Dark Mode

Settings

Capec-647 Detail

Collect Data from Registries

Detailed Software Likelihood: Medium Typical Severity: Medium

Parents: 150

Description

An adversary exploits a weakness in authorization to gather system-specific data and sensitive information within a registry (e.g., Windows Registry, Mac plist). These contain information about the system configuration, software, operating system, and security. The adversary can leverage information gathered in order to carry out further attacks.

Not present

External ID Source Link Description
CAPEC-647 capec https://capec.mitre.org/data/definitions/647.html
CWE-285 cwe http://cwe.mitre.org/data/definitions/285.html
T1005 ATTACK https://attack.mitre.org/wiki/Technique/T1005 Data from Local System
T1012 ATTACK https://attack.mitre.org/wiki/Technique/T1012 Query Registry
T1552.002 ATTACK https://attack.mitre.org/wiki/Technique/T1552/002 Unsecured Credentials: Credentials in Registry
Explore

  1. Gain logical access to system: An adversary must first gain logical access to the system it wants to gather registry information from,

    2. Techniques
    Obtain user account credentials and access the system
    Plant malware on the system that will give remote logical access to the adversary
Experiment

  1. Determine if the permissions are correct: Once logical access is gained, an adversary will determine if they have the proper permissions, or are authorized, to view registry information. If they do not, they will need to escalate privileges on the system through other means

  2. Peruse registry for information: Once an adversary has access to a registry, they will gather all system-specific data and sensitive information that they deem useful.

Exploit

  1. Follow-up attack: Use any information or weaknesses found to carry out a follow-up attack

  1. The adversary must have obtained logical access to the system by some means (e.g., via obtained credentials or planting malware on the system).
  2. The adversary must have capability to navigate the operating system to peruse the registry.
  1. None: No specialized resources are required to execute this type of attack.
Low
Once the adversary has logical access (which can potentially require high knowledge and skill level), the adversary needs only the capability and facility to navigate the system through the OS graphical user interface or the command line.
Confidentiality
Read Data (The adversary is able to read sensitive information about the system in the registry.)

Not present

We use cookies to ensure you get the best experience on our website.