Flipping Out About PACS - Applied Modern Hacking Tools and Techniques [3-Day]

The people have spoken and the Alliance has listened: This is the Access Control and Flipper workshop you've been waiting for.

This training encompasses everything in our 2-Day RFID Physical Access Control System Hacking training but also includes new a third day focused on research with the Flipper Zero, a new generation of tools, and practical field techniques.

Participation will include hands-on practical experience with tools, exploits, and refined methods for compromising modern Physical Access Control Systems.

Course Curriculum for Days 1 and 2

• Fundamentals of Modern PACS Designs
• Sensor Manipulation and Bypass Methods
• Historical and Modern Security Tokens Including,
• Magnetic Stripe
•  125KHz RFID Technologies including Prox, Indal, ioProx, EM, and others
•  13.56MHz and NFC RFID Technologies including iCLASS, Legic Prime, MIFARE, DESFire, ISO1443A, ISO1443B, ISO15693, and others.
•  Understanding and Use of "Magic" RFID Credentials in Cloning Operations
•  Biometric Authentication
•  Practical Instruction, Understanding, and Use of the Proxmark3 RFID Research and Attack Tool
• Reader Weaponization and Extended-Range RFID Cloning
• Tech Downgrade Attacks: Techniques for Identifying Vulnerable System Configurations of SEOS and DESFire EV1/EV2
• Principal Methods of Operation of Door Controllers, Control Panels, and their Associated Weaknesses
• Deploying Denial of Service Attacks
• Wiegand Protocol Sniffing, Interception, and Replay

Students will be well-prepared for real-world red team scenarios and learn how to exploit access control technology with the latest attack methods.

Workshop Curriculum for Day 3 (Specific Items May Be Adjusted)

• Fundamental Hardware Hacking Concepts
• Flipper Zero: The Modern Swiss Army Knife
• NARD SAM: If you can't crack the combo, just take the whole safe!
• Modern Downgrade Attacks: Making Rube Goldberg Proud
• Saleae Logic: Data Tap of Omens - Sight Beyond Sight
• Target Hardware (TBD): Welcome To Your Playground
• iButtons: Insecurity You Can Choke On
• RF and SDR: Radio Catch and Release for Fun
• Intro to Hardware Reverse Engineering
• Group Activity: Identifying Components
• Group Activity: Beginning Exploration
• Student Activities and Solo Challenges

The Standard Hardware Kit Includes:

• The RFID Door Simulator: Colloquially known as the "Building in a Box", this unique piece of equipment is a self-contained unit intended to simulate authentication operations performed by a paired RFID credential reader and an upstream door controller. It features a unique multi-technology RFID credential reader, an integrated door controller, an OLED display, and a power supply. Enrolled students will practice interacting with a wide array of credential technologies and get hands-on experience with the tools, techniques, and procedures necessary for executing multiple kinds of attacks against PACS environments in the field.
• Proxmark3 RDV 4.01 Retail Package
• Professional PACS Credential Demo Pack: A comprehensive collection of specially configured PACS credentials representing the top technologies used worldwide.
• Penetration Tester's Blank Credential Pack: A comprehensive and practical selection of special-purpose credentials that can be reprogrammed to emulate a wide variety of credentials, including 125KHz, 134KHz, and 13.56MHz technologies.
• ESPKey Wiegand Interception Tool: A stamp-sized man-in-the middle attack tool that can be deployed against most systems to intercept, replay, and manipulate credential data in-transit.

The Hardware Hacking Kit Includes:

• Flipper Zero: Flipper Zero with Silicone Case
  
• NARD SAM: Designed by killergeek and bettse, this handy little expansion board allows your newly (or old-ly) acquired Flipper Zero to talk to up to two SIMs or SAMs! Why on earth would you want this? Probably because of the next inclusion.
• Special Purpose Secure Element: Along with your shiny new NARD SAM we've gone ahead and secured a number of some super-handy secure elements that happen to be preloaded with some really useful secrets!
• indelB Safe 10 Plus Smart Digital Hospitality Safe: Every student will get a practical, real-world example of security hardware that will serve as a learning platform! What better way to kick things off other than your very own hospitality safe with iButton support?
  
• Saleae Logic 8 Discount: We've partnered with our the manufacturers of our favorite hardware hacking tool to for a special discount! Students participating in this course are eligible to request student pricing from Saleae following completion of the course.
  

A Flipper Zero is required for participation! Students who are providing their own Flipper Zero are not required to purchase one, but students should be prepared to backup and re-flash their Flipper if necessary!

This special training/workshop combo will be offered both virtually and on-site at the flagship RTA covert entry training facility in Las Vegas, NV. On-site seats will be limited so make sure to grab a spot early!

*The box may not be black and may not be a box.