| Name |
Collect Data as Provided by Users |
|
| Likelyhood of attack |
Typical severity |
| High |
High |
|
| Summary |
An attacker leverages a tool, device, or program to obtain specific information as provided by a user of the target system. This information is often needed by the attacker to launch a follow-on attack. This attack is different than Social Engineering as the adversary is not tricking or deceiving the user. Instead the adversary is putting a mechanism in place that captures the information that a user legitimately enters into a system. Deploying a keylogger, performing a UAC prompt, or wrapping the Windows default credential provider are all examples of such interactions. |
| Prerequisites |
|
| Solutions | |
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-116 |
An adversary actively probes the target in a manner that is designed to solicit information that could be leveraged for malicious purposes. |
|
| Taxonomy: ATTACK |
|
Entry ID
|
Entry Name
|
| 1056 |
Input Capture |
|