Physical Penetration & Electronic Access Control Hacking
August 4 - August 7
Physical security is an oft-overlooked component of data and system security in the technology world. While frequently forgotten, it is no less critical than timely patches, appropriate password policies, and proper user permissions. You can have the most hardened servers and network, but that doesn’t make the slightest difference if someone can gain direct access to a keyboard or, worse yet, march your hardware right out the door.
Both mechanical lock systems as well as electronic access controls will be covered in depth… and students will be provided all the tools as well as the knowledge needed to bypass them! Those who attend this course will leave with a full awareness of how to best protect buildings and grounds from unauthorized access, as well as how to compromise most existing physical security in order to gain access themselves.
This training is ideal for any individual who is tasked with making physical security decisions for existing or new facilities.
During days One and Two of this course, attendees will not only learn how to distinguish good locks and access control from poor ones, but will also become well-versed in picking and bypassing many of the most common locks in order to assess their own company’s security posture or to augment their career as a penetration tester.
The training concludes on days Three and Four with an intense specialization focus: physical access control systems and electronic credentials. Students will be immersed in the world of 125KHz (low frequency) credentials, vehicle transponders, 13.56MHz (high frequency) credentials, and smart cards. Whether an enterprise is using HID Prox cards, NXP Hitag chips, Mifare credentials, or even iCLASS technology, students who take this course will be well-versed in the functionality, weaknesses, and attack vectors of such systems. From how to perform practical card cloning attacks in the field to advanced format downgrade attacks, students are prepared for real-world red team scenarios and learn how to exploit access control technology with the latest attack hardware. There are also modules detailing the backend of such systems, which opens the door to Man in the Middle and Denial of Service attacks.