The Hardware Pivot
Bio
Intro
"But hardware attacks are too difficult"
"Physical access is too high a barrier for most attackers"
"Only nation-states and their victims need to worry about malicious hardware"
They're right!
Hardware:

is harder than software

costs more to develop

is riskier to deploy

just doesn't scale

10k Hosts in the park

10k hardware implants? No way!

10k unique 0days? Of course not!

1 or more 0days that deliver a software payload that propagates internally?

Now we're talking!

1 or more Hardware Implants that deliver a software payload that propagates internally?

Why Not?

These

hardware

delights have

software

ends!
Why Hardware?
airtight software security practices
airgapped systems
heavily monitored networks
vulnerable supply chain
repudiation
exfiltration
we've got it, might as well use it!
"Because noone's gonna go to that much effort to hack me"
We're in - now what?
Pivot!
Hardware IS hard
Use Physical Access for a Hardware attack
Use Hardware to escalate software privilege
Use software privilege to do all that dirty work
Use Hardware when it's Easy!
organized campaign?

multiple hops through different systems

vs.

targeted hardware implant

red team engagement?

You don't need to be a nation state target to be a hardware attack victim!

simple pentest?

use Physical Access to *inform* the software attack

So What?

Hardware attacks are not difficult

Physical access is not a high barrier

Everyone is vulnerable to malicious hardware

The Hardware Pivot