"Exploitation of Thunderbolt Protection Flaws",
"BlueSmacking",
"Bluetooth Impersonation AttackS (BIAS)",
"Key Negotiation of Bluetooth Attack (KNOB)",
"Alteration of a Software Update",
"Software Development Tools Maliciously Altered",
"Requirements for ASIC Functionality Maliciously Altered",
"Malicious Code Implanted During Chip Programming",
"Developer Signing Maliciously Altered Software",
"Design for FPGA Maliciously Altered",
"Retrieve Data from Decommissioned Devices",
"NoSQL Injection",
"Server Functionality Compromise",
"System Build Data Maliciously Altered",
"Exploitation of Improperly Configured or Implemented Memory Protections",
"Exploitation of Improperly Controlled Registers",
"Exploitation of Improperly Controlled Hardware Security Identifiers"
]