Dark Mode

Settings

Capec-578 Detail

Disable Security Software

Standard Software Likelihood: Medium Typical Severity: Medium

Parents: 176

Threats: T62 T68 T269 T270 T271 T272 T273 T274 T297 T393

Description

An adversary exploits a weakness in access control to disable security tools so that detection does not occur. This can take the form of killing processes, deleting registry keys so that tools do not start at run time, deleting log files, or other methods.

Not present

External ID Source Link Description
CAPEC-578 capec https://capec.mitre.org/data/definitions/578.html
CWE-284 cwe http://cwe.mitre.org/data/definitions/284.html
T1556.006 ATTACK https://attack.mitre.org/wiki/Technique/T1556/006 Modify Authentication Process: Multi-Factor Authentication
T1562.001 ATTACK https://attack.mitre.org/wiki/Technique/T1562/001 Impair Defenses: Disable or Modify Tools
T1562.002 ATTACK https://attack.mitre.org/wiki/Technique/T1562/002 Impair Defenses: Disable Windows Event Logging
T1562.004 ATTACK https://attack.mitre.org/wiki/Technique/T1562/004 Impair Defenses: Disable or Modify System Firewall
T1562.007 ATTACK https://attack.mitre.org/wiki/Technique/T1562/007 Impair Defenses: Disable or Modify Cloud Firewall
T1562.008 ATTACK https://attack.mitre.org/wiki/Technique/T1562/008 Impair Defenses: Disable Cloud Logs
T1562.009 ATTACK https://attack.mitre.org/wiki/Technique/T1562/009 Impair Defenses: Safe Mode Boot

Not present

  1. The adversary must have the capability to interact with the configuration of the targeted system.
  1. None: No specialized resources are required to execute this type of attack.

Not present

Availability
Hide Activities (By disabling certain security tools, the adversary can hide malicious activity and avoid detection.)

Not present

We use cookies to ensure you get the best experience on our website.