Common Information
| Type | Value |
|---|---|
| Value |
Hardware Additions - T1200 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | Computer accessories, computers or networking hardware may be introduced into a system as a vector to gain execution. While public references of usage by APT groups are scarce, many penetration testers leverage hardware additions for initial access. Commercial and open source products are leveraged with capabilities such as passive network tapping (Citation: Ossmann Star Feb 2011), man-in-the middle encryption breaking (Citation: Aleks Weapons Nov 2015), keystroke injection (Citation: Hak5 RubberDuck Dec 2016), kernel memory reading via DMA (Citation: Frisk DMA August 2016), adding new wireless access to an existing network (Citation: McMillan Pwn March 2012), and others. Detection: Asset management systems may help with the detection of computer systems or network devices that should not exist on a network. Endpoint sensors may be able to detect the addition of hardware via USB, Thunderbolt, and other external device communication ports. Platforms: Linux, Windows, macOS Data Sources: Asset Management, Data loss prevention |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-09-24 | 4 | The Digital Fortress: A CTO’s Zero Trust Device Journey | ||
| Details | Website | 2023-01-17 | 11 | Self-Checkout This Discord C2 | ||
| Details | Website | 2022-12-23 | 0 | Security Is a Second-Class Citizen in High-Performance Computing | ||
| Details | Website | 2022-09-23 | 35 | What Is Initial Access? MITRE ATT&CK® Initial Access Tactic | TA0001 - SOC Prime | ||
| Details | Website | 2022-04-09 | 2 | How to Get Help in Windows 10? [ Solved ] |