GSPBC-1050: Initial Access - Hardware Additions - GuardSight, Cybersecurity as a Service

GSPBC-1050: Initial Access – Hardware Additions

Hardware Additions

Adversaries may introduce computer accessories, networking hardware, or other computing devices into a system or network that can be used as a vector to gain access. Rather than just connecting and distributing payloads via removable storage (i.e. Replication Through Removable Media), more robust hardware additions can be used to introduce new functionalities and/or features into a system that can then be abused.

While public references of usage by threat actors are scarce, many red teams/penetration testers leverage hardware additions for initial access. Commercial and open source products can be leveraged with capabilities such as passive network tapping, network traffic modification (i.e. Adversary-in-the-Middle), keystroke injection, kernel memory reading via DMA, addition of new wireless access to an existing network, and others.

Source:
https://attack.mitre.org/techniques/T1200/

Back to Playbook Battle Cards

See Playbook Battle Cards on GitHub

Katherine Kostreva2022-05-17T02:48:11+00:00

Free Playbook Battle Cards

Join our newsletter to stay up to date on the latest industry trends, cybersecurity tools, and resources.

Experiencing a breach? Get in touch.

Free Playbook Battle Cards

Join our newsletter to stay up to date on the latest industry trends, cybersecurity tools, and resources.

Experiencing a breach? Get in touch.

GuardSight, Inc.
755 S. Main St., 4-137
Cedar City, UT 84720
info@guardsight.com
844-482-7374