Using Real-life TTP to Prevent Real-life Cyberattacks

The TrustedSec Hardware Device Security Assessment service provides cyberattack simulations using real-world tactics, techniques, and procedures (TTP).

Our assessment can employ specific goals or blended threat scenarios to test the effectiveness of the hardening procedures before or after deployment. Devices can include both client-developed and third-party provided.

A Hardware Device Security Assessment can employ a variety of tactics to assess your Information Security defenses by manipulating the devices in ways they were never intended. This approach can provide better insight into previously unknown attack vectors.

 

With TrustedSec, you can:

  • Evaluate the effectiveness of your application development as it relates to hardware devices
  • Vet the security controls of third-party devices
  • Evaluate the device hardening process
  • Ensure unused/unwanted ports and/or protocols do not compromise the device security
  • Determine if sensitive data is stored on or transmitted from the device unencrypted

 

Hardware Assessments can include:

  • Embedded Appliances – Attack special-purpose computing hardware deployed in networked or standalone environments. Vectors include physical interaction, network connected, GPIO interfaces, serial ports, firmware dumping, etc.
  • Automobiles – Evaluate the effectiveness of vehicle communication firewall, if present. Perform evaluation and potential attacks via CAN bus, TPM sensors, keyfob/remote start, Bluetooth, USB, and WiFi input points.
  • Point of Sale (POS) – Attack POS terminals, back of house systems, payment pin-pads, and networks. Vectors include physical interaction, network connected, application escape, etc.
  • Industrial Control Systems (ICS) – Attack special-purpose hardware (PLC, sensors, etc.) designed for process control and automation, commonly found in manufacturing, utility ops, etc.