Dark Mode

Settings

Capec-268 Detail

Audit Log Manipulation

Standard Software

Parents: 161

Children: 81 93

Threats: T68 T274 T297 T393

Description

The attacker injects, manipulates, deletes, or forges malicious log entries into the log file, in an attempt to mislead an audit of the log file or cover tracks of an attack. Due to either insufficient access controls of the log files or the logging mechanism, the attacker is able to perform such actions.

Not present

External ID Source Link Description
CAPEC-268 capec https://capec.mitre.org/data/definitions/268.html
CWE-117 cwe http://cwe.mitre.org/data/definitions/117.html
T1070 ATTACK https://attack.mitre.org/wiki/Technique/T1070 Indicator Removal on Host
T1562.002 ATTACK https://attack.mitre.org/wiki/Technique/T1562/002 Impair Defenses: Disable Windows Event Logging
T1562.003 ATTACK https://attack.mitre.org/wiki/Technique/T1562/003 Impair Defenses: Impair Command History Logging
T1562.008 ATTACK https://attack.mitre.org/wiki/Technique/T1562/008 Impair Defenses: Disable Cloud Logs
OWASP Attacks https://owasp.org/www-community/attacks/Log_Injection Log Injection

Not present

  1. The target host is logging the action and data of the user.
  2. The target host insufficiently protects access to the logs or logging mechanisms.
  1. The attacker must understand how the logging mechanism works. Optionally, the attacker must know the location and the format of individual entries of the log files.

Not present

Not present

Not present

We use cookies to ensure you get the best experience on our website.