CAPEC-578: Disable Security Software
ID
CAPEC-578
Typical Severity
Medium
Likelihood Of Attack
Medium
Status
Usable
An adversary exploits a weakness in access control to disable security tools so that detection does not occur. This can take the form of killing processes, deleting registry keys so that tools do not start at run time, deleting log files, or other methods.
Weaknesses
# ID | Name | Type |
---|---|---|
CWE-284 | Improper Access Control | weakness |
Taxonomiy Mapping
Type | # ID | Name |
---|---|---|
ATTACK | 1556.006 | Modify Authentication Process: Multi-Factor Authentication |
ATTACK | 1562.001 | Impair Defenses: Disable or Modify Tools |
ATTACK | 1562.002 | Impair Defenses: Disable Windows Event Logging |
ATTACK | 1562.004 | Impair Defenses: Disable or Modify System Firewall |
ATTACK | 1562.007 | Impair Defenses: Disable or Modify Cloud Firewall |
ATTACK | 1562.008 | Impair Defenses: Disable Cloud Logs |
ATTACK | 1562.009 | Impair Defenses: Safe Mode Boot |