Description

Practical security is the foundation of any security model.

Beyond firewalls and network hardening, government and enterprise alike must consider how security infrastructure safeguards digital, material, and human assets.  Physical security is foundational to the ability to resist unauthorized access or malicious threat.

In this training, students will be immersed in the world of PACS tokens, RFID credentials, readers, alarm contacts, tamper switches, door controllers, and backhaul protocols that underpin Physical Access Control Systems (PACS) across the globe.

Participants will be well-equipped to make technically informed and fiscally responsible security decisions not only for their respective organizations but also for themselves.  Students completing the training will be able to assess a target and identify attack surfaces that are most likely to allow access to critical areas and infrastructure.

Key Takeaways

  1. Students will be well-equipped to make technically informed and fiscally responsible security decisions not only for their respective organizations but also for themselves.
  2. Students will be able to accurately assess the relative attack resistance of credential technologies used by government and enterprise and learn practical methods of attack and defense.
  3. Students completing the training will be able to assess a target and identify attack surfaces that are most likely to allow access to critical areas and infrastructure.

 

PRICING

$2820 Early Bird Price by October 27, 2020

$2920 Regular Price by November 5, 2020

$3120 Late Registration by November 10, 2020

MORE DETAILS

Practical security is the foundation of any security model.

Beyond firewalls and network hardening, government and enterprise alike must consider how security infrastructure safeguards digital, material, and human assets.  Physical security is foundational to the ability to resist unauthorized access or malicious threat.

In this training, students will be immersed in the world of PACS tokens, RFID credentials, readers, alarm contacts, tamper switches, door controllers, and backhaul protocols that underpin Physical Access Control Systems (PACS) across the globe. The course provides a holistic and detailed view of modern access control and outlines common design limitations that can be exploited. Penetration testers will gain a practical understanding of what PACS looks like in the field, and how to intercept, clone, downgrade, replay, and bypass one’s way through the system. Defenders, designers, and directors will come with away with best practices and techniques that will resist attacks.

**NEW FOR THIS SESSION** Every Registrant will Receive a Unique RFID Training Door Simulator

The RFID Door Simulator, colloquially known as the “Building in a Box” is a self-contained unit intended to simulate authentication operations performed by a paired RFID credential reader and an upstream door controller.  It features a multi-technology RFID credential reader, an integrated door controller, an OLED display, and a power supply.  Enrolled students will practice interacting with a wide array of credential technologies and get hands-on experience with the tools, techniques, and procedures necessary for executing multiple kinds of attacks against PACS environments in the field. This is a custom hardware unit and not available from any other source.

Participation will include hands-on practical experience with tools, exploits, and refined methods for compromising modern PACS, including modules focusing on:

  • Fundamentals of Modern PACS Designs
  • Sensor Manipulation and Bypass Methods
  • Historical and Modern Security Tokens Including,
    • Magnetic Stripe
    • 125KHz RFID Technologies including HID Prox, Indala, ioProx, EM, and others
    • 13.56MHz and NFC RFID Technologies including iCLASS, Legic Prime, MIFARE, DESFire, ISO1443A, ISO1443B, ISO15693, and others.
    • Understanding and Use of “Magic” RFID Credentials in Cloning Operations
    • Biometric Authentication
  • Practical Instruction, Understanding, and Use of the Proxmark3 RFID Research and Attack Tool
  • Reader Weaponization and Extended-Range RFID Cloning
  • Tech Downgrade Attacks: Techniques for Identifying Vulnerable System Configurations of SEOS and DESFire EV1/EV2
  • Principal Methods of Operation of Door Controllers, Control Panels, and their Associated Weaknesses
  • Deploying Denial of Service Attacks
  • Wiegand Protocol Sniffing, Interception, and Replay

Students will be well-prepared for real-world red team scenarios and learn how to exploit access control technology with the latest attack hardware.  There are also modules detailing the backend of these systems, allowing Man in the Middle and Denial of Service attacks.

WHO SHOULD TAKE THIS COURSE

  • Professional Penetration Testers
  • Security Architects
  • Installers, Integrators, and System Maintainers
  • Critical Infrastructure Decision-Makers

STUDENT REQUIREMENTS

There are no required skills for this course – Red Team Alliance will teach you everything you need to know. No prior knowledge of RFID credentials is necessary.  Novices as well as more experienced security practitioners will derive value and gain useful skills in this class.

While the training is virtual, students must provide a shipping address to receive the required hardware kit accompanying this course.

Interactive participation is required during the course.

WHAT STUDENTS SHOULD BRING

Students will be required to be ready to participate with a computer natively running Windows 10 with local administrative rights.  Virtual Machines and other operating systems have historically performed inconsistently with the software being used.  Students may bring a Linux or MacOS system as well, but those doing so should ensure that they have ready access to a native Windows 10 machine if needed.

The class price includes a Door Simulator (a $600 value) and a Proxmark3 RDV4.0 and credential materials (a $420 value) needed for the class.

APPROVED HARDWARE

The RFID research community has seen a significant increase in interest over the past few years.  While this has been a boon for development of software and open source utilities, this increase in attention has resulted in an array of new hardware products marketed under confusingly similar names.  At this time, the only official Proxmark3 RDV4.0 unit is fully compatible with the modern proxmark code environment.  Products marketed under name like “ProxmarkPro” or “ProxmarkEasy” or “Proxmark EVO” are not genuine units and not compatible with the full code base or with our classroom labs.  The earlier generation Proxmark3 RDV 2.0 may work, but is not officially supported in this class.  The Proxmark3 RDV3.0 was never widely released or produced reliably and is also not recommended for this class.  TL:DR – the only officially-supported hardware device for this training course is the Proxmark3 RDV4.0 and is included in the class price.

Door Simulator: Colloquially known as the “Building in a Box”, this is a self-contained unit intended to simulate authentication operations performed by a paired RFID credential reader and an upstream door controller.  It features a unique multi-technology RFID credential reader, an integrated door controller, an OLED display, and a power supply.  Enrolled students will practice interacting with a wide array of credential technologies and get hands-on experience with the tools, techniques, and procedures necessary for executing multiple kinds of attacks against PACS environments in the field.

WHAT STUDENTS WILL BE PROVIDED WITH:

All registrations include an Electronic PACS Training Hardware Toolkit and Proxmark3 RDV4.01 Kit

This toolkit includes:

  • The RFID Door Simulator (a $600 value): Colloquially known as the “Building in a Box”, it is a self-contained unit intended to simulate authentication operations performed by a paired RFID credential reader and an upstream door controller.  It features a unique multi-technology RFID credential reader, an integrated door controller, an OLED display, and a power supply.  Enrolled students will practice interacting with a wide array of credential technologies and get hands-on experience with the tools, techniques, and procedures necessary for executing multiple kinds of attacks against PACS environments in the field.
  • Proxmark3 RDV 4.01 Retail Package (a $420 value)
  • Professional PACS Credential Demo Pack: A comprehensive collection of specially configured PACS credentials representing technologies used worldwide, with special emphasis on the European Region.
  • Penetration Tester’s Blank Credential Pack: A comprehensive and practical selection of special-purpose credentials that can be reprogrammed to emulate a wide variety of credentials, including all 125KHz, 134KHz, and some 13.56MHz technologies.
  • ESPKey Wiegand Interception Tool: A stamp-sized man-in-the middle attack tool that can be deployed against most systems to intercept, replay, and manipulate credential data in-transit.

LOCATION:

Virtual

DATE & TIME:

November 19 & 20, 2020

  • 9am PT/12pm ET – 5pm PT/8pm ET 

INSTRUCTORS

Babak Javadi

Babak Javadi is a noted member of the physical security community, well-recognized among both professional circles (due to the work The CORE Group) as well as in the hacker world (as the President of TOOOL, The Open Organisation Of Lockpickers.)  His first foray into the world of physical security was in the third grade, where he was sent to detention for showing another student how to disassemble the doorknob on the classroom supply closet.  Babak is an integral part of the numerous lockpicking and electronic access control workshops, training sessions, and games that are seen at annual hacker events and security industry conferences.  He likes spicy food and lead-free small arms ammunition.

 

Deviant Ollam

While paying the bills as a physical penetration specialist with The CORE Group and the Director of Education for Red Team Alliance, Deviant Ollam is also a member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers.  His books Practical Lock Picking and Keys to the Kingdom are among Syngress Publishing’s best-selling pen testing titles.  In addition to being a lockpicker, Deviant is also a SAVTA certified safe technician and GSA certified safe and vault inspector.  At multiple security conferences Deviant started Lockpick Village workshop areas, and he has conducted physical security training sessions for Black Hat, the SANS Institute, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, AusCERT, GovCERT, CONFidence, the FBI, the NSA, DARPA, the National Defense University, the United States Naval Academy at Annapolis, and the United States Military Academy at West Point.  In his limited spare time, Deviant enjoys loud moments with lead acceleration and quiet times with podcasts.  He arrives at airports too early and shows up at parties too late, but will promptly appear right on time for tacos or whiskey.