CAPEC-578 Metadata
Likelihood of Attack
Medium
Typical Severity
Medium
Overview
Summary
An adversary exploits a weakness in access control to disable security tools so that detection does not occur. This can take the form of killing processes, deleting registry keys so that tools do not start at run time, deleting log files, or other methods.
Prerequisites
The adversary must have the capability to interact with the configuration of the targeted system.
Potential Solutions / Mitigations
Ensure proper permissions are in place to prevent adversaries from altering the execution status of security tools.
Related Weaknesses (CWE)
| CWE ID | Description |
|---|---|
| CWE-284 | Improper Access Control |
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-176 | An attacker manipulates files or settings external to a target application which affect the behavior of that application. For example, many applications use external configuration files and libraries - modification of these entities or otherwise affecting the application's ability to use them would constitute a configuration/environment manipulation attack. |
Taxonomy Mappings
Taxonomy: ATTACK
| Entry ID | Entry Name |
|---|---|
| 1556.006 | Modify Authentication Process: Multi-Factor Authentication |
| 1562.001 | Impair Defenses: Disable or Modify Tools |
| 1562.002 | Impair Defenses: Disable Windows Event Logging |
| 1562.004 | Impair Defenses: Disable or Modify System Firewall |
| 1562.007 | Impair Defenses: Disable or Modify Cloud Firewall |
| 1562.008 | Impair Defenses: Disable Cloud Logs |
| 1562.009 | Impair Defenses: Safe Mode Boot |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.