IOT-UART-CONSOLEInitial Access

UART Debug Console

Solder onto exposed UART TX/RX/GND headers — typically grants an unauthenticated root shell on consumer IoT devices.

§ Where this technique fits

IOT-UART-CONSOLE is catalogued under the Initial Access tactic of the offensive-security kill-chain. It appears in 2 approved dossiers in the registry, typically at step 2 on average.

§ Dossiers chaining this technique

Evil maid → sniff TPM unseal → decrypt BitLocker offline
Brief physical access to a TPM-only BitLocker laptop. Plug a logic analyser onto the LPC / SPI bus; capture the FVEK as the TPM unseals it at boot. Take the disk home, decrypt offline.
step 2 / 6
Exposed UART → root shell → firmware extraction
Open the IoT device, locate TX/RX/GND pads, attach a USB-UART, get an unauthenticated root prompt, dump firmware for offline analysis + 0-day hunting.
step 2 / 6

§ What commonly comes next

01
Command and Scripting Interpreter
T1059 · Execution
seen 1×
02
TPM Sniffing / Relay (BitLocker)
FW-TPM-RELAY · Credential Access
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Evil maid → sniff TPM unseal → decrypt BitLocker offline

Exposed UART → root shell → firmware extraction

§ What commonly comes next