CAPEC-581: Security Software Footprinting
Adversaries may attempt to get a listing of security tools that are installed on the system and their configurations. This may include security related system features (such as a built-in firewall or anti-spyware) as well as third-party security software.
Last updated
Overview
CAPEC-581 (Security Software Footprinting) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
How to mitigate it
Defenses that reduce the risk of CAPEC-581.
- Identify programs that may be used to acquire security tool information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist.
Terminology & mappings
Mapped taxonomies
- ATTACK: Software Discovery:Security Software Discovery (1518.001)
Frequently asked questions
Common questions about CAPEC-581.
- What is CAPEC-581?
- Adversaries may attempt to get a listing of security tools that are installed on the system and their configurations. This may include security related system features (such as a built-in firewall or anti-spyware) as well as third-party security software.