ZeroTail

Zerotail Threat Model

The Zerotail Threat Model helps organizations and high‑risk individuals systematically reduce their attack surface so entire classes of attacks become impractical. Unlike conventional frameworks that focus on preventing individual risks, Zerotail assumes parts of your system are already compromised and designs resilient systems from that position.

Philosophy: Designing for Compromise

Zerotail reframes security planning from "what could go wrong?" to "what will be compromised?" This pessimistic assumption produces systems and operational practices that remain resilient even against worst‑case adversaries.

Hardware Reality: Modern laptops and mobile systems contain opaque components—CPU microcode, Intel Management Engine (ME), peripheral firmware, and motherboard EC chips—that can be difficult or impossible to fully verify. Zerotail incorporates these considerations into our threat model by minimizing trust where possible and verifying critical components. Supply‑chain threats and firmware tampering are treated as real and actionable risks, especially for high‑risk users.

We provide consulting and custom hardened hardware for journalists, politicians, investigators, and other high‑risk clients. Our work couples Zerotail's resilience‑first philosophy with hands‑on hardware hardening and operational guidance so clients can work, travel, and collaborate with realistic protections against sophisticated adversaries.

The Four Levels

Zerotail provides a phased path for improving resilience. Each level corresponds to an increasingly capable adversary. Different components can be assigned different protection levels based on the consequence of compromise.

Level 1 – Defense Against Remote, Low‑Resource Adversaries

• Adversary Profile: Opportunistic attackers using public exploits, commodity malware, and automated campaigns.
• Capabilities: Scanning for known vulnerabilities, phishing, basic malware, supply‑chain nuisances, domain impersonation, opportunistic physical attacks.
• Zerotail Controls: Patch management, MFA, endpoint anti‑malware, encrypted backups, hardened defaults, supply‑chain vetting, public OPSEC.

Level 2 – Defense Against Insiders or Compromised Hosts

• Adversary Profile: Individuals or systems with some trust or privilege inside your environment.
• Capabilities: Arbitrary code execution on hosts, memory access, abuse of administrative privileges, code injection in build pipelines, local physical tampering.
• Zerotail Controls: Least privilege, isolated build systems, memory‑safe secret handling, strict change controls with out‑of‑band verification, device tamper‑evidence, endpoint isolation, physical access policies.

Level 3 – Defense Against Well‑Funded Organizations

• Adversary Profile: Organized, well‑resourced groups conducting multi‑stage attacks combining internal and external compromises.
• Capabilities: Insider recruitment, deep reconnaissance, botnets, 0‑day exploits, coordinated cyber‑physical operations.
• Zerotail Controls: Air‑gapped or segmented systems, hardened supply chains, secure hardware (vetted secure elements), multi‑person approval for critical changes, frequent red‑team exercises, OPSEC training, physical counter‑surveillance.

Level 4 – Defense Against Nation‑State Actors

• Adversary Profile: State‑backed actors capable of full‑spectrum operations including hardware/firmware compromise, advanced covert surveillance, and counter‑forensics.
• Capabilities: Persistent access across providers, side‑channel attacks, extraction from improperly decommissioned devices, physical coercion, hardware supply‑chain compromise.
• Zerotail Controls: End‑to‑end hardware and firmware verification, strict supply‑chain provenance, secure rooms and Faraday shielding, anti‑side‑channel engineering, continuous monitoring for high‑sophistication threats, personal security planning (secure travel, safe houses).

Hardware and Firmware Considerations

Building on hardened‑device research, Zerotail explicitly models hardware trust boundaries:

• CPU & Management Engine (ME): Opaque, privileged code with memory and network access outside the OS.
• TPM and peripheral firmware: Can contain vulnerabilities, backdoors, or undisclosed functionality.
• Motherboard, BIOS/UEFI, EC: Potential vectors for persistent malware or hardware modification.
• Supply chain threats: Devices may be tampered with before delivery.

Custom hardware mitigations include Coreboot/Heads‑style firmware, write‑protecting ROMs, TPMTOTP attestation, careful IOMMU configuration, selective peripheral minimization, and lifecycle controls for secure transport and decommissioning.

Threats We Address

• External cyber threats: Phishing, malware, network interception, remote exploitation.
• Insider threats: Malicious or coerced individuals with physical or digital access.
• Physical attacks: Theft, Evil Maid scenarios, cold‑boot/memory‑extraction, supply‑chain compromises.
• Advanced adversaries: Covert surveillance, hardware tampering, side‑channel attacks, or nation‑state capabilities.

Integration of hardware assurance, software compartmentalization, and operational security reduces attack effectiveness and protects confidentiality, integrity, and availability.

Hardened Devices — Goals, Threats, and Defences

Goals: Enable individuals or groups to work securely under surveillance by powerful adversaries (journalists, political staffers, investigators). Protect research, communications, travel, and operational links.

Key Threat Categories:

1. Linkability & Tracking
2. Malware / APTs
3. Physical Access Attacks
4. Remote Management / Invisible Subsystems

Defence Principles: Layered defence, assume compromise of layers, limit damage.

Core actions:

• Choose hardware minimizing opaque subsystems.
• Select compartmentalized, privacy-focused software.
• Remove or disable unneeded components.
• Harden firmware and boot paths.
• Limit external attack surface.
• Train users in OPSEC.
• Reset devices to known good state and enforce lifecycle controls.

Applying Zerotail to Your Situation

• Phased roadmap to prioritize defenses by value and feasibility.
• Map adversary capabilities to technical, procedural, and physical mitigations.
• Guidance on device hardening, secure communication, OPSEC, supply‑chain vetting, secure workspaces, personal safety.
• Custom hardware solutions hardened against firmware and supply‑chain attacks.

Different Zerotail levels can be applied across systems and workflows, applying strongest controls where compromise is most damaging.

Why Zerotail Works

Designing with expected compromise produces resilient systems and realistic operational practices. Operational, digital, and hardware security combine for strategic resilience.

Contact & Consulting

Zerotail provides 1:1 consulting to help clients select the right hardware, firmware, and workflows for their threat model, including scoping assessment, documented recommendations, hands‑on hardening guidance, and post‑deployment coaching.

Request Zerotail threat model consultation →