diff --git a/abgaben/referenzen.bib b/abgaben/referenzen.bib index 3509fca..129cb38 100644 --- a/abgaben/referenzen.bib +++ b/abgaben/referenzen.bib @@ -467,6 +467,210 @@ note = {Abgerufen am 16.06.2026} } +% ── CWE – Neue Einträge ────────────────────────────────────────────────────── + +@misc{cwe22, + author = {{MITRE Corporation}}, + title = {{CWE-22: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)}}, + year = {2024}, + url = {https://cwe.mitre.org/data/definitions/22.html}, + note = {Abgerufen am 16.06.2026} +} + +@misc{cwe79, + author = {{MITRE Corporation}}, + title = {{CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)}}, + year = {2024}, + url = {https://cwe.mitre.org/data/definitions/79.html}, + note = {Abgerufen am 16.06.2026} +} + +@misc{cwe200, + author = {{MITRE Corporation}}, + title = {{CWE-200: Exposure of Sensitive Information to an Unauthorized Actor}}, + year = {2024}, + url = {https://cwe.mitre.org/data/definitions/200.html}, + note = {Abgerufen am 16.06.2026} +} + +@misc{cwe269, + author = {{MITRE Corporation}}, + title = {{CWE-269: Improper Privilege Management}}, + year = {2024}, + url = {https://cwe.mitre.org/data/definitions/269.html}, + note = {Abgerufen am 16.06.2026} +} + +@misc{cwe284, + author = {{MITRE Corporation}}, + title = {{CWE-284: Improper Access Control}}, + year = {2024}, + url = {https://cwe.mitre.org/data/definitions/284.html}, + note = {Abgerufen am 16.06.2026} +} + +@misc{cwe311, + author = {{MITRE Corporation}}, + title = {{CWE-311: Missing Encryption of Sensitive Data}}, + year = {2024}, + url = {https://cwe.mitre.org/data/definitions/311.html}, + note = {Abgerufen am 16.06.2026} +} + +@misc{cwe345, + author = {{MITRE Corporation}}, + title = {{CWE-345: Insufficient Verification of Data Authenticity}}, + year = {2024}, + url = {https://cwe.mitre.org/data/definitions/345.html}, + note = {Abgerufen am 16.06.2026} +} + +@misc{cwe732, + author = {{MITRE Corporation}}, + title = {{CWE-732: Incorrect Permission Assignment for Critical Resource}}, + year = {2024}, + url = {https://cwe.mitre.org/data/definitions/732.html}, + note = {Abgerufen am 16.06.2026} +} + +@misc{cwe1357, + author = {{MITRE Corporation}}, + title = {{CWE-1357: Reliance on Insufficiently Trustworthy Component}}, + year = {2024}, + url = {https://cwe.mitre.org/data/definitions/1357.html}, + note = {Abgerufen am 16.06.2026} +} + +% ── MITRE ATT&CK – Neue Taktiken & Techniken ──────────────────────────────── + +@misc{ta0001, + author = {{MITRE Corporation}}, + title = {{TA0001: Initial Access}}, + year = {2024}, + url = {https://attack.mitre.org/tactics/TA0001/}, + note = {Abgerufen am 16.06.2026} +} + +@misc{ta0009, + author = {{MITRE Corporation}}, + title = {{TA0009: Collection}}, + year = {2024}, + url = {https://attack.mitre.org/tactics/TA0009/}, + note = {Abgerufen am 16.06.2026} +} + +@misc{ta0010, + author = {{MITRE Corporation}}, + title = {{TA0010: Exfiltration}}, + year = {2024}, + url = {https://attack.mitre.org/tactics/TA0010/}, + note = {Abgerufen am 16.06.2026} +} + +@misc{ta0011, + author = {{MITRE Corporation}}, + title = {{TA0011: Command and Control}}, + year = {2024}, + url = {https://attack.mitre.org/tactics/TA0011/}, + note = {Abgerufen am 16.06.2026} +} + +@misc{ta0040, + author = {{MITRE Corporation}}, + title = {{TA0040: Impact}}, + year = {2024}, + url = {https://attack.mitre.org/tactics/TA0040/}, + note = {Abgerufen am 16.06.2026} +} + +@misc{t1052, + author = {{MITRE Corporation}}, + title = {{T1052: Exfiltration Over Physical Medium}}, + year = {2024}, + url = {https://attack.mitre.org/techniques/T1052/}, + note = {Abgerufen am 16.06.2026} +} + +@misc{t1195, + author = {{MITRE Corporation}}, + title = {{T1195: Supply Chain Compromise}}, + year = {2024}, + url = {https://attack.mitre.org/techniques/T1195/}, + note = {Abgerufen am 16.06.2026} +} + +@misc{t1486, + author = {{MITRE Corporation}}, + title = {{T1486: Data Encrypted for Impact}}, + year = {2024}, + url = {https://attack.mitre.org/techniques/T1486/}, + note = {Abgerufen am 16.06.2026} +} + +@misc{t1491, + author = {{MITRE Corporation}}, + title = {{T1491: Defacement}}, + year = {2024}, + url = {https://attack.mitre.org/techniques/T1491/}, + note = {Abgerufen am 16.06.2026} +} + +@misc{t1499, + author = {{MITRE Corporation}}, + title = {{T1499: Endpoint Denial of Service}}, + year = {2024}, + url = {https://attack.mitre.org/techniques/T1499/}, + note = {Abgerufen am 16.06.2026} +} + +@misc{t1565, + author = {{MITRE Corporation}}, + title = {{T1565: Data Manipulation}}, + year = {2024}, + url = {https://attack.mitre.org/techniques/T1565/}, + note = {Abgerufen am 16.06.2026} +} + +@misc{t1567, + author = {{MITRE Corporation}}, + title = {{T1567: Exfiltration Over Web Service}}, + year = {2024}, + url = {https://attack.mitre.org/techniques/T1567/}, + note = {Abgerufen am 16.06.2026} +} + +@misc{t1583, + author = {{MITRE Corporation}}, + title = {{T1583: Acquire Infrastructure}}, + year = {2024}, + url = {https://attack.mitre.org/techniques/T1583/}, + note = {Abgerufen am 16.06.2026} +} + +@misc{t1591, + author = {{MITRE Corporation}}, + title = {{T1591: Gather Victim Org Information}}, + year = {2024}, + url = {https://attack.mitre.org/techniques/T1591/}, + note = {Abgerufen am 16.06.2026} +} + +@misc{t1593, + author = {{MITRE Corporation}}, + title = {{T1593: Search Open Websites/Domains}}, + year = {2024}, + url = {https://attack.mitre.org/techniques/T1593/}, + note = {Abgerufen am 16.06.2026} +} + +@misc{t1657, + author = {{MITRE Corporation}}, + title = {{T1657: Financial Theft}}, + year = {2024}, + url = {https://attack.mitre.org/techniques/T1657/}, + note = {Abgerufen am 16.06.2026} +} + % ── MITRE D3FEND - Defensive Gegenmaßnahmen ───────────────────────────────── @misc{d3anci, @@ -540,3 +744,97 @@ url = {https://d3fend.mitre.org/technique/d3f:StrongPasswordPolicy/}, note = {Abgerufen am 16.06.2026} } + +@misc{d3cspp, + author = {{MITRE Corporation}}, + title = {{D3-CSPP: Client-Server Payload Profiling}}, + year = {2024}, + url = {https://d3fend.mitre.org/technique/d3f:Client-ServerPayloadProfiling/}, + note = {Abgerufen am 16.06.2026} +} + +@misc{d3mencr, + author = {{MITRE Corporation}}, + title = {{D3-MENCR: Message Encryption}}, + year = {2024}, + url = {https://d3fend.mitre.org/technique/d3f:MessageEncryption/}, + note = {Abgerufen am 16.06.2026} +} + +@misc{d3fe, + author = {{MITRE Corporation}}, + title = {{D3-FE: File Encryption}}, + year = {2024}, + url = {https://d3fend.mitre.org/technique/d3f:FileEncryption/}, + note = {Abgerufen am 16.06.2026} +} + +@misc{d3nta, + author = {{MITRE Corporation}}, + title = {{D3-NTA: Network Traffic Analysis}}, + year = {2024}, + url = {https://d3fend.mitre.org/technique/d3f:NetworkTrafficAnalysis/}, + note = {Abgerufen am 16.06.2026} +} + +@misc{d3dencr, + author = {{MITRE Corporation}}, + title = {{D3-DENCR: Disk Encryption}}, + year = {2024}, + url = {https://d3fend.mitre.org/technique/d3f:DiskEncryption/}, + note = {Abgerufen am 16.06.2026} +} + +% ── CWE – Weitere Einträge (4a-Vertiefung) ────────────────────────────────── + +@misc{cwe312, + author = {{MITRE Corporation}}, + title = {{CWE-312: Cleartext Storage of Sensitive Information}}, + year = {2024}, + url = {https://cwe.mitre.org/data/definitions/312.html}, + note = {Abgerufen am 16.06.2026} +} + +@misc{cwe668, + author = {{MITRE Corporation}}, + title = {{CWE-668: Exposure of Resource to Wrong Sphere}}, + year = {2024}, + url = {https://cwe.mitre.org/data/definitions/668.html}, + note = {Abgerufen am 16.06.2026} +} + +@misc{cwe1390, + author = {{MITRE Corporation}}, + title = {{CWE-1390: Weak Authentication}}, + year = {2024}, + url = {https://cwe.mitre.org/data/definitions/1390.html}, + note = {Abgerufen am 16.06.2026} +} + +% ── MITRE ATT&CK – Weitere Techniken (4a-Vertiefung) ─────────────────────── + +@misc{t1530, + author = {{MITRE Corporation}}, + title = {{T1530: Data from Cloud Storage}}, + year = {2024}, + url = {https://attack.mitre.org/techniques/T1530/}, + note = {Abgerufen am 16.06.2026} +} + +@misc{t1213, + author = {{MITRE Corporation}}, + title = {{T1213: Data from Information Repositories}}, + year = {2024}, + url = {https://attack.mitre.org/techniques/T1213/}, + note = {Abgerufen am 16.06.2026} +} + +% ── Sonstige ──────────────────────────────────────────────────────────────── + +@misc{safe_harbor, + author = {{Security Alliance}}, + title = {{Coordinated Vulnerability Disclosure Safe Harbor Framework}}, + year = {2024}, + url = {https://frameworks.securityalliance.org/safe-harbor/overview/}, + note = {Abgerufen am 16.06.2026} +}