Dark Mode
Capec-573 Detail
Process Footprinting
Standard Software Likelihood: Low Typical Severity: Low
Parents: 169
Threats: T60 T65 T80 T258 T288 T291 T302 T334 T392 T407
Tools: 6
An adversary exploits functionality meant to identify information about the currently running processes on the target system to an authorized user. By knowing what processes are running on the target system, the adversary can learn about the target environment as a means towards further malicious behavior.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-573 | capec | https://capec.mitre.org/data/definitions/573.html | |
| CWE-200 | cwe | http://cwe.mitre.org/data/definitions/200.html | |
| T1057 | ATTACK | https://attack.mitre.org/wiki/Technique/T1057 | Process Discovery |
Not present
- The adversary must have gained access to the target system via physical or logical means in order to carry out this attack.
Not present
Not present
| Authorization | Access Control | Confidentiality |
|---|---|---|
| Bypass Protection Mechanism | Bypass Protection Mechanism | Other |
| Hide Activities | Hide Activities | Bypass Protection Mechanism |
| Hide Activities |
- On a Windows system, the command, "tasklist," displays information about processes. The same function on a Mac OS system is done with the command, "ps."
- In addition to manual discovery of running processes, an adversary can develop malware that carries out this attack pattern before subsequent malicious action.