In [8]:
import csv
import json
import xml.etree.ElementTree as ET
import sys
import os
filepath = "../../Notebooks/CAPEC/Visualization/data/capec_v2.9.xml"
javascript_path = "../../Notebooks/CAPEC/Visualization/data/Foamtree/carrotsearch.foamtree.js"
CAPEC_xml = filepath.split(os.sep)[-1]
CAPEC_version = CAPEC_xml[:-4]
CAPEC_json = CAPEC_version + ".json"
CAPEC_html = CAPEC_version + ".html"
CAPEC_csv_edgelist = CAPEC_version + " [Edges].csv"
CAPEC_csv_nodelist = CAPEC_version + " [Nodes].csv"
CAPEC_entries = list()
CAPEC_tree = ET.parse(filepath)
CAPEC_root = CAPEC_tree.getroot()
def remove_commas(string):
comma_free_string = ''
temp_string = string.split(',')
for i in temp_string:
comma_free_string+=i
return comma_free_string
for attack_pattern in CAPEC_root[0][0]:
for parameter in attack_pattern:
if parameter.tag=="{http://capec.mitre.org/capec-2}Relationship":
capec_id = parameter[3].text
child_of = '1000'
for category in CAPEC_root[1]:
if category.attrib['ID']==capec_id:
capec_name = remove_commas(category.attrib['Name'])
temp_list = list()
temp_list.extend((capec_id,capec_name,child_of))
CAPEC_entries.append(temp_list)
for attack_pattern in CAPEC_root[1]:
if attack_pattern.attrib['Status']!="Deprecated":
for parameter in attack_pattern:
if parameter.tag=="{http://capec.mitre.org/capec-2}Relationships":
for relationship_parameter in parameter:
if relationship_parameter[2].text=="HasMember":
child_of = attack_pattern.attrib['ID']
capec_id= relationship_parameter[3].text
for attack_pattern_matcher in CAPEC_root[2]:
if attack_pattern_matcher.attrib['ID']==capec_id:
capec_name= remove_commas(attack_pattern_matcher.attrib['Name'])
temp_list = list()
temp_list.extend((capec_id,capec_name,child_of))
CAPEC_entries.append(temp_list)
#CAPEC_root[2] is used to select capec:Attack_Patterns
for attack_pattern in CAPEC_root[2]:
if attack_pattern.attrib['Status']!="Deprecated":
for parameter in attack_pattern:
if parameter.tag=="{http://capec.mitre.org/capec-2}Related_Attack_Patterns":
for related_attack_pattern_parameter in parameter:
if related_attack_pattern_parameter[2].text=="ChildOf":
capec_id= attack_pattern.attrib['ID']
capec_name= remove_commas(attack_pattern.attrib['Name'])
child_of= related_attack_pattern_parameter[3].text
temp_list = list()
temp_list.extend((capec_id,capec_name,child_of))
CAPEC_entries.append(temp_list)
def jsonify(number):
main_list = list()
for row in CAPEC_entries:
parent_id = str(number)
if row[2]==parent_id:
member_dict = dict()
member_dict["label"] = str(row[0]) + ' - ' + str(row[1])
member_dict["weight"] = 1
member_dict["groups"] = jsonify(row[0])
main_list.append(member_dict)
else:
continue
return main_list
def gephi_export(number):
fe = open(CAPEC_csv_edgelist, 'w')
HEADe = "Source,Target,Type,id,label,timeset,weight\n"
fe.write(HEADe)
fn = open(CAPEC_csv_nodelist, 'w')
HEADn = "Id,Label,timeset\n"
fn.write(HEADn)
capecid_id_dict = dict()
capecid_id_dict[str(number)]='0'
node = '{o1},{o2},{o3}\n'.format(o1='0',o2=number,o3='')
fn.write(node)
id_counter = 1
for row in CAPEC_entries:
node = '{o1},{o2},{o3}\n'.format(o1=id_counter,o2=row[0],o3='')
fn.write(node)
capecid_id_dict[row[0]]=id_counter
id_counter+=1
type_value = "Directed"
edge_id_counter = 0
for row in CAPEC_entries:
if row[2] in capecid_id_dict:
source_value = int(capecid_id_dict[row[2]])
target_value = int(capecid_id_dict[row[0]])
edge = '{o1},{o2},{o3},{o4},{o5},{o6},{o7}\n'.format(o1=source_value,o2=target_value,o3=type_value,o4=edge_id_counter,o5='',o6='',o7=1)
fe.write(edge)
edge_id_counter+=1
def createHTML():
foamtreetemplate1 = '''<!DOCTYPE html>
<html>
<head>
<title>FoamTree Quick Start</title>
<meta charset="utf-8" />
</head>
<body>
<div id="visualization" style="width: 800px; height: 600px"></div>
<script src="'''+ javascript_path +'''"></script>
<script>
window.addEventListener("load", function() {
var foamtree = new CarrotSearchFoamTree({
id: "visualization",
dataObject:'''
foamtreetemplate2 = '''});
});
</script>
</body>
</html>'''
with open(CAPEC_html,'w') as outputfile:
outputfile.write(foamtreetemplate1)
for line in open(CAPEC_json):
outputfile.write(line)
outputfile.write(foamtreetemplate2)
def createJSON():
with open(CAPEC_json,'w') as jsonfile:
json.dump(CAPEC_dict, jsonfile)
jsonfile.close()
CAPEC_dict = dict()
CAPEC_dict["groups"]=jsonify(1000)
createJSON()
createHTML()
gephi_export(1000)
print("HTML export")
from IPython.core.display import display, HTML
display(HTML(CAPEC_html))
print("JSON export")
print(json.dumps(CAPEC_dict, indent=2))
import pandas as pd
print("Node List")
DSI_data = pd.read_csv(CAPEC_csv_nodelist)
print(DSI_data)
print("Edge List")
DSI_data1 = pd.read_csv(CAPEC_csv_edgelist)
print(DSI_data1)
HTML export
FoamTree Quick Start
JSON export
{
"groups": [
{
"label": "156 - Engage in Deceptive Interactions",
"weight": 1,
"groups": [
{
"label": "148 - Content Spoofing",
"weight": 1,
"groups": [
{
"label": "145 - Checksum Spoofing",
"weight": 1,
"groups": []
},
{
"label": "218 - Spoofing of UDDI/ebXML Messages",
"weight": 1,
"groups": []
},
{
"label": "502 - Intent Spoof",
"weight": 1,
"groups": []
},
{
"label": "570 - Signature-Based Avoidance",
"weight": 1,
"groups": []
},
{
"label": "572 - Artificially Inflate File Sizes",
"weight": 1,
"groups": []
},
{
"label": "628 - Carry-Off GPS Attack",
"weight": 1,
"groups": []
}
]
},
{
"label": "151 - Identity Spoofing",
"weight": 1,
"groups": [
{
"label": "194 - Fake the Source of Data",
"weight": 1,
"groups": [
{
"label": "543 - Counterfeit Websites",
"weight": 1,
"groups": []
},
{
"label": "544 - Counterfeit Organizations",
"weight": 1,
"groups": []
},
{
"label": "598 - DNS Spoofing",
"weight": 1,
"groups": []
},
{
"label": "627 - Counterfeit GPS Signals",
"weight": 1,
"groups": []
}
]
},
{
"label": "195 - Principal Spoof",
"weight": 1,
"groups": []
},
{
"label": "473 - Signature Spoof",
"weight": 1,
"groups": [
{
"label": "459 - Creating a Rogue Certificate Authority Certificate",
"weight": 1,
"groups": []
},
{
"label": "474 - Signature Spoofing by Key Theft",
"weight": 1,
"groups": []
},
{
"label": "475 - Signature Spoofing by Improper Validation",
"weight": 1,
"groups": []
},
{
"label": "476 - Signature Spoofing by Misrepresentation",
"weight": 1,
"groups": []
},
{
"label": "477 - Signature Spoofing by Mixing Signed and Unsigned Content",
"weight": 1,
"groups": []
},
{
"label": "485 - Signature Spoofing by Key Recreation",
"weight": 1,
"groups": []
}
]
},
{
"label": "89 - Pharming",
"weight": 1,
"groups": []
},
{
"label": "98 - Phishing",
"weight": 1,
"groups": [
{
"label": "163 - Spear Phishing",
"weight": 1,
"groups": []
},
{
"label": "164 - Mobile Phishing",
"weight": 1,
"groups": []
}
]
}
]
},
{
"label": "154 - Resource Location Spoofing",
"weight": 1,
"groups": [
{
"label": "159 - Redirect Access to Libraries",
"weight": 1,
"groups": [
{
"label": "132 - Symlink Attack",
"weight": 1,
"groups": []
},
{
"label": "38 - Leveraging/Manipulating Configuration File Search Paths",
"weight": 1,
"groups": []
},
{
"label": "471 - DLL Search Order Hijacking",
"weight": 1,
"groups": []
}
]
},
{
"label": "616 - Patiently Waiting at Incorrect Location",
"weight": 1,
"groups": [
{
"label": "611 - BitSquatting",
"weight": 1,
"groups": []
},
{
"label": "615 - Evil Twin Wi-Fi Attack",
"weight": 1,
"groups": []
},
{
"label": "617 - Cellular Rogue Base Station",
"weight": 1,
"groups": []
}
]
}
]
},
{
"label": "173 - Action Spoofing",
"weight": 1,
"groups": [
{
"label": "103 - Clickjacking",
"weight": 1,
"groups": [
{
"label": "181 - Flash File Overlay",
"weight": 1,
"groups": []
},
{
"label": "222 - iFrame Overlay",
"weight": 1,
"groups": []
}
]
},
{
"label": "501 - Activity Hijack",
"weight": 1,
"groups": []
},
{
"label": "504 - Task Impersonation",
"weight": 1,
"groups": []
},
{
"label": "505 - Scheme Squatting",
"weight": 1,
"groups": []
},
{
"label": "506 - Tapjacking",
"weight": 1,
"groups": []
}
]
},
{
"label": "416 - Target Influence via Social Engineering",
"weight": 1,
"groups": [
{
"label": "417 - Target Influence via Perception of Reciprocation",
"weight": 1,
"groups": [
{
"label": "418 - Target Influence via Perception of Obligation",
"weight": 1,
"groups": []
},
{
"label": "419 - Target Influence via Perception of Concession",
"weight": 1,
"groups": []
}
]
},
{
"label": "420 - Target Influence via Perception of Scarcity",
"weight": 1,
"groups": []
},
{
"label": "421 - Target Influence via Perception of Authority",
"weight": 1,
"groups": []
},
{
"label": "422 - Target Influence via Perception of Commitment and Consistency",
"weight": 1,
"groups": []
},
{
"label": "423 - Target Influence via Perception of Liking",
"weight": 1,
"groups": []
},
{
"label": "424 - Target Influence via Perception of Consensus or Social Proof",
"weight": 1,
"groups": []
},
{
"label": "425 - Target Influence via Framing",
"weight": 1,
"groups": []
},
{
"label": "426 - Target Influence via Manipulation of Incentives",
"weight": 1,
"groups": []
},
{
"label": "427 - Target Influence via Psychological Principles",
"weight": 1,
"groups": [
{
"label": "428 - Target Influence via Modes of Thinking",
"weight": 1,
"groups": []
},
{
"label": "429 - Target Influence via Eye Cues",
"weight": 1,
"groups": []
},
{
"label": "430 - Target Influence via Micro-Expressions",
"weight": 1,
"groups": [
{
"label": "431 - Target Influence via Neuro-Linguistic Programming (NLP)",
"weight": 1,
"groups": [
{
"label": "432 - Target Influence via Voice in NLP",
"weight": 1,
"groups": []
}
]
}
]
},
{
"label": "433 - Target Influence via The Human Buffer Overflow",
"weight": 1,
"groups": []
},
{
"label": "434 - Target Influence via Interview and Interrogation",
"weight": 1,
"groups": []
},
{
"label": "435 - Target Influence via Instant Rapport",
"weight": 1,
"groups": []
}
]
}
]
}
]
},
{
"label": "210 - Abuse Existing Functionality",
"weight": 1,
"groups": [
{
"label": "125 - Flooding",
"weight": 1,
"groups": [
{
"label": "482 - TCP Flood",
"weight": 1,
"groups": []
},
{
"label": "486 - UDP Flood",
"weight": 1,
"groups": []
},
{
"label": "487 - ICMP Flood",
"weight": 1,
"groups": []
},
{
"label": "488 - HTTP Flood",
"weight": 1,
"groups": []
},
{
"label": "489 - SSL Flood",
"weight": 1,
"groups": []
},
{
"label": "490 - Amplification",
"weight": 1,
"groups": []
},
{
"label": "528 - XML Flood",
"weight": 1,
"groups": [
{
"label": "147 - XML Ping of the Death",
"weight": 1,
"groups": []
}
]
}
]
},
{
"label": "130 - Excessive Allocation",
"weight": 1,
"groups": [
{
"label": "230 - XML Nested Payloads",
"weight": 1,
"groups": [
{
"label": "197 - XML Entity Expansion",
"weight": 1,
"groups": []
},
{
"label": "491 - XML Quadratic Expansion",
"weight": 1,
"groups": []
}
]
},
{
"label": "231 - XML Oversized Payloads",
"weight": 1,
"groups": [
{
"label": "201 - XML Entity Blowup",
"weight": 1,
"groups": []
},
{
"label": "229 - XML Attribute Blowup",
"weight": 1,
"groups": []
}
]
},
{
"label": "492 - Regular Expression Exponential Blowup",
"weight": 1,
"groups": []
},
{
"label": "493 - SOAP Array Blowup",
"weight": 1,
"groups": []
},
{
"label": "494 - TCP Fragmentation",
"weight": 1,
"groups": []
},
{
"label": "495 - UDP Fragmentation",
"weight": 1,
"groups": []
},
{
"label": "496 - ICMP Fragmentation",
"weight": 1,
"groups": []
}
]
},
{
"label": "131 - Resource Leak Exposure",
"weight": 1,
"groups": []
},
{
"label": "227 - Sustained Client Engagement",
"weight": 1,
"groups": [
{
"label": "469 - HTTP DoS",
"weight": 1,
"groups": []
}
]
},
{
"label": "113 - API Manipulation",
"weight": 1,
"groups": [
{
"label": "121 - Exploit Test APIs",
"weight": 1,
"groups": []
},
{
"label": "133 - Try All Common Switches",
"weight": 1,
"groups": []
},
{
"label": "160 - Exploit Script-Based APIs",
"weight": 1,
"groups": []
},
{
"label": "36 - Using Unpublished APIs",
"weight": 1,
"groups": []
}
]
},
{
"label": "212 - Functionality Misuse",
"weight": 1,
"groups": [
{
"label": "111 - JSON Hijacking (aka JavaScript Hijacking)",
"weight": 1,
"groups": []
},
{
"label": "2 - Inducing Account Lockout",
"weight": 1,
"groups": []
},
{
"label": "48 - Passing Local Filenames to Functions That Expect a URL",
"weight": 1,
"groups": []
},
{
"label": "50 - Password Recovery Exploitation",
"weight": 1,
"groups": []
},
{
"label": "620 - Drop Encryption Level",
"weight": 1,
"groups": [
{
"label": "606 - Weakening of Cellular Encryption",
"weight": 1,
"groups": []
}
]
}
]
},
{
"label": "216 - Communication Channel Manipulation",
"weight": 1,
"groups": [
{
"label": "12 - Choosing Message Identifier",
"weight": 1,
"groups": []
},
{
"label": "217 - Exploiting Incorrectly Configured SSL",
"weight": 1,
"groups": []
}
]
},
{
"label": "554 - Functionality Bypass",
"weight": 1,
"groups": [
{
"label": "179 - Calling Micro-Services Directly",
"weight": 1,
"groups": []
},
{
"label": "464 - Evercookie",
"weight": 1,
"groups": []
},
{
"label": "465 - Transparent Proxy Abuse",
"weight": 1,
"groups": []
}
]
},
{
"label": "272 - Protocol Manipulation",
"weight": 1,
"groups": [
{
"label": "168 - Windows ::DATA Alternate Data Stream",
"weight": 1,
"groups": []
},
{
"label": "220 - Client-Server Protocol Manipulation",
"weight": 1,
"groups": [
{
"label": "105 - HTTP Request Splitting",
"weight": 1,
"groups": []
},
{
"label": "199 - Cross-Site Scripting Using Alternate Syntax",
"weight": 1,
"groups": []
},
{
"label": "244 - Cross-Site Scripting via Encoded URI Schemes ",
"weight": 1,
"groups": []
},
{
"label": "273 - HTTP Response Smuggling",
"weight": 1,
"groups": []
},
{
"label": "274 - HTTP Verb Tampering",
"weight": 1,
"groups": []
},
{
"label": "32 - Embedding Scripts in HTTP Query Strings",
"weight": 1,
"groups": []
},
{
"label": "33 - HTTP Request Smuggling",
"weight": 1,
"groups": []
},
{
"label": "34 - HTTP Response Splitting",
"weight": 1,
"groups": []
},
{
"label": "5 - Blue Boxing",
"weight": 1,
"groups": []
},
{
"label": "86 - Embedding Script (XSS) in HTTP Headers",
"weight": 1,
"groups": [
{
"label": "107 - Cross Site Tracing",
"weight": 1,
"groups": []
}
]
},
{
"label": "90 - Reflection Attack in Authentication Protocol",
"weight": 1,
"groups": []
}
]
},
{
"label": "275 - DNS Rebinding",
"weight": 1,
"groups": []
},
{
"label": "276 - Inter-component Protocol Manipulation",
"weight": 1,
"groups": []
},
{
"label": "277 - Data Interchange Protocol Manipulation",
"weight": 1,
"groups": []
},
{
"label": "278 - Web Services Protocol Manipulation",
"weight": 1,
"groups": [
{
"label": "221 - XML External Entities",
"weight": 1,
"groups": [
{
"label": "201 - XML Entity Blowup",
"weight": 1,
"groups": []
}
]
},
{
"label": "279 - Soap Manipulation",
"weight": 1,
"groups": [
{
"label": "280 - SOAP Parameter Tampering",
"weight": 1,
"groups": []
}
]
}
]
}
]
},
{
"label": "375 - Protocol Manipulation",
"weight": 1,
"groups": []
}
]
},
{
"label": "255 - Manipulate Data Structures",
"weight": 1,
"groups": [
{
"label": "123 - Buffer Manipulation",
"weight": 1,
"groups": [
{
"label": "100 - Overflow Buffers",
"weight": 1,
"groups": [
{
"label": "10 - Buffer Overflow via Environment Variables",
"weight": 1,
"groups": []
},
{
"label": "14 - Client-side Injection-induced Buffer Overflow",
"weight": 1,
"groups": []
},
{
"label": "24 - Filter Failure through Buffer Overflow",
"weight": 1,
"groups": []
},
{
"label": "256 - SOAP Array Overflow",
"weight": 1,
"groups": []
},
{
"label": "42 - MIME Conversion",
"weight": 1,
"groups": []
},
{
"label": "44 - Overflow Binary Resource File",
"weight": 1,
"groups": []
},
{
"label": "45 - Buffer Overflow via Symbolic Links",
"weight": 1,
"groups": []
},
{
"label": "46 - Overflow Variables and Tags",
"weight": 1,
"groups": []
},
{
"label": "47 - Buffer Overflow via Parameter Expansion",
"weight": 1,
"groups": []
},
{
"label": "67 - String Format Overflow in syslog()",
"weight": 1,
"groups": []
},
{
"label": "8 - Buffer Overflow in an API Call",
"weight": 1,
"groups": []
},
{
"label": "9 - Buffer Overflow in Local Command-Line Utilities",
"weight": 1,
"groups": []
}
]
},
{
"label": "540 - Overread Buffers",
"weight": 1,
"groups": []
}
]
},
{
"label": "124 - Shared Data Manipulation",
"weight": 1,
"groups": []
},
{
"label": "129 - Pointer Manipulation",
"weight": 1,
"groups": []
},
{
"label": "153 - Input Data Manipulation",
"weight": 1,
"groups": [
{
"label": "126 - Path Traversal",
"weight": 1,
"groups": [
{
"label": "139 - Relative Path Traversal",
"weight": 1,
"groups": []
},
{
"label": "597 - Absolute Path Traversal",
"weight": 1,
"groups": []
},
{
"label": "76 - Manipulating Web Input to File System Calls",
"weight": 1,
"groups": []
}
]
},
{
"label": "128 - Integer Attacks",
"weight": 1,
"groups": [
{
"label": "92 - Forced Integer Overflow",
"weight": 1,
"groups": []
}
]
},
{
"label": "267 - Leverage Alternate Encoding",
"weight": 1,
"groups": [
{
"label": "120 - Double Encoding",
"weight": 1,
"groups": []
},
{
"label": "3 - Using Leading 'Ghost' Character Sequences to Bypass Input Filters",
"weight": 1,
"groups": []
},
{
"label": "4 - Using Alternative IP Address Encodings",
"weight": 1,
"groups": []
},
{
"label": "43 - Exploiting Multiple Input Interpretation Layers",
"weight": 1,
"groups": []
},
{
"label": "52 - Embedding NULL Bytes",
"weight": 1,
"groups": []
},
{
"label": "53 - Postfix Null Terminate and Backslash",
"weight": 1,
"groups": []
},
{
"label": "64 - Using Slashes and URL Encoding Combined to Bypass Validation Logic",
"weight": 1,
"groups": []
},
{
"label": "71 - Using Unicode Encoding to Bypass Validation Logic",
"weight": 1,
"groups": []
},
{
"label": "72 - URL Encoding",
"weight": 1,
"groups": []
},
{
"label": "78 - Using Escaped Slashes in Alternate Encoding",
"weight": 1,
"groups": []
},
{
"label": "79 - Using Slashes in Alternate Encoding",
"weight": 1,
"groups": []
},
{
"label": "80 - Using UTF-8 Encoding to Bypass Validation Logic",
"weight": 1,
"groups": []
}
]
}
]
}
]
},
{
"label": "262 - Manipulate System Resources",
"weight": 1,
"groups": [
{
"label": "184 - Software Integrity Attack",
"weight": 1,
"groups": [
{
"label": "185 - Malicious Software Download",
"weight": 1,
"groups": []
},
{
"label": "186 - Malicious Software Update",
"weight": 1,
"groups": [
{
"label": "187 - Malicious Automated Software Update",
"weight": 1,
"groups": []
},
{
"label": "533 - Malicious Manual Software Update",
"weight": 1,
"groups": []
},
{
"label": "614 - Rooting SIM Cards",
"weight": 1,
"groups": []
}
]
}
]
},
{
"label": "440 - Hardware Integrity Attack",
"weight": 1,
"groups": [
{
"label": "401 - Hacking Hardware",
"weight": 1,
"groups": [
{
"label": "402 - Bypassing ATA Password Security",
"weight": 1,
"groups": []
}
]
},
{
"label": "534 - Malicious Hardware Update",
"weight": 1,
"groups": [
{
"label": "531 - Hardware Component Substitution",
"weight": 1,
"groups": [
{
"label": "530 - Provide Counterfeit Component",
"weight": 1,
"groups": []
},
{
"label": "535 - Malicious Gray Market Hardware",
"weight": 1,
"groups": []
}
]
}
]
}
]
},
{
"label": "161 - Infrastructure Manipulation",
"weight": 1,
"groups": [
{
"label": "141 - Cache Poisoning",
"weight": 1,
"groups": [
{
"label": "142 - DNS Cache Poisoning",
"weight": 1,
"groups": []
}
]
},
{
"label": "166 - Force the System to Reset Values",
"weight": 1,
"groups": []
},
{
"label": "268 - Audit Log Manipulation",
"weight": 1,
"groups": [
{
"label": "81 - Web Logs Tampering",
"weight": 1,
"groups": []
},
{
"label": "93 - Log Injection-Tampering-Forging",
"weight": 1,
"groups": []
}
]
},
{
"label": "571 - Block Logging to Central Repository",
"weight": 1,
"groups": []
}
]
},
{
"label": "165 - File Manipulation",
"weight": 1,
"groups": [
{
"label": "11 - Cause Web Server Misclassification",
"weight": 1,
"groups": []
},
{
"label": "17 - Accessing Modifying or Executing Executable Files",
"weight": 1,
"groups": [
{
"label": "562 - Modify Shared File",
"weight": 1,
"groups": []
},
{
"label": "563 - Add Malicious File to Shared Webroot",
"weight": 1,
"groups": []
}
]
},
{
"label": "177 - Create files with the same name as files protected with a higher classification",
"weight": 1,
"groups": []
},
{
"label": "263 - Force Use of Corrupted Files",
"weight": 1,
"groups": []
},
{
"label": "35 - Leverage Executable Code in Non-Executable Files",
"weight": 1,
"groups": []
},
{
"label": "73 - User-Controlled Filename",
"weight": 1,
"groups": []
}
]
},
{
"label": "176 - Configuration/Environment Manipulation",
"weight": 1,
"groups": [
{
"label": "203 - Manipulate Application Registry Values",
"weight": 1,
"groups": [
{
"label": "270 - Modification of Registry Run Keys",
"weight": 1,
"groups": []
},
{
"label": "51 - Poison Web Service Registry",
"weight": 1,
"groups": []
}
]
},
{
"label": "271 - Schema Poisoning",
"weight": 1,
"groups": [
{
"label": "146 - XML Schema Poisoning",
"weight": 1,
"groups": []
}
]
},
{
"label": "536 - Data Injected During Configuration",
"weight": 1,
"groups": []
},
{
"label": "578 - Disable Security Software",
"weight": 1,
"groups": []
},
{
"label": "75 - Manipulating Writeable Configuration Files",
"weight": 1,
"groups": []
}
]
},
{
"label": "607 - Obstruction",
"weight": 1,
"groups": [
{
"label": "547 - Physical Destruction of Device or Component",
"weight": 1,
"groups": []
},
{
"label": "601 - Jamming",
"weight": 1,
"groups": [
{
"label": "604 - Wi-Fi Jamming",
"weight": 1,
"groups": []
},
{
"label": "605 - Cellular Jamming",
"weight": 1,
"groups": []
}
]
},
{
"label": "603 - Blockage",
"weight": 1,
"groups": [
{
"label": "96 - Block Access to Libraries",
"weight": 1,
"groups": []
}
]
}
]
},
{
"label": "438 - Modification During Manufacture",
"weight": 1,
"groups": [
{
"label": "444 - Development Alteration",
"weight": 1,
"groups": [
{
"label": "443 - Malicious Logic Inserted Into Product Software by Authorized Developer",
"weight": 1,
"groups": []
},
{
"label": "445 - Malicious Logic Insertion into Product Software via Configuration Management Manipulation",
"weight": 1,
"groups": []
},
{
"label": "446 - Malicious Logic Insertion into Product Software via Inclusion of 3rd Party Component Dependency",
"weight": 1,
"groups": []
},
{
"label": "511 - Infiltration of Software Development Environment",
"weight": 1,
"groups": []
},
{
"label": "516 - Hardware Component Substitution During Baselining",
"weight": 1,
"groups": []
},
{
"label": "520 - Counterfeit Hardware Component Inserted During Product Assembly",
"weight": 1,
"groups": []
},
{
"label": "537 - Infiltration of Hardware Development Environment",
"weight": 1,
"groups": []
},
{
"label": "539 - ASIC With Malicious Functionality",
"weight": 1,
"groups": []
}
]
},
{
"label": "447 - Design Alteration",
"weight": 1,
"groups": [
{
"label": "517 - Documentation Alteration to Circumvent Dial-down",
"weight": 1,
"groups": []
},
{
"label": "518 - Documentation Alteration to Produce Under-performing Systems",
"weight": 1,
"groups": []
},
{
"label": "519 - Documentation Alteration to Cause Errors in System Design",
"weight": 1,
"groups": []
},
{
"label": "521 - Hardware Design Specifications Are Altered",
"weight": 1,
"groups": []
}
]
}
]
},
{
"label": "439 - Manipulation During Distribution",
"weight": 1,
"groups": [
{
"label": "522 - Malicious Hardware Component Replacement",
"weight": 1,
"groups": []
},
{
"label": "523 - Malicious Software Implanted",
"weight": 1,
"groups": []
},
{
"label": "524 - Rogue Integration Procedures",
"weight": 1,
"groups": []
}
]
},
{
"label": "441 - Malicious Logic Insertion",
"weight": 1,
"groups": [
{
"label": "442 - Malicious Logic Inserted Into To Product Software",
"weight": 1,
"groups": [
{
"label": "448 - Malware Infection into Product Software",
"weight": 1,
"groups": []
},
{
"label": "532 - Altered Installed BIOS",
"weight": 1,
"groups": []
},
{
"label": "538 - Open Source Libraries Altered",
"weight": 1,
"groups": []
}
]
},
{
"label": "452 - Malicious Logic Insertion into Product Hardware",
"weight": 1,
"groups": []
},
{
"label": "456 - Malicious Logic Insertion into Product Memory",
"weight": 1,
"groups": [
{
"label": "457 - USB Memory Attacks",
"weight": 1,
"groups": []
},
{
"label": "458 - Flash Memory Attacks",
"weight": 1,
"groups": []
}
]
}
]
},
{
"label": "548 - Contaminate Resource",
"weight": 1,
"groups": []
}
]
},
{
"label": "152 - Inject Unexpected Items",
"weight": 1,
"groups": [
{
"label": "137 - Parameter Injection",
"weight": 1,
"groups": [
{
"label": "134 - Email Injection",
"weight": 1,
"groups": [
{
"label": "41 - Using Meta-characters in E-mail Headers to Inject Malicious Payloads",
"weight": 1,
"groups": []
}
]
},
{
"label": "135 - Format String Injection",
"weight": 1,
"groups": []
},
{
"label": "138 - Reflection Injection",
"weight": 1,
"groups": []
},
{
"label": "15 - Command Delimiters",
"weight": 1,
"groups": [
{
"label": "460 - HTTP Parameter Pollution (HPP)",
"weight": 1,
"groups": []
}
]
},
{
"label": "174 - Flash Parameter Injection",
"weight": 1,
"groups": []
},
{
"label": "6 - Argument Injection",
"weight": 1,
"groups": []
}
]
},
{
"label": "175 - Code Inclusion",
"weight": 1,
"groups": [
{
"label": "251 - Local Code Inclusion",
"weight": 1,
"groups": [
{
"label": "252 - PHP Local File Inclusion",
"weight": 1,
"groups": []
}
]
},
{
"label": "253 - Remote Code Inclusion",
"weight": 1,
"groups": [
{
"label": "101 - Server Side Include (SSI) Injection",
"weight": 1,
"groups": []
},
{
"label": "193 - PHP Remote File Inclusion",
"weight": 1,
"groups": []
},
{
"label": "500 - WebView Injection",
"weight": 1,
"groups": []
}
]
}
]
},
{
"label": "240 - Resource Injection",
"weight": 1,
"groups": [
{
"label": "610 - Cellular Data Injection",
"weight": 1,
"groups": []
}
]
},
{
"label": "242 - Code Injection",
"weight": 1,
"groups": [
{
"label": "19 - Embedding Scripts within Scripts",
"weight": 1,
"groups": []
},
{
"label": "23 - File Content Injection",
"weight": 1,
"groups": [
{
"label": "44 - Overflow Binary Resource File",
"weight": 1,
"groups": []
}
]
},
{
"label": "41 - Using Meta-characters in E-mail Headers to Inject Malicious Payloads",
"weight": 1,
"groups": []
},
{
"label": "468 - Generic Cross-Browser Cross-Domain Theft",
"weight": 1,
"groups": []
},
{
"label": "63 - Simple Script Injection",
"weight": 1,
"groups": [
{
"label": "106 - Cross Site Scripting through Log Files",
"weight": 1,
"groups": []
},
{
"label": "18 - Embedding Scripts in Non-Script Elements",
"weight": 1,
"groups": [
{
"label": "106 - Cross Site Scripting through Log Files",
"weight": 1,
"groups": []
},
{
"label": "198 - Cross-Site Scripting in Error Pages",
"weight": 1,
"groups": []
},
{
"label": "199 - Cross-Site Scripting Using Alternate Syntax",
"weight": 1,
"groups": []
},
{
"label": "209 - Cross-Site Scripting Using MIME Type Mismatch",
"weight": 1,
"groups": []
},
{
"label": "243 - Cross-Site Scripting in Attributes",
"weight": 1,
"groups": []
},
{
"label": "244 - Cross-Site Scripting via Encoded URI Schemes ",
"weight": 1,
"groups": []
},
{
"label": "245 - Cross-Site Scripting Using Doubled Characters e.g. %3C%3Cscript",
"weight": 1,
"groups": []
},
{
"label": "246 - Cross-Site Scripting Using Flash",
"weight": 1,
"groups": []
},
{
"label": "247 - Cross-Site Scripting with Masking through Invalid Characters in Identifiers",
"weight": 1,
"groups": []
},
{
"label": "32 - Embedding Scripts in HTTP Query Strings",
"weight": 1,
"groups": []
},
{
"label": "86 - Embedding Script (XSS) in HTTP Headers",
"weight": 1,
"groups": [
{
"label": "107 - Cross Site Tracing",
"weight": 1,
"groups": []
}
]
},
{
"label": "91 - XSS in IMG Tags",
"weight": 1,
"groups": []
}
]
},
{
"label": "73 - User-Controlled Filename",
"weight": 1,
"groups": []
}
]
}
]
},
{
"label": "248 - Command Injection",
"weight": 1,
"groups": [
{
"label": "136 - LDAP Injection",
"weight": 1,
"groups": []
},
{
"label": "182 - Flash Injection",
"weight": 1,
"groups": [
{
"label": "178 - Cross-Site Flashing",
"weight": 1,
"groups": []
},
{
"label": "246 - Cross-Site Scripting Using Flash",
"weight": 1,
"groups": []
}
]
},
{
"label": "183 - IMAP/SMTP Command Injection",
"weight": 1,
"groups": []
},
{
"label": "249 - Linux Terminal Injection",
"weight": 1,
"groups": [
{
"label": "40 - Manipulating Writeable Terminal Devices",
"weight": 1,
"groups": []
}
]
},
{
"label": "250 - XML Injection",
"weight": 1,
"groups": [
{
"label": "228 - DTD Injection",
"weight": 1,
"groups": []
},
{
"label": "83 - XPath Injection",
"weight": 1,
"groups": []
},
{
"label": "84 - XQuery Injection",
"weight": 1,
"groups": []
}
]
},
{
"label": "66 - SQL Injection",
"weight": 1,
"groups": [
{
"label": "108 - Command Line Execution through SQL Injection",
"weight": 1,
"groups": []
},
{
"label": "109 - Object Relational Mapping Injection",
"weight": 1,
"groups": []
},
{
"label": "110 - SQL Injection through SOAP Parameter Tampering",
"weight": 1,
"groups": []
},
{
"label": "470 - Expanding Control over the Operating System from the Database",
"weight": 1,
"groups": []
},
{
"label": "7 - Blind SQL Injection",
"weight": 1,
"groups": []
}
]
},
{
"label": "88 - OS Command Injection",
"weight": 1,
"groups": []
}
]
},
{
"label": "549 - Local Execution of Code",
"weight": 1,
"groups": [
{
"label": "542 - Targeted Malware",
"weight": 1,
"groups": [
{
"label": "550 - Install New Service",
"weight": 1,
"groups": []
},
{
"label": "551 - Modify Existing Service",
"weight": 1,
"groups": []
},
{
"label": "552 - Install Rootkit ",
"weight": 1,
"groups": []
},
{
"label": "556 - Replace File Extension Handlers",
"weight": 1,
"groups": []
},
{
"label": "557 - Schedule Software To Run",
"weight": 1,
"groups": []
},
{
"label": "558 - Replace Trusted Executable",
"weight": 1,
"groups": []
},
{
"label": "564 - Run Software at Logon",
"weight": 1,
"groups": []
},
{
"label": "579 - Replace Winlogon Helper DLL",
"weight": 1,
"groups": []
}
]
}
]
},
{
"label": "624 - Fault Injection",
"weight": 1,
"groups": [
{
"label": "625 - Mobile Device Fault Injection",
"weight": 1,
"groups": []
}
]
},
{
"label": "594 - Traffic Injection",
"weight": 1,
"groups": [
{
"label": "595 - Connection Reset",
"weight": 1,
"groups": [
{
"label": "596 - TCP RST Injection",
"weight": 1,
"groups": []
}
]
}
]
}
]
},
{
"label": "223 - Employ Probabilistic Techniques",
"weight": 1,
"groups": [
{
"label": "112 - Brute Force",
"weight": 1,
"groups": [
{
"label": "20 - Encryption Brute Forcing",
"weight": 1,
"groups": []
},
{
"label": "49 - Password Brute Forcing",
"weight": 1,
"groups": [
{
"label": "16 - Dictionary-based Password Attack",
"weight": 1,
"groups": []
},
{
"label": "55 - Rainbow Table Password Cracking",
"weight": 1,
"groups": []
},
{
"label": "70 - Try Common(default) Usernames and Passwords",
"weight": 1,
"groups": []
}
]
}
]
},
{
"label": "28 - Fuzzing",
"weight": 1,
"groups": []
},
{
"label": "112 - Brute Force",
"weight": 1,
"groups": [
{
"label": "20 - Encryption Brute Forcing",
"weight": 1,
"groups": []
},
{
"label": "49 - Password Brute Forcing",
"weight": 1,
"groups": [
{
"label": "16 - Dictionary-based Password Attack",
"weight": 1,
"groups": []
},
{
"label": "55 - Rainbow Table Password Cracking",
"weight": 1,
"groups": []
},
{
"label": "70 - Try Common(default) Usernames and Passwords",
"weight": 1,
"groups": []
}
]
}
]
}
]
},
{
"label": "172 - Manipulate Timing and State",
"weight": 1,
"groups": [
{
"label": "25 - Forced Deadlock",
"weight": 1,
"groups": []
},
{
"label": "26 - Leveraging Race Conditions",
"weight": 1,
"groups": [
{
"label": "27 - Leveraging Race Conditions via Symbolic Links",
"weight": 1,
"groups": []
},
{
"label": "29 - Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions",
"weight": 1,
"groups": []
}
]
},
{
"label": "74 - Manipulating User State",
"weight": 1,
"groups": [
{
"label": "140 - Bypassing of Intermediate Forms in Multiple-Form Sets",
"weight": 1,
"groups": []
}
]
}
]
},
{
"label": "118 - Collect and Analyze Information",
"weight": 1,
"groups": [
{
"label": "116 - Excavation",
"weight": 1,
"groups": [
{
"label": "150 - Collect Data from Common Resource Locations",
"weight": 1,
"groups": [
{
"label": "143 - Detect Unpublicized Web Pages",
"weight": 1,
"groups": []
},
{
"label": "144 - Detect Unpublicized Web Services",
"weight": 1,
"groups": []
},
{
"label": "155 - Screen Temporary Files for Sensitive Information",
"weight": 1,
"groups": []
},
{
"label": "31 - Accessing/Intercepting/Modifying HTTP Cookies",
"weight": 1,
"groups": []
}
]
},
{
"label": "54 - Query System for Information",
"weight": 1,
"groups": [
{
"label": "127 - Directory Indexing",
"weight": 1,
"groups": []
},
{
"label": "214 - Fuzzing for garnering J2EE/.NET-based stack traces for application mapping",
"weight": 1,
"groups": []
},
{
"label": "215 - Fuzzing and observing application log data/errors for application mapping",
"weight": 1,
"groups": []
},
{
"label": "261 - Fuzzing for garnering other adjacent user/sensitive data",
"weight": 1,
"groups": []
},
{
"label": "462 - Cross-Domain Search Timing",
"weight": 1,
"groups": []
},
{
"label": "95 - WSDL Scanning",
"weight": 1,
"groups": []
}
]
},
{
"label": "545 - Pull Data from System Resources",
"weight": 1,
"groups": [
{
"label": "498 - Probe iOS Screenshots",
"weight": 1,
"groups": []
},
{
"label": "546 - Probe Application Memory",
"weight": 1,
"groups": []
}
]
},
{
"label": "567 - Obtain Data via Utilities",
"weight": 1,
"groups": [
{
"label": "566 - Dump Password Hashes",
"weight": 1,
"groups": []
}
]
},
{
"label": "569 - Collect Data as Provided by Users",
"weight": 1,
"groups": [
{
"label": "568 - Capture Credentials via Keylogger",
"weight": 1,
"groups": []
}
]
}
]
},
{
"label": "117 - Interception",
"weight": 1,
"groups": [
{
"label": "157 - Sniffing Attacks",
"weight": 1,
"groups": [
{
"label": "158 - Sniffing Network Traffic",
"weight": 1,
"groups": []
},
{
"label": "31 - Accessing/Intercepting/Modifying HTTP Cookies",
"weight": 1,
"groups": []
},
{
"label": "609 - Cellular Traffic Intercept",
"weight": 1,
"groups": []
},
{
"label": "65 - Sniff Application Code",
"weight": 1,
"groups": []
}
]
},
{
"label": "383 - Harvesting Usernames or UserIDs via Application API Event Monitoring",
"weight": 1,
"groups": []
},
{
"label": "499 - Intent Intercept",
"weight": 1,
"groups": [
{
"label": "501 - Activity Hijack",
"weight": 1,
"groups": []
}
]
}
]
},
{
"label": "169 - Footprinting",
"weight": 1,
"groups": [
{
"label": "149 - Explore for Predictable Temporary File Names",
"weight": 1,
"groups": []
},
{
"label": "292 - Host Discovery",
"weight": 1,
"groups": [
{
"label": "285 - ICMP Echo Request Ping",
"weight": 1,
"groups": []
},
{
"label": "294 - ICMP Address Mask Request",
"weight": 1,
"groups": []
},
{
"label": "295 - ICMP Timestamp Request",
"weight": 1,
"groups": []
},
{
"label": "296 - ICMP Information Request",
"weight": 1,
"groups": []
},
{
"label": "297 - TCP ACK Ping",
"weight": 1,
"groups": []
},
{
"label": "298 - UDP Ping",
"weight": 1,
"groups": []
},
{
"label": "299 - TCP SYN Ping",
"weight": 1,
"groups": []
},
{
"label": "612 - WiFi MAC Address Tracking",
"weight": 1,
"groups": []
},
{
"label": "613 - WiFi SSID Tracking",
"weight": 1,
"groups": []
},
{
"label": "618 - Cellular Broadcast Message Request",
"weight": 1,
"groups": []
},
{
"label": "619 - Signal Strength Tracking",
"weight": 1,
"groups": []
}
]
},
{
"label": "300 - Port Scanning",
"weight": 1,
"groups": [
{
"label": "287 - TCP SYN Scan",
"weight": 1,
"groups": []
},
{
"label": "301 - TCP Connect Scan",
"weight": 1,
"groups": []
},
{
"label": "302 - TCP FIN scan",
"weight": 1,
"groups": []
},
{
"label": "303 - TCP Xmas Scan",
"weight": 1,
"groups": []
},
{
"label": "304 - TCP Null Scan",
"weight": 1,
"groups": []
},
{
"label": "305 - TCP ACK Scan",
"weight": 1,
"groups": []
},
{
"label": "306 - TCP Window Scan",
"weight": 1,
"groups": []
},
{
"label": "307 - TCP RPC Scan",
"weight": 1,
"groups": []
},
{
"label": "308 - UDP Scan",
"weight": 1,
"groups": []
}
]
},
{
"label": "309 - Network Topology Mapping",
"weight": 1,
"groups": [
{
"label": "290 - Enumerate Mail Exchange (MX) Records",
"weight": 1,
"groups": []
},
{
"label": "291 - DNS Zone Transfers",
"weight": 1,
"groups": []
},
{
"label": "293 - Traceroute Route Enumeration",
"weight": 1,
"groups": []
}
]
},
{
"label": "529 - Malware-Directed Internal Reconnaissance",
"weight": 1,
"groups": []
},
{
"label": "573 - Process Footprinting",
"weight": 1,
"groups": []
},
{
"label": "574 - Services Footprinting",
"weight": 1,
"groups": []
},
{
"label": "575 - Account Footprinting",
"weight": 1,
"groups": []
},
{
"label": "576 - Group Permission Footprinting",
"weight": 1,
"groups": []
},
{
"label": "577 - Owner Footprinting",
"weight": 1,
"groups": []
},
{
"label": "580 - Application Footprinting",
"weight": 1,
"groups": [
{
"label": "581 - Security Software Footprinting",
"weight": 1,
"groups": []
}
]
}
]
},
{
"label": "224 - Fingerprinting",
"weight": 1,
"groups": [
{
"label": "311 - OS Fingerprinting",
"weight": 1,
"groups": [
{
"label": "312 - Active OS Fingerprinting",
"weight": 1,
"groups": [
{
"label": "314 - IP Fingerprinting Probes",
"weight": 1,
"groups": [
{
"label": "317 - IP ID Sequencing Probe",
"weight": 1,
"groups": []
},
{
"label": "318 - IP 'ID' Echoed Byte-Order Probe",
"weight": 1,
"groups": []
},
{
"label": "319 - IP (DF) 'Don't Fragment Bit' Echoing Probe",
"weight": 1,
"groups": []
}
]
},
{
"label": "315 - TCP/IP Fingerprinting Probes",
"weight": 1,
"groups": [
{
"label": "320 - TCP Timestamp Probe",
"weight": 1,
"groups": []
},
{
"label": "321 - TCP Sequence Number Probe",
"weight": 1,
"groups": []
},
{
"label": "322 - TCP (ISN) Greatest Common Divisor Probe",
"weight": 1,
"groups": []
},
{
"label": "323 - TCP (ISN) Counter Rate Probe",
"weight": 1,
"groups": []
},
{
"label": "324 - TCP (ISN) Sequence Predictability Probe",
"weight": 1,
"groups": []
},
{
"label": "325 - TCP Congestion Control Flag (ECN) Probe",
"weight": 1,
"groups": []
},
{
"label": "326 - TCP Initial Window Size Probe",
"weight": 1,
"groups": []
},
{
"label": "327 - TCP Options Probe",
"weight": 1,
"groups": []
},
{
"label": "328 - TCP 'RST' Flag Checksum Probe",
"weight": 1,
"groups": []
}
]
},
{
"label": "316 - ICMP Fingerprinting Probes",
"weight": 1,
"groups": [
{
"label": "329 - ICMP Error Message Quoting Probe",
"weight": 1,
"groups": []
},
{
"label": "330 - ICMP Error Message Echoing Integrity Probe",
"weight": 1,
"groups": []
},
{
"label": "331 - ICMP IP Total Length Field Probe",
"weight": 1,
"groups": []
},
{
"label": "332 - ICMP IP 'ID' Field Error Message Probe",
"weight": 1,
"groups": []
}
]
}
]
},
{
"label": "313 - Passive OS Fingerprinting",
"weight": 1,
"groups": []
}
]
},
{
"label": "541 - Application Fingerprinting",
"weight": 1,
"groups": [
{
"label": "170 - Web Application Fingerprinting",
"weight": 1,
"groups": []
},
{
"label": "310 - Scanning for Vulnerable Software",
"weight": 1,
"groups": []
},
{
"label": "472 - Browser Fingerprinting",
"weight": 1,
"groups": []
},
{
"label": "85 - AJAX Fingerprinting",
"weight": 1,
"groups": []
}
]
}
]
},
{
"label": "188 - Reverse Engineering",
"weight": 1,
"groups": [
{
"label": "167 - White Box Reverse Engineering",
"weight": 1,
"groups": [
{
"label": "190 - Reverse Engineer an Executable to Expose Assumed Hidden Functionality or Content",
"weight": 1,
"groups": []
},
{
"label": "191 - Read Sensitive Strings Within an Executable",
"weight": 1,
"groups": []
},
{
"label": "204 - Lifting Sensitive Data Embedded in Cache",
"weight": 1,
"groups": []
},
{
"label": "37 - Retrieve Embedded Sensitive Data",
"weight": 1,
"groups": []
},
{
"label": "626 - Smudge Attack",
"weight": 1,
"groups": []
}
]
},
{
"label": "189 - Black Box Reverse Engineering",
"weight": 1,
"groups": [
{
"label": "621 - Analysis of Packet Timing and Sizes",
"weight": 1,
"groups": []
},
{
"label": "622 - Electromagnetic Side-Channel Attack",
"weight": 1,
"groups": []
},
{
"label": "623 - Compromising Emanations Attack",
"weight": 1,
"groups": []
}
]
}
]
},
{
"label": "192 - Protocol Analysis",
"weight": 1,
"groups": [
{
"label": "97 - Cryptanalysis",
"weight": 1,
"groups": [
{
"label": "463 - Padding Oracle Crypto Attack",
"weight": 1,
"groups": []
},
{
"label": "608 - Cryptanalysis of Cellular Encryption",
"weight": 1,
"groups": []
}
]
}
]
}
]
},
{
"label": "225 - Subvert Access Control",
"weight": 1,
"groups": [
{
"label": "21 - Exploitation of Trusted Credentials",
"weight": 1,
"groups": [
{
"label": "102 - Session Sidejacking",
"weight": 1,
"groups": []
},
{
"label": "196 - Session Credential Falsification through Forging",
"weight": 1,
"groups": [
{
"label": "226 - Session Credential Falsification through Manipulation",
"weight": 1,
"groups": []
},
{
"label": "59 - Session Credential Falsification through Prediction",
"weight": 1,
"groups": []
}
]
},
{
"label": "510 - SaaS User Request Forgery",
"weight": 1,
"groups": []
},
{
"label": "560 - Use of Known Domain Credentials",
"weight": 1,
"groups": [
{
"label": "555 - Remote Services with Stolen Credentials",
"weight": 1,
"groups": []
},
{
"label": "561 - Windows Admin Shares with Stolen Credentials",
"weight": 1,
"groups": []
}
]
},
{
"label": "60 - Reusing Session IDs (aka Session Replay)",
"weight": 1,
"groups": []
},
{
"label": "61 - Session Fixation",
"weight": 1,
"groups": []
},
{
"label": "62 - Cross Site Request Forgery",
"weight": 1,
"groups": [
{
"label": "467 - Cross Site Identification",
"weight": 1,
"groups": []
}
]
}
]
},
{
"label": "114 - Authentication Abuse",
"weight": 1,
"groups": [
{
"label": "629 - Unauthorized Use of Device Resources",
"weight": 1,
"groups": []
},
{
"label": "90 - Reflection Attack in Authentication Protocol",
"weight": 1,
"groups": []
}
]
},
{
"label": "115 - Authentication Bypass",
"weight": 1,
"groups": [
{
"label": "237 - Calling Signed Code From Another Language Within A Sandbox Allow This ",
"weight": 1,
"groups": []
},
{
"label": "461 - Web Services API Signature Forgery Leveraging Hash Function Extension Weakness",
"weight": 1,
"groups": []
},
{
"label": "87 - Forceful Browsing",
"weight": 1,
"groups": []
}
]
},
{
"label": "22 - Exploiting Trust in Client",
"weight": 1,
"groups": [
{
"label": "202 - Create Malicious Client",
"weight": 1,
"groups": []
},
{
"label": "207 - Removing Important Client Functionality",
"weight": 1,
"groups": [
{
"label": "200 - Removal of filters: Input filters output filters data masking",
"weight": 1,
"groups": []
},
{
"label": "208 - Removing/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements",
"weight": 1,
"groups": []
},
{
"label": "239 - Subversion of authorization checks: cache filtering programmatic security etc.",
"weight": 1,
"groups": []
}
]
},
{
"label": "39 - Manipulating Opaque Client-based Data Tokens",
"weight": 1,
"groups": [
{
"label": "31 - Accessing/Intercepting/Modifying HTTP Cookies",
"weight": 1,
"groups": []
}
]
},
{
"label": "77 - Manipulating User-Controlled Variables",
"weight": 1,
"groups": [
{
"label": "13 - Subverting Environment Variable Values",
"weight": 1,
"groups": []
},
{
"label": "162 - Manipulating Hidden Fields",
"weight": 1,
"groups": []
}
]
},
{
"label": "94 - Man in the Middle Attack",
"weight": 1,
"groups": [
{
"label": "219 - XML Routing Detour Attacks",
"weight": 1,
"groups": []
},
{
"label": "384 - Application API Message Manipulation via Man-in-the-Middle",
"weight": 1,
"groups": [
{
"label": "385 - Transaction or Event Tampering via Application API Manipulation",
"weight": 1,
"groups": [
{
"label": "386 - Application API Navigation Remapping",
"weight": 1,
"groups": [
{
"label": "387 - Navigation Remapping To Propagate Malicious Content",
"weight": 1,
"groups": []
},
{
"label": "388 - Application API Button Hijacking",
"weight": 1,
"groups": []
}
]
}
]
},
{
"label": "389 - Content Spoofing Via Application API Manipulation",
"weight": 1,
"groups": []
}
]
},
{
"label": "466 - Leveraging Active Man in the Middle Attacks to Bypass Same Origin Policy",
"weight": 1,
"groups": []
},
{
"label": "57 - Utilizing REST's Trust in the System Resource to Register Man in the Middle",
"weight": 1,
"groups": []
}
]
}
]
},
{
"label": "122 - Privilege Abuse",
"weight": 1,
"groups": [
{
"label": "1 - Accessing Functionality Not Properly Constrained by ACLs",
"weight": 1,
"groups": [
{
"label": "17 - Accessing Modifying or Executing Executable Files",
"weight": 1,
"groups": [
{
"label": "562 - Modify Shared File",
"weight": 1,
"groups": []
},
{
"label": "563 - Add Malicious File to Shared Webroot",
"weight": 1,
"groups": []
}
]
},
{
"label": "58 - Restful Privilege Elevation",
"weight": 1,
"groups": []
}
]
},
{
"label": "180 - Exploiting Incorrectly Configured Access Control Security Levels",
"weight": 1,
"groups": []
},
{
"label": "221 - XML External Entities",
"weight": 1,
"groups": [
{
"label": "201 - XML Entity Blowup",
"weight": 1,
"groups": []
}
]
},
{
"label": "503 - WebView Exposure",
"weight": 1,
"groups": []
}
]
},
{
"label": "233 - Privilege Escalation",
"weight": 1,
"groups": [
{
"label": "104 - Cross Zone Scripting",
"weight": 1,
"groups": []
},
{
"label": "17 - Accessing Modifying or Executing Executable Files",
"weight": 1,
"groups": [
{
"label": "562 - Modify Shared File",
"weight": 1,
"groups": []
},
{
"label": "563 - Add Malicious File to Shared Webroot",
"weight": 1,
"groups": []
}
]
},
{
"label": "234 - Hijacking a privileged process",
"weight": 1,
"groups": []
},
{
"label": "30 - Hijacking a Privileged Thread of Execution",
"weight": 1,
"groups": [
{
"label": "235 - Implementing a callback to system routine (old AWT Queue)",
"weight": 1,
"groups": []
},
{
"label": "236 - Catching exception throw/signal from privileged block",
"weight": 1,
"groups": []
}
]
},
{
"label": "58 - Restful Privilege Elevation",
"weight": 1,
"groups": []
},
{
"label": "68 - Subvert Code-signing Facilities",
"weight": 1,
"groups": [
{
"label": "206 - Lifting signing key and signing malicious code from a production environment",
"weight": 1,
"groups": []
},
{
"label": "237 - Calling Signed Code From Another Language Within A Sandbox Allow This ",
"weight": 1,
"groups": []
},
{
"label": "238 - Using URL/codebase / G.A.C. (code source) to convince sandbox of privilege",
"weight": 1,
"groups": []
}
]
},
{
"label": "69 - Target Programs with Elevated Privileges",
"weight": 1,
"groups": []
}
]
},
{
"label": "390 - Bypassing Physical Security",
"weight": 1,
"groups": [
{
"label": "391 - Bypassing Physical Locks",
"weight": 1,
"groups": [
{
"label": "392 - Lock Bumping",
"weight": 1,
"groups": []
},
{
"label": "393 - Lock Picking",
"weight": 1,
"groups": []
},
{
"label": "394 - Using a Snap Gun Lock to Force a Lock",
"weight": 1,
"groups": []
}
]
},
{
"label": "395 - Bypassing Electronic Locks and Access Controls",
"weight": 1,
"groups": [
{
"label": "396 - Bypassing Card or Badge-Based Systems",
"weight": 1,
"groups": [
{
"label": "397 - Cloning Magnetic Strip Cards",
"weight": 1,
"groups": []
},
{
"label": "398 - Magnetic Strip Card Brute Force Attacks",
"weight": 1,
"groups": []
},
{
"label": "399 - Cloning RFID Cards or Chips",
"weight": 1,
"groups": []
},
{
"label": "400 - RFID Chip Deactivation or Destruction",
"weight": 1,
"groups": []
}
]
}
]
}
]
},
{
"label": "507 - Physical Theft",
"weight": 1,
"groups": []
}
]
}
]
}
Node List
Id Label timeset
0 0 1000 NaN
1 1 156 NaN
2 2 210 NaN
3 3 255 NaN
4 4 262 NaN
5 5 152 NaN
6 6 223 NaN
7 7 172 NaN
8 8 118 NaN
9 9 225 NaN
10 10 116 NaN
11 11 117 NaN
12 12 169 NaN
13 13 224 NaN
14 14 188 NaN
15 15 192 NaN
16 16 137 NaN
17 17 175 NaN
18 18 240 NaN
19 19 242 NaN
20 20 248 NaN
21 21 549 NaN
22 22 624 NaN
23 23 594 NaN
24 24 148 NaN
25 25 151 NaN
26 26 154 NaN
27 27 173 NaN
28 28 416 NaN
29 29 25 NaN
.. ... ... ...
561 561 73 NaN
562 562 73 NaN
563 563 75 NaN
564 564 76 NaN
565 565 77 NaN
566 566 78 NaN
567 567 79 NaN
568 568 8 NaN
569 569 80 NaN
570 570 81 NaN
571 571 83 NaN
572 572 84 NaN
573 573 85 NaN
574 574 86 NaN
575 575 86 NaN
576 576 87 NaN
577 577 88 NaN
578 578 89 NaN
579 579 9 NaN
580 580 90 NaN
581 581 90 NaN
582 582 91 NaN
583 583 92 NaN
584 584 93 NaN
585 585 94 NaN
586 586 95 NaN
587 587 96 NaN
588 588 97 NaN
589 589 98 NaN
590 590 99 NaN
[591 rows x 3 columns]
Edge List
Source Target Type id label timeset weight
0 0 1 Directed 0 NaN NaN 1
1 0 2 Directed 1 NaN NaN 1
2 0 3 Directed 2 NaN NaN 1
3 0 4 Directed 3 NaN NaN 1
4 0 5 Directed 4 NaN NaN 1
5 0 6 Directed 5 NaN NaN 1
6 0 7 Directed 6 NaN NaN 1
7 0 8 Directed 7 NaN NaN 1
8 0 9 Directed 8 NaN NaN 1
9 8 96 Directed 9 NaN NaN 1
10 8 89 Directed 10 NaN NaN 1
11 8 120 Directed 11 NaN NaN 1
12 8 113 Directed 12 NaN NaN 1
13 8 111 Directed 13 NaN NaN 1
14 8 15 Directed 14 NaN NaN 1
15 5 102 Directed 15 NaN NaN 1
16 5 109 Directed 16 NaN NaN 1
17 5 18 Directed 17 NaN NaN 1
18 5 115 Directed 18 NaN NaN 1
19 5 116 Directed 19 NaN NaN 1
20 5 21 Directed 20 NaN NaN 1
21 5 22 Directed 21 NaN NaN 1
22 5 91 Directed 22 NaN NaN 1
23 1 103 Directed 23 NaN NaN 1
24 1 104 Directed 24 NaN NaN 1
25 1 106 Directed 25 NaN NaN 1
26 1 108 Directed 26 NaN NaN 1
27 1 86 Directed 27 NaN NaN 1
28 7 29 Directed 28 NaN NaN 1
29 7 30 Directed 29 NaN NaN 1
.. ... ... ... ... ... ... ...
500 257 560 Directed 500 NaN NaN 1
501 550 562 Directed 501 NaN NaN 1
502 59 562 Directed 502 NaN NaN 1
503 60 563 Directed 503 NaN NaN 1
504 143 564 Directed 504 NaN NaN 1
505 47 565 Directed 505 NaN NaN 1
506 257 566 Directed 506 NaN NaN 1
507 257 567 Directed 507 NaN NaN 1
508 125 568 Directed 508 NaN NaN 1
509 257 569 Directed 509 NaN NaN 1
510 258 570 Directed 510 NaN NaN 1
511 250 571 Directed 511 NaN NaN 1
512 250 572 Directed 512 NaN NaN 1
513 476 573 Directed 513 NaN NaN 1
514 186 575 Directed 514 NaN NaN 1
515 224 575 Directed 515 NaN NaN 1
516 95 576 Directed 516 NaN NaN 1
517 116 577 Directed 517 NaN NaN 1
518 104 578 Directed 518 NaN NaN 1
519 125 579 Directed 519 NaN NaN 1
520 224 581 Directed 520 NaN NaN 1
521 94 581 Directed 521 NaN NaN 1
522 186 582 Directed 522 NaN NaN 1
523 145 583 Directed 523 NaN NaN 1
524 258 584 Directed 524 NaN NaN 1
525 47 585 Directed 525 NaN NaN 1
526 474 586 Directed 526 NaN NaN 1
527 523 587 Directed 527 NaN NaN 1
528 15 588 Directed 528 NaN NaN 1
529 104 589 Directed 529 NaN NaN 1
[530 rows x 7 columns]
Content source: sailuh/perceive
Similar notebooks: