EXPLORE

← Back to Explore

T1200

Hardware Additions

Adversaries may physically introduce computer accessories, networking hardware, or other computing devices into a system or network that can be used as a vector to gain access. Rather than just connecting and distributing payloads via removable storage (i.e. [Replication Through Removable Media](https://attack.mitre.org/techniques/T1091)), more robust hardware additions can be used to introduce new functionalities and/or features into a system that can then be abused. While public references of...

WindowsLinuxmacOS

13

Detections

2

Sources

1

Threat Actors

BY SOURCE

10splunk_escu3sigma

PROCEDURES (8)

Suspicious2 detections

Auto-extracted: 2 detections for suspicious

Exfiltrat2 detections

Auto-extracted: 2 detections for exfiltrat

General Monitoring2 detections

Auto-extracted: 2 detections for general monitoring

Evasion2 detections

Auto-extracted: 2 detections for evasion

Registry2 detections

Auto-extracted: 2 detections for registry

Network Connection Monitoring1 detections

Auto-extracted: 1 detections for network connection monitoring

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

Script Execution Monitoring1 detections

Auto-extracted: 1 detections for script execution monitoring

THREAT ACTORS (1)

DETECTIONS (13)

Detect ARP Poisoning

Detect IPv6 Network Infrastructure Threats

Detect Port Security Violation

Detect Rogue DHCP Server

Detect Traffic Mirroring

Device Installation Blocked

External Disk Drive Or USB Storage Device Was Recognized By The System

Linux Auditd Hardware Addition Swapoff

Linux Hardware Addition SwapOff

USB Device Plugged

Windows Process Executed From Removable Media

Windows USBSTOR Registry Key Modification

Windows WPDBusEnum Registry Key Modification