Tweet
Title: Ghosting the PACS-man: New Tools and Techniques
Description:
Do you fear the PACS-man? Do you lie awake at night atop your pile of RFID cards of unknown origin, pondering grand questions of access control? Is Wiegand a card or a data format? What is an "encrypted" credential and is it actually any more secure? Fear not, fellow explorer. Come discuss your woes with professional ghosts of access control and learn how to keep the PACS-man at bay. This livestream will provide a holistic context of modern access control and outline common design limitations that can be exploited when systems are not implemented correctly. From credentials, to readers, to door controllers and beyond, Babak Javadi and Iceman from the Red Team Alliance will share a practical understanding of what PACS looks like in the field, and how to intercept, clone, downgrade, replay, and one's way through the system.
The talk will demonstrate several new tools, exploits, and refined methods for compromising modern PACS, including:
- DoS Attacks Involving Improper Reconfiguration of Readers
- New iCLASS Standalone Modes for Proxmark3 RDV4.0
- Tech Downgrade Attacks: Techniques for compromising systems using high security credentials such as SEOS and DESFire EV1/EV2.
- Plus More Special Surprises!
Customers, integrators, and system designers will also learn more about best practices and defensive methods that can be used to defend systems and deter attackers.
Speaker(s): Iceman, Omikron
Location: Wireless Vlg
Discord: https://discord.com/channels/7082082...32595493666826
Event starts: 2020-08-09 12:00 (12:00 PM) PDT (UTC -07:00)
Event ends: 2020-08-09 13:00 (01:00 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-09T02:03 (UTC).
Description:
Do you fear the PACS-man? Do you lie awake at night atop your pile of RFID cards of unknown origin, pondering grand questions of access control? Is Wiegand a card or a data format? What is an "encrypted" credential and is it actually any more secure? Fear not, fellow explorer. Come discuss your woes with professional ghosts of access control and learn how to keep the PACS-man at bay. This livestream will provide a holistic context of modern access control and outline common design limitations that can be exploited when systems are not implemented correctly. From credentials, to readers, to door controllers and beyond, Babak Javadi and Iceman from the Red Team Alliance will share a practical understanding of what PACS looks like in the field, and how to intercept, clone, downgrade, replay, and one's way through the system.
The talk will demonstrate several new tools, exploits, and refined methods for compromising modern PACS, including:
- DoS Attacks Involving Improper Reconfiguration of Readers
- New iCLASS Standalone Modes for Proxmark3 RDV4.0
- Tech Downgrade Attacks: Techniques for compromising systems using high security credentials such as SEOS and DESFire EV1/EV2.
- Plus More Special Surprises!
Customers, integrators, and system designers will also learn more about best practices and defensive methods that can be used to defend systems and deter attackers.
Speaker(s): Iceman, Omikron
Location: Wireless Vlg
Discord: https://discord.com/channels/7082082...32595493666826
Event starts: 2020-08-09 12:00 (12:00 PM) PDT (UTC -07:00)
Event ends: 2020-08-09 13:00 (01:00 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-09T02:03 (UTC).