PSV at DEF CON 30

_ __ |_) |_ _ o _ _. | (_ _ _ ._ o _|_ \ / o | | _. _ _ | | | \/ _> | (_ (_| | __) (/_ (_ |_| | | |_ \/ \/ | | | (_| (_| (/_ ___ / __ _ _ _ _ _ / _ _| | _. | | _ / \ | \ |_ |_ / / \ |\ | _) / \ | (_| | |< _> | (|/ |_/ |_ | \_ \_/ | \| _) \_/ \__ +---------------------------------+----------------------------------+--------------------------+ | Friday | Saturday | Sunday | +---------------------------------+----------------------------------+--------------------------+ | ~ | 10:30 Bypass 101 | 10:30 Bypass 101 | | ~ | 11:00 Bypass 102 | 11:00 Bypass 102 | | 11:30 Bypass 101 | ~ | | | 12:30 Pwning Alarm Wires | 12:30 Hacking Biometric Padlocks | 12:30 Forcible Entry 101 | | 13:30 RFID Hacking 101 | 13:30 RFID Hacking 101 | | | 14:30 Pwning RFID From 6ft Away | 14:30 Pwning RFID From 6ft Away | | | 15:30 Elevator Hacking | 15:30 Elevator Hacking | | | ~ | 16:30 RFID Hacking 101 | | | 17:00 Physical Bypasses | ~ | | +---------------------------------+----------------------------------+--------------------------+

Friday	Saturday	Friday
	10:30 Bypass 101	10:30 Bypass 101
	11:00 Bypass 102	11:00 Bypass 102
11:30 Bypass 101
12:30 Pwning Alarm Wires	12:30 Hacking Biometric Padlocks	12:30 Forcible Entry 101
13:30 RFID Hacking 101	13:30 RFID Hacking 101
14:30 Pwning RFID From 6ft Away	14:30 Pwning RFID From 6ft Away
15:30 Elevator Hacking	15:30 Elevator Hacking
	16:30 RFID Hacking 101
17:00 Physical Bypasses

There are loads of ways to get through a door without actually attacking the lock itself, including using the egress hardware, access control hardware, and countless other techniques to gain entry. Learn the basics in this talk. As a founding member of the Physical Security Village, Karen has always been eager to spread awareness of physical security vulnerabilities. Karen works with GGR Security as a Security Risk Assessor. First you’ll get an overview of all hardware and systems involved in access controlled doors and alarm systems, and a multitude of attack vectors to defeat them; then try your hand at a number of these attacks using our physical displays and online games. Bill Graydon is a principal researcher at GGR Security, where he hacks everything from locks and alarms to critical infrastructure; this has given him some very fine-tuned skills for breaking stuff. He’s passionate about advancing the security field through research, teaching numerous courses, giving talks, and running DEF CON’s Physical Security Village. He’s received various degrees in computer engineering, security, and forensics and comes from a broad background of work experience in cyber security, software development, anti-money laundering, and infectious disease detection. Ever wondered how the cards you use to enter your hotel room or the key fobs you use in your car work, and how vulnerabilities in their design and implementation can be exploited? Find out all that and more with this talk. Ege is a security researcher specialising in access control systems and electronics. She is currently pursuing a degree in Electrical Engineering and work part-time for GGR Security as a Security Risk Assessor. Traditional RFID badge cloning methods require you to be within 3 feet of your target. So how can you conduct a physical penetration test and clone a badge if you must stay at least 6 feet from a person? Over the past two years, companies have increasingly adopted a hybrid work environment, allowing employees to partially work remotely which has decreased the amount of foot traffic in and out of a building at any given time. This session discusses two accessible, entry-level hardware designs you can build in a day and deploy in the field, along with the tried-and-true social engineering techniques that can increase your chances of remotely cloning an RFID badge. Langston and Dan discuss their Red Team adventures and methods that can be used beyond a social distancing era. This presentation is supplemented with files and instructions that are available for download in order to build your own standalone gooseneck reader and wall implant devices! +---------+------------------------------+ + Date | Friday | + Time | 14:30-15:00 | +---------+------------------------------+ + Speaker | Langston Clement (aka sh0ck) | + Twitter | @sh0ckSec | +---------+------------------------------+ + Speaker | Daniel Goga | + Twitter | @_badcharacters | +---------+------------------------------+ Langston grew up reading stories about the 90's hacker escapades and after years of observing the scene, he jumped into the cybersecurity field and never looked back. He is the current lead for Red Team operations and Penetration Testing engagements at Core BTS. With over fifteen (15) years of public and private sector experience in cybersecurity and ethical hacking, his goal is to provide organizations with valuable and actionable information to help improve their security posture. Langston's specializations focus on modern-day social engineering techniques, wireless and RFID attacks, vulnerability analysis, as well as physical and cloud penetration testing. Dan Goga serves as a Security Consultant with Core BTS focused on conducting penetration testing and vulnerability assessments. Dan Goga has seven years of information security experience in the public, private, and academic sectors. Dan has extensive knowledge and experience with RFID hacking, phishing techniques, social engineering techniques, and penetration testing Microsoft Active Directory and cloud environments. We're skipping lock picking and discussing the other elements of physical security. Come and learn about the evolution of modern physical security, and what you can do to attack and defend common systems. We'll briefly review terminology and legality before exploring a wide variety of modern security devices and bypasses, with plenty of tricks and tips along the way. Principal Consultant @ Coalfire focused on physical security. Unlawfully arrested on the job in Iowa. Improve things, learn, help people! Elevator floor lockouts are often used as an additional, or the only, layer of security. This talk will focus on how to hack elevators for the purpose of getting to locked out floors – including using special operating modes, tricking the controller into taking you there, and hoistway entry. As a founding member of the Physical Security Village, Karen has always been eager to spread awareness of physical security vulnerabilities. Karen works with GGR Security as a Security Risk Assessor. There are loads of ways to get through a door without actually attacking the lock itself, including using the egress hardware, access control hardware, and countless other techniques to gain entry. Learn the basics in this talk. As a founding member of the Physical Security Village, Karen has always been eager to spread awareness of physical security vulnerabilities. Karen works with GGR Security as a Security Risk Assessor. Now that you’re familiar with the techniques used to bypass locks in some door installation, come and learn the remediations for these common bypasses. In this talk, you will learn how to protect against or harden against attacks such as the Under the Door attack, latch slipping, and more. As a founding member of the Physical Security Village, Karen has always been eager to spread awareness of physical security vulnerabilities. Karen works with GGR Security as a Security Risk Assessor. I demonstrate how to defeat a biometric padlock via USB with a laptop, or with your bare hands, or even with a Defcon badge. While flipping through products a biometric lock caught my attention. It mentioned a back-up "Morse code" feature for unlocking it -- a series of 6 short or long presses, suggesting there were only 64 possible keys. Surely it couldn't be that easy... But wait, there's more! It had another backup unlock feature: a USB port and an app that can unlock it with a PIN, and a default PIN set for bonus stupidity. I had a feeling this was just the tip of the terrible-security-iceberg. I will demonstrate how to defeat this lock with some simple tools, with just your bare hands, and with a USB attack. Hardware security engineer and cryptographer. Demoed the first NFMI attack: an over-the-air remote code exploit against the Defcon 27 badge. Ever wondered how the cards you use to enter your hotel room or the key fobs you use in your car work, and how vulnerabilities in their design and implementation can be exploited? Find out all that and more with this talk. Ege is a security researcher specialising in access control systems and electronics. She is currently pursuing a degree in Electrical Engineering and work part-time for GGR Security as a Security Risk Assessor. Traditional RFID badge cloning methods require you to be within 3 feet of your target. So how can you conduct a physical penetration test and clone a badge if you must stay at least 6 feet from a person? Over the past two years, companies have increasingly adopted a hybrid work environment, allowing employees to partially work remotely which has decreased the amount of foot traffic in and out of a building at any given time. This session discusses two accessible, entry-level hardware designs you can build in a day and deploy in the field, along with the tried-and-true social engineering techniques that can increase your chances of remotely cloning an RFID badge. Langston and Dan discuss their Red Team adventures and methods that can be used beyond a social distancing era. This presentation is supplemented with files and instructions that are available for download in order to build your own standalone gooseneck reader and wall implant devices! +---------+------------------------------+ + Date | Saturday | + Time | 14:30-15:00 | +---------+------------------------------+ + Speaker | Langston Clement (aka sh0ck) | + Twitter | @sh0ckSec | +---------+------------------------------+ + Speaker | Daniel Goga | + Twitter | @_badcharacters | +---------+------------------------------+ Langston grew up reading stories about the 90's hacker escapades and after years of observing the scene, he jumped into the cybersecurity field and never looked back. He is the current lead for Red Team operations and Penetration Testing engagements at Core BTS. With over fifteen (15) years of public and private sector experience in cybersecurity and ethical hacking, his goal is to provide organizations with valuable and actionable information to help improve their security posture. Langston's specializations focus on modern-day social engineering techniques, wireless and RFID attacks, vulnerability analysis, as well as physical and cloud penetration testing. Dan Goga serves as a Security Consultant with Core BTS focused on conducting penetration testing and vulnerability assessments. Dan Goga has seven years of information security experience in the public, private, and academic sectors. Dan has extensive knowledge and experience with RFID hacking, phishing techniques, social engineering techniques, and penetration testing Microsoft Active Directory and cloud environments. Elevator floor lockouts are often used as an additional, or the only, layer of security. This talk will focus on how to hack elevators for the purpose of getting to locked out floors – including using special operating modes, tricking the controller into taking you there, and hoistway entry. As a founding member of the Physical Security Village, Karen has always been eager to spread awareness of physical security vulnerabilities. Karen works with GGR Security as a Security Risk Assessor. Ever wondered how the cards you use to enter your hotel room or the key fobs you use in your car work, and how vulnerabilities in their design and implementation can be exploited? Find out all that and more with this talk. Ege is a security researcher specialising in access control systems and electronics. She is currently pursuing a degree in Electrical Engineering and work part-time for GGR Security as a Security Risk Assessor. There are loads of ways to get through a door without actually attacking the lock itself, including using the egress hardware, access control hardware, and countless other techniques to gain entry. Learn the basics in this talk. As a founding member of the Physical Security Village, Karen has always been eager to spread awareness of physical security vulnerabilities. Karen works with GGR Security as a Security Risk Assessor. Now that you’re familiar with the techniques used to bypass locks in some door installation, come and learn the remediations for these common bypasses. In this talk, you will learn how to protect against or harden against attacks such as the Under the Door attack, latch slipping, and more. As a founding member of the Physical Security Village, Karen has always been eager to spread awareness of physical security vulnerabilities. Karen works with GGR Security as a Security Risk Assessor. Learn about the common methods of forcible entry employed by firefighters, police/military, locksmiths and criminals, and try some out for yourself. Bill Graydon is a principal researcher at GGR Security, where he hacks everything from locks and alarms to critical infrastructure; this has given him some very fine-tuned skills for breaking stuff. He’s passionate about advancing the security field through research, teaching numerous courses, giving talks, and running DEF CON’s Physical Security Village. He’s received various degrees in computer engineering, security, and forensics and comes from a broad background of work experience in cyber security, software development, anti-money laundering, and infectious disease detection.

Physical Security Village Talks at DEF CON 30

Bypass 101

Pwning Alarm Wires

RFID Hacking 101

Pwning RFID From 6ft Away

Physical Security Bypasses

Elevators 101

Bypass 101

Bypass 102

The least secure biometric lock on Earth

RFID Hacking 101

Pwning RFID From 6ft Away

Elevators 101

RFID Hacking 101

Bypass 101

Bypass 102

Forcible Entry 101