3-DAY TECH TRAINING 1 – Subverting Access Control Systems

Early Bird (< 31st May): SGD2299

Normal (> 1st June): SGD2799

Due to unforseen circumstances, Opposing Force has canceled this training course. Matteo Beccaro will still be speaking in the main conference.


Subverting Access Control Security is a 3 days long training focused on teaching a common methodology for exploiting of modern EAC systems. The training is designed to introduce the most common access control technologies and applied the learned methodology to those, moreover details on their vulnerabilities and available attack methods will be provided. During the training the attendees will be provided with significant hands-on laboratory exercises with real hardware and real-world scenarios.

A final challenge will allow students to test learned methods and win extra hardware gadgets offered by Opposing Force.

What students will get:

All the students will receive an HydraBus and HydraNFC board plus course slides and materials

Prerequisite Knowledge:

None. Basic knowledge of security principles is preferred.

Module 01 – Introduction

1.1 Introducing Electronic Access Control technologies
1.1.1 A brief historical introduction on access control systems attacks
1.1.2 Taxonomy, technologies and fields of use
1.1.3 EACS Pentesting Methodology Technology mapping  OSINT: finding & analyzing available documentations Technology assessment Authorization model verification

Module 02 – Attacking RFID/NFC Systems

2.1 The arsenal
2.2 Welcome to da (MIFARE) family
2.3 MIFARE Classic
2.3.1 Data structure
2.3.2 Communication
2.3.3 Vulnerabilities and attacks
2.4 MIFARE Ultralight
2.4.1 Data structure
2.4.2 Communication
2.4.3 Vulnerabilities and attacks
2.5 MIFARE DESFire EV1 and EV2
2.5.1 Introduction and past vulnerabilities
2.6 Hands-on
2.6.1 Analyzing real-world examples of MIFARE Ultralight weak implementations
2.6.2 Attacking a MIFARE Classic-based EACS
2.7 HiD
2.7.1 iClass Data structure Communication Vulnerabilities and attacks
2.7.2 HiD Prox Data structure Communication Vulnerabilies and attacks
2.7.3 Indala Data structure Communication Vulnerabilities and attacks

Module 03 – Attacking the hardware

3.1 The Arsenal
3.2 The Reader
3.2.1 Technologies PIN code based NFC/RFID based Biometric based Magstripe based
3.2.2 Communication protocols and attacks
3.2.3 Network-based attacks
3.2.4 Firmware analysis
3.3 The Controller
3.3.1 The controller role
3.3.2 Accessing analysis Physical access Network access

Module 04 – Attacking Radio Frequency Communication

4.1 Radio Frequency and EAC systems
4.1.1 Technologies and applications
4.2 The Arsenal
4.3 Exploring Radio Frequency communication in practice
4.3.1 What is Software Defined Radio (SDR)
4.3.2 GNU Radio Companion
4.4 Known communication protocols
4.4.1 Zigbee
4.4.2 Bluetooth
4.4.3 WiFi
4.5 Unknown communication protocols
4.5.1 Fixed & Rolling codes Use cases Signal analysis Hands-on Vulnerabilities and attacks

Module 05 – The Challenge

5.1 Challenge introduction
5.2 Hands-on
5.2.1 Planning and executing the attack
5.2.2 Challenge’s solution final analysis

Our website: http://www.opposingforce.it

Location: InterContinental Date: August 22, 2016 Time: 9:00 am - 6:00 pm Matteo Beccaro Roberto Fin