Architecture
PHLIPPED has five inter-dependent components.
- Threat Catalog - hierarchical taxonomy of physical electronic attacks. Each entry: unique ID, prerequisites (physical access, time, hardware, skill 1-5), MITRE ATT&CK mapping, observable indicators, known tools, severity baseline.
- Assessment Methodology - auditable checklist producing the Physical Security Posture Score (PSPS) 0-100.
- Detection Layer - Wazuh + Sigma rules per threat (HID injection typing-rate, rogue AP duplicate SSID, drop-device MAC OUI on non-IT VLAN, etc.).
- Hardening Playbook - prevent / detect / respond per threat, each mapped to approximate € cost and effort in hours.
- Reference implementation & validation -
phlipped-assessCLI,phlipped-labdocker-compose, validation report comparing baseline vs hardened environments.