oxeo0/blog-contributions
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions.git synced 2025-07-02 06:56:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

add firmware/hardware attacks

Browse source
This commit is contained in:
midas 2025-01-22 17:33:49 +01:00
parent bc28a29ea6
commit a8419fe625
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
opsec/cloud_provider_adversary/index.html
View file

@ -118,7 +118,7 @@ in this post we are going to do a threat modelling exercise:<br><br>
<ol>
<li>Network sniffing: Leo can capture and log ALL trafic related to Alice's activity inside Bob's datacenter, so he will know the IP of everyone interacting with her platform</li>
<li>Firmware/hardware attacks: during maintenance windows, Leo could tamper with the BIOS/UEFI of Alice's server (if she had chosen a bare-metal option), or with her server's storage devices in order to deactivate encryption</li>
<li>Firmware/hardware attacks: during maintenance windows, Leo could tamper with the BIOS/UEFI of Alice's server (if she had chosen a bare-metal option), or with her server's storage devices in order to deactivate encryption or exfiltrate data unnoticed</li>
<li>Memory attacks: Leo is able to take snapshots of Alice's VPS RAM to gather information about her activities. If she had chosen a bare-metal server he could cut the power, extract and refrigerate the RAM sticks in order to retrieve the data, but such an attack would be very conspicuous</li>
</ol>