Endpoint Security - what-if analysis 1 07/23/2017 Threat Model Threats Threat Source Risk Status Date Created File Manipulation File System Medium Accessing, Modifying or Executing Executable Files File System
Create files with the same name as files protected with a higher classification File System Force Use of Corrupted Files File System Medium Leveraging and or Manipulating Configuration File Search Paths File System User-Controlled Filename File System Manipulating Input to File System Calls File System Buffer Overflow File Server Explore For Predictable Temporary File Names File Server Medium Screen Temporary Files for Sensitive Information File Server Medium File Manipulation File Server Medium Accessing, Modifying or Executing Executable Files File Server Create files with the same name as files protected with a higher classification File Server Manipulating Input to File System Calls File Server Physical Theft Laptop Man in the Middle Attack Wi-Fi Port Rogue Wi-Fi Access Wi-Fi Port Bluejacking Bluetooth Port Bluesnarfing Bluetooth Port Bluebugging Bluetooth Port Buffer Overflow HDMI Port Malware Propagation via USB Stick USB Port Malware Propagation via USB U3 Autorun USB Port Malware Propagation via Infected Peripheral Device USB Port Man in the browser Internet Explorer 11 Targeted Malware Internet Explorer 11 Account Footprinting Internet Explorer 11 Automation Attack Internet
Explorer 11 Buffer Overflow Skype Identity Spoofing - Impersonation Skype Medium Sniffing Attacks Skype Medium Action Spoofing Skype Hijacking a Privileged Thread of Execution Skype Target Programs with Elevated Privileges Skype Manipulating Input to File System Calls Skype Privilege Abuse Skype Privilege Escalation Skype Weak Identity, Credential and Access Management Skype Pharming Outlook 2010 Phishing Outlook 2010 Targeted Malware Outlook 2010 Spam Outlook 2010 Buffer Overflow Office 2010 Identity Spoofing - Impersonation Office 2010 Medium Sniffing Attacks Office 2010 Medium Action Spoofing Office 2010 Hijacking a Privileged Thread of Execution Office 2010 Target Programs with Elevated Privileges Office 2010 Manipulating Input to File System Calls Office 2010 Privilege Abuse Office 2010 Privilege Escalation Office 2010 Weak Identity, Credential and Access Management Office 2010
Buffer Overflow Identity Spoofing - Impersonation Sniffing Attacks Medium Medium Action Spoofing Hijacking a Privileged Thread of Execution Target Programs with Elevated Privileges Manipulating Input to File System Calls Privilege Abuse Privilege Escalation Weak Identity, Credential and Access Management Email Injection Email Server Medium DNS Cache Poisoning Email Server Phishing Email Server Targeted Malware Email Server Spam Email Server Buffer Overflow OneDrive Explore For Predictable Temporary File Names OneDrive Medium Screen Temporary Files for Sensitive Information OneDrive Medium File Manipulation OneDrive Medium Accessing, Modifying or Executing Executable Files OneDrive Create files with the same name as files protected with a higher classification OneDrive Manipulating Input to File System Calls OneDrive Session Hijacking WiFi Man in the Middle Attack WiFi WiFi Jamming WiFi
WiFi MAC Address Tracking WiFi WiFi SSID Tracking WiFi Denial of Service WiFi Eavesdropping WiFi Insecure WiFi Channel WiFi Exploiting Incorrectly Configured SSL Security Levels HTTPS Low IMAP and or SMTP Command Injection SMTP Medium File Manipulation Windows 7 Medium Windows ::DATA Alternate Data Stream Windows 7 Medium Exploiting Incorrectly Configured Access Control Security Levels Windows 7 Medium Exploiting Incorrectly Configured SSL Security Levels Windows 7 Low TCP Window Scan Windows 7 Low Windows Admin Shares with Stolen Credentials Windows 7 Group Permission Footprinting Windows 7 Sniffing Attacks TCP Medium TCP SYN Scan TCP Low TCP Window Scan TCP Low TCP RPC Scan TCP Low TCP Sequence Number Probe TCP Low TCP ISN Greatest Common Divisor Probe TCP Low TCP ISN Counter Rate Probe TCP Low TCP ISN Sequence Predictability Probe TCP Low TCP Congestion Control Flag ECN Probe TCP Low TCP Initial Window Size Probe TCP Low CVE-2013-3870 Outlook 2010 CVE-2013-3905 Outlook 2010 CVE-2016-0008 Windows 7 CVE-2016-0016 Windows 7 CVE-2016-0020 Windows 7 Buffer Overflow
Explore For Predictable Temporary File Names Screen Temporary Files for Sensitive Information File Manipulation Medium Medium Medium Accessing, Modifying or Executing Executable Files Create files with the same name as files protected with a higher classification Manipulating Input to File System Calls Redirect Access to Libraries Configuration or Environment Manipulation Exploiting Incorrectly Configured Access Control Security Levels Exploit Common and or default Usernames and Passwords User-Controlled Filename Manipulating Writeable Configuration Files Exploiting Incorrectly Configured SSL Security Levels Data Interception Attacks Dictionary-based Password Attack Password Brute Forcing Password Recovery Exploitation Exploit Common and or default Usernames and Passwords Obtaining Client Secret Low Sensitive Data Exposure Buffer Overflow Explore For Predictable Temporary File Names Screen Temporary Files for Sensitive Information Medium Medium
File Manipulation Medium Accessing, Modifying or Executing Executable Files Create files with the same name as files protected with a higher classification Manipulating Input to File System Calls Redirect Access to Libraries Configuration or Environment Manipulation Exploiting Incorrectly Configured Access Control Security Levels Exploit Common and or default Usernames and Passwords User-Controlled Filename Manipulating Writeable Configuration Files Obtaining Client Secret Sensitive Data Exposure Data Interception Attacks Data Interception Attacks Input Data Manipulation Fake the Source of Data TCP SYN Scan TCP Window Scan TCP RPC Scan Low Low Low Session Hijacking Man in the Middle Attack Dictionary-based Password Attack Password Brute Forcing Password Recovery Exploitation
Exploit Common and or default Usernames and Passwords Sensitive Data Exposure Inducing Account Lockout Inducing Account Lockout Inducing Account Lockout Targeted Malware Account Footprinting Sensitive Data Exposure Lifting credentials and or key material embedded in client distributions - thick or thin Sensitive Data Exposure Audit Log Manipulation Log Injection-Tampering-Forging Encryption Brute Forcing Software Integrity Attacks Low Low Man in the browser Mitigated 03/30/2017 Automation Attack Mitigated 03/30/2017 Identity Spoofing - Impersonation Open Redirectors on Client Medium Mitigated 04/23/2017 Medium Open 04/23/2017 Privilege Abuse Mitigated 04/27/2017 Privilege Escalation Mitigated 04/27/2017 TCP Sequence Number Probe TCP ISN Greatest Common Divisor Probe Low Mitigated 04/27/2017 Low Mitigated 04/27/2017 TCP ISN Counter Rate Probe Low Mitigated 04/27/2017
TCP ISN Sequence Predictability Probe TCP Congestion Control Flag ECN Probe TCP Initial Window Size Probe Sniffing Attacks WiFi Jamming Low Mitigated 04/27/2017 Low Mitigated 04/27/2017 Low Mitigated 04/27/2017 Medium Mitigated 04/27/2017 Open 05/19/2017 WiFi MAC Address Tracking Open 05/19/2017 WiFi SSID Tracking Open 05/19/2017 Insecure WiFi Channel Open 05/19/2017 Eavesdropping Open 05/25/2017 Denial of Service Open 05/25/2017 Privilege Escalation Mitigated 06/08/2017 Privilege Escalation Mitigated 06/08/2017 DNS Cache Poisoning Mitigated 06/12/2017 Denial of Service Open 06/12/2017 Identity Spoofing - Impersonation Medium Mitigated 06/12/2017 HTTP Parameter Pollution Open 06/12/2017 Character Injection Using UTF-8 Encoding to Bypass Validation Logic Medium Open 06/12/2017 Open 06/12/2017 TCP Flood Mitigated 06/16/2017 TCP SYN Scan TCP ACK Ping TCP FIN scan TCP Null Scan
TCP Window Scan TCP RPC Scan TCP Sequence Number Probe TCP ISN Greatest Common Divisor Probe TCP ISN Counter Rate Probe TCP ISN Sequence Predictability Probe TCP Congestion Control Flag ECN Probe TCP Initial Window Size Probe Sniffing Attacks Medium Mitigated 06/16/2017 Targeted Malware Mitigated 06/16/2017 Manipulate Data Structures Open 07/07/2017 Manipulate Data Structures Open 07/07/2017