Red Team Alliance

PACS 22X

Register Now

Course Overview

Part of Red Team Alliance's complete refresh of the PACS curriculum, PACS 221 takes students deeper into the nuances and idiosyncrasies of modern credential technologies and PACS implementations. This full-day course builds on the foundation established in PACS 210, diving into advanced concepts that are essential for effective offensive security work. Students will explore vendor-specific card data models, Wiegand bit format variations, signed credential objects, and mobile credential implementations.

This course demystifies other community tools such as the Chameleon Ultra, helping students understand what they can and cannot do, and when to use the appropriate tool for the job. Students will also explore reader reconfiguration methods, mobile credentials delivered via BLE, NFC, and Wi-Fi, and the latest research impacting technologies commonly found in North American environments.

What You'll Learn

Vendor Card Data Models

  • Understanding Proprietary Data Structures
  • How Different Vendors Encode and Store Credential Data
  • Identifying and Interpreting Data Model Variations
  • Hands-On: Extracting and Analyzing Card Data

Wiegand Bit Formats In-Depth

  • Beyond 26-Bit: Corporate 1000, 37-Bit, and Proprietary Formats
  • Identifying Unknown Bit Formats in the Field
  • Decoding and Reconstructing Credential Data
  • Hands-On: Bit Format Analysis and Manipulation

Signed Credential Objects

  • iCLASS SE and Secure Identity Objects (SIO)
  • What Signed Objects Are and How to Identify Them
  • What You Can and Cannot Do with Signed Credentials
  • Implications for Offensive Operations

HID Seos and MIFARE DESFire

  • Seos Architecture and Security Model
  • DESFire EV1, EV2, and EV3 Differences
  • Application-Based Security and Key Management
  • Hands-On: Working with Modern Credential Technologies

Mobile Credentials

  • How Vendors Implement Mobile Access (BLE, NFC, Wi-Fi)
  • Mobile Wallet Integrations and Provisioning
  • Security Considerations and Attack Surface
  • Hands-On: Mobile Credential Analysis

Reader Reconfiguration Methods

  • Configuration Cards and How They Work
  • Mobile Apps for Reader Management
  • Offensive Applications and Considerations

Advanced Attack Methodologies

  • Relay Attacks: Concepts and Countermeasures
  • Advanced Downgrade Techniques
  • Targeting Reader and Controller Weaknesses

Latest Research and Regional Considerations

  • Recent Vulnerabilities Impacting North American Deployments
  • Common Enterprise Configurations and Security Gaps
  • Hands-On: Research-Based Attack Scenarios

Even More Tools Beyond the Proxmark3

  • Demystifying the Chameleon Ultra
  • What It Can Do, What It Cannot, and When to Use It
  • Integrating the Chameleon Ultra into Your Workflow
  • Hands-On: Chameleon Ultra Credential Operations

Hands-On Labs Throughout

  • Advanced Credential Analysis Exercises
  • Multi-Tool Workflow Development
  • Regional Challenge Scenarios

Hardware Kits

Lab Fee ($30) — Extended NA Demo Credentials

Required for all students.

  • Extended North American Credential Samples (iCLASS SE, Seos, DESFire)

Field Kit ($100) — Extended NA Challenge Sets

Required for virtual students; optional for in-person attendees.

  • Extended North American Challenge Credential Sets

Field Kit Plus Add-On ($130)

Required for students who do not own a Chameleon Ultra.

  • Chameleon Ultra

Prerequisites

  • PACS 21x: Any regional course (PACS 212, 213, or 214). It is strongly recommended that students complete PACS 212 (North American) before taking this course, as some region-specific credential knowledge is only covered in PACS 212 and students may find certain exercises more challenging without that background.
  • Proxmark3: Required for all students.
  • Flipper Zero: Required for all students.
  • Chameleon Ultra: Required for all students. Students who do not own a Chameleon Ultra must purchase the Field Kit Plus Add-On.
  • Computer: Computer with administrative access and permission to install software. Windows 11 is the official platform used in class. Other operating systems are permitted, but students should understand that live technical support may not be available for OS-specific issues.

Course Progression

After completing PACS 222, students are prepared to advance to:

  • PACS 301: Tool Fabrication and Practical Offensive Labs

Students may also choose to take additional 22x regional courses (PACS 223: European, PACS 224: Australian) to gain exposure to region-specific advanced techniques before progressing. Only one 22x course is required to advance to PACS 301.

Multi-Day Registration Discounts

Planning to take multiple courses? Save when you register for consecutive training days:

  • 2-Day Registration: $125 off per day ($1,375/day)
  • 3+ Day Registration: $250 off per day ($1,250/day)