Description

{'xhtml:p': 'An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.'}

Attack Execution Flow

3

1

Step 1

Explore

[Determine Communication Mechanism] The adversary determines the nature and mechanism of communication between two components, looking for opportunities to exploit.
Perform a sniffing attack and observe communication to determine a communication protocol.
Look for application documentation that might describe a communication mechanism used by a target.

Attack Techniques

Perform a sniffing attack and observe communication to determine a communication protocol.
Look for application documentation that might describe a communication mechanism used by a target.
IT: Eseguire un attacco di sniffing e osservare le comunicazioni per determinare un protocollo di comunicazione.

2

Step 2

Experiment

[Position In Between Targets] The adversary inserts themself into the communication channel initially acting as a routing proxy between the two targeted components.
Install spyware on a client that will intercept outgoing packets and route them to their destination as well as route incoming packets back to the client.
Exploit a weakness in an encrypted communication mechanism to gain access to traffic. Look for outdated mechanisms such as SSL.

Attack Techniques

Install spyware on a client that will intercept outgoing packets and route them to their destination as well as route incoming packets back to the client.
Exploit a weakness in an encrypted communication mechanism to gain access to traffic. Look for outdated mechanisms such as SSL.
IT: Installare spyware su un client che intercetti i pacchetti in uscita e li reindirizzi alla loro destinazione, nonché instradi i pacchetti in arrivo indietro al client.

3

Step 3

Exploit

[Use Intercepted Data Maliciously] The adversary observes, filters, or alters passed data of its choosing to gain access to sensitive information or to manipulate the actions of the two target components for their own purposes.
Prevent some messages from reaching their destination, causing a denial of service.

Attack Techniques

Prevent some messages from reaching their destination, causing a denial of service.

CAPEC 94 Adversary in the Middle (AiTM)

Description

Attack Execution Flow

Step 1

Attack Techniques

Step 2

Attack Techniques

Step 3

Attack Techniques

Mitigations

Encrypt Communications Using Cryptography (E.G., Ssl/Tls)

Ensure Public Keys Are Signed By A Certificate Authority

Exchange Public Keys Using A Secure Channel

Use Strong Mutual Authentication To Always Fully Authenticate Both Ends Of Any Communications Channel.

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Child CAPECs

Related ATT&CK Techniques

Adversary-in-the-Middle

CAPEC 94 Adversary in the Middle (AiTM)

Description

Attack Execution Flow

Step 1

Attack Techniques

Step 2

Attack Techniques

Step 3

Attack Techniques

Mitigations

Encrypt Communications Using Cryptography (E.G., Ssl/Tls)

Ensure Public Keys Are Signed By A Certificate Authority

Exchange Public Keys Using A Secure Channel

Use Strong Mutual Authentication To Always Fully Authenticate Both Ends Of Any Communications Channel.

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Child CAPECs

Related ATT&CK Techniques

Adversary-in-the-Middle

Iscriviti alla newsletter