Due to unforseen circumstances, Opposing Force has canceled this training course. Matteo Beccaro will still be speaking in the main conference.
Overview
Subverting Access Control Security is a 3 days long training focused on teaching a common methodology for exploiting of modern EAC systems. The training is designed to introduce the most common access control technologies and applied the learned methodology to those, moreover details on their vulnerabilities and available attack methods will be provided. During the training the attendees will be provided with significant hands-on laboratory exercises with real hardware and real-world scenarios.
A final challenge will allow students to test learned methods and win extra hardware gadgets offered by Opposing Force.
What students will get:
All the students will receive an HydraBus and HydraNFC board plus course slides and materials
Prerequisite Knowledge:
None. Basic knowledge of security principles is preferred.
Syllabus:
Module 01 – Introduction
1.1 Introducing Electronic Access Control technologies
1.1.1 A brief historical introduction on access control systems attacks
1.1.2 Taxonomy, technologies and fields of use
1.1.3 EACS Pentesting Methodology
1.1.3.1 Technology mapping
1.1.3.2 OSINT: finding & analyzing available documentations
1.1.3.3 Technology assessment
1.1.3.4 Authorization model verification
Module 02 – Attacking RFID/NFC Systems
2.1 The arsenal
2.2 Welcome to da (MIFARE) family
2.3 MIFARE Classic
2.3.1 Data structure
2.3.2 Communication
2.3.3 Vulnerabilities and attacks
2.4 MIFARE Ultralight
2.4.1 Data structure
2.4.2 Communication
2.4.3 Vulnerabilities and attacks
2.5 MIFARE DESFire EV1 and EV2
2.5.1 Introduction and past vulnerabilities
2.6 Hands-on
2.6.1 Analyzing real-world examples of MIFARE Ultralight weak implementations
2.6.2 Attacking a MIFARE Classic-based EACS
2.7 HiD
2.7.1 iClass
2.7.1.1 Data structure
2.7.1.2 Communication
2.7.1.3 Vulnerabilities and attacks
2.7.2 HiD Prox
2.7.2.1 Data structure
2.7.2.2 Communication
2.7.2.3 Vulnerabilies and attacks
2.7.3 Indala
2.7.3.1 Data structure
2.7.3.2 Communication
2.7.3.3 Vulnerabilities and attacks
Module 03 – Attacking the hardware
3.1 The Arsenal
3.2 The Reader
3.2.1 Technologies
3.2.1.1 PIN code based
3.2.1.2 NFC/RFID based
3.2.1.3 Biometric based
3.2.1.4 Magstripe based
3.2.2 Communication protocols and attacks
3.2.3 Network-based attacks
3.2.4 Firmware analysis
3.3 The Controller
3.3.1 The controller role
3.3.2 Accessing analysis
3.3.2.1 Physical access
3.3.2.2 Network access
Module 04 – Attacking Radio Frequency Communication
4.1 Radio Frequency and EAC systems
4.1.1 Technologies and applications
4.2 The Arsenal
4.3 Exploring Radio Frequency communication in practice
4.3.1 What is Software Defined Radio (SDR)
4.3.2 GNU Radio Companion
4.4 Known communication protocols
4.4.1 Zigbee
4.4.2 Bluetooth
4.4.3 WiFi
4.5 Unknown communication protocols
4.5.1 Fixed & Rolling codes
4.5.1.1 Use cases
4.5.1.2 Signal analysis
4.5.1.3 Hands-on
4.5.1.4 Vulnerabilities and attacks
Module 05 – The Challenge
5.1 Challenge introduction
5.2 Hands-on
5.2.1 Planning and executing the attack
5.2.2 Challenge’s solution final analysis
Our website: http://www.opposingforce.it
