The Hardware Pivot
"But hardware attacks are too difficult"
"Physical access is too high a barrier for most attackers"
"Only nation-states and their victims need to worry about malicious hardware"
They're right!

is harder than software

costs more to develop

is riskier to deploy

just doesn't scale

10k Hosts in the park

10k hardware implants? No way!

10k unique 0days? Of course not!

1 or more 0days that deliver a software payload that propagates internally?

Now we're talking!

1 or more Hardware Implants that deliver a software payload that propagates internally?

Why Not?



delights have


Why Hardware?
airtight software security practices
airgapped systems
heavily monitored networks
vulnerable supply chain
we've got it, might as well use it!
"Because noone's gonna go to that much effort to hack me"
We're in - now what?
Hardware IS hard
Use Physical Access for a Hardware attack
Use Hardware to escalate software privilege
Use software privilege to do all that dirty work
Use Hardware when it's Easy!
organized campaign?

multiple hops through different systems


targeted hardware implant

red team engagement?

You don't need to be a nation state target to be a hardware attack victim!

simple pentest?

use Physical Access to *inform* the software attack

So What?

Hardware attacks are not difficult

Physical access is not a high barrier

Everyone is vulnerable to malicious hardware

The Hardware Pivot