HITB Lab: Electronic Access Control Security

This is a 120 minute workshop focused on exploiting techniques of modern EAC (Electronic Access Control) systems. The workshop is designed to introduce the most common access control technologies, and provide details on their vulnerabilities and available attack methods. Attendees will be provided with significant hands-on laboratory exercises including a final challenge where students will test learned methods and win hardware gadgets offered by Opposing Force.
LOCATION: Track 3 / HITB Labs
DATE: May 27, 2016
TIME: 10:45 am - 12:45 pm

Lab Syllabus
Module 01 – Introduction
1×01 Introducing Electronic Access Control technologies
1×02 A brief historical introduction on access control systems attacks

Module 02 – Attacking Near Field Communication
2.1 Welcome to da (MIFARE) family
2.2 MIFARE Classic
2.2.1 Data structure
2.2.2 Communication
2.2.3 Vulnerabilities and attacks Crypto1 – or how to NOT design your own crypto
2.3 MIFARE Ultralight
2.3.1 Data structure
2.3.2 Vulnerabilities and attacks The Reset Attack The Lock Attack The Time Attack The Reply Attack
2.4 MIFARE DESFire EV1 and EV2
2.5 Hands-on
2.5.1 Analyzing real-world examples of MIFARE Ultralight weak implementations Hacking a custom-made door lock Abusing a ticketing system for free rides
2.5.2 Attacking a MIFARE Classic-based EACS

Module 03 – Attacking Radio Frequency Communications
3.1 Radio Frequency and EAC systems
3.1.1 Technologies and applications
3.2 Exploring Radio Frequency communication in practice
3.2.1 What is Software Defined Radio (SDR)
3.2.2 GNU Radio Companion The environment Handling flow graphs and blocks
3.3 Hands-on: receiving your first transmission
3.4 SIGINT with GNU Radio
3.4.1 Signal detection
3.4.2 Analyzing modulation and data
3.5 Understanding RF communication security
3.5.1 Overview of common attacks
3.5.2 “Sniffing out” the ether
3.5.3 Replying and spoofing: identity theft in the world of RF

Module 04 – The Challenge
4.1 Challenge introduction
4.2 Hands-on
4.2.1 Planning and executing the attack
4.2.1 Results final analysis


Post a Comment

Previous Post Next Post