Red Team Alliance

PACS 21X

Date:

Location:

Product variants:

Course Overview

PACS 21X provides a comprehensive, globally-focused overview of Physical Access Control System platforms and credential technologies. Building on the foundation established in PACS 201, this full-day course immerses students in the architecture of modern PACS deployments, the credential technologies that drive authentication, and the attack methodologies used to compromise these systems. Students will gain practical experience with tools, exploits, and refined methods for assessing Physical Access Control Systems.

The course covers both legacy and modern credential technologies, including 125 kHz RFID (Prox, Indala, ioProx, EM), 13.56 MHz smart cards (iCLASS, MIFARE, iCLASS SE, Seos, DESFire), and the platform architectures that support them. While this course addresses credential technologies encountered worldwide, students seeking deeper focus on region-specific implementations may also consider the regional variants: PACS 212 (North American), PACS 213 (European), or PACS 214 (Australian).

What You'll Learn

PACS Platform Architecture

Fundamentals of Modern PACS Designs
Door Controllers, Control Panels, and Associated Weaknesses
Back-Haul Protocols and System Integration
Common Design Limitations and Exploitable Configurations

Legacy Credential Technologies

Magnetic Stripe Credentials
125 kHz RFID Technologies: Prox, Indala, ioProx, EM, and Others
Security Limitations of Legacy Technologies
Hands-On: Legacy Credential Assessment

Modern Smart Card Technologies

13.56 MHz and NFC RFID Technologies
iCLASS, MIFARE, iCLASS SE, Seos, and DESFire
Cryptographic Features and Authentication Mechanisms
Hands-On: Smart Card Analysis

Credential Cloning and Replay Attacks

Understanding and Use of "Magic" RFID Credentials
Practical Use of the Proxmark3 RFID Research Tool
Reader Weaponization and Extended-Range Cloning
Hands-On: Credential Cloning Exercises

Protocol-Level Attacks

Wiegand Protocol: Sniffing, Interception, and Replay
Man-in-the-Middle Attack Deployment
Denial of Service Attacks Against PACS
Hands-On: Wiegand Interception Exercises

Tech Downgrade Attacks

Identifying Vulnerable System Configurations
Downgrade Techniques for Seos and DESFire EV1/EV2
Exploiting Backward Compatibility Features

Sensor Manipulation and Bypass

Alarm Contacts and Tamper Switches
Sensor Bypass Methods
Integration Challenges of Biometric Authentication

Hardware Kits

Lab Fee ($30 NA / $50 Other Regions) — Regional Demo Credentials

Required for all students.

Assorted PACS Credential Samples Representing Common Regional Technologies

Field Kit ($250) — Example RFID Reader and Credential Pack

Required for virtual students; optional for in-person attendees.

Example RFID Reader
Extended Credential Demo Pack

Field Kit Plus Add-On ($210)

Required for students who do not own a Flipper Zero.

Flipper Zero

Prerequisites

PACS 201: Physical Access Control Systems: Commercial Platforms and Designs
Proxmark3: Required for all students. Students who do not own a Proxmark3 should contact RTA prior to enrollment.
Flipper Zero: Required for all students. Students who do not own a Flipper Zero must purchase the Field Kit Plus Add-On.
Computer: Computer with administrative access running Windows 10 or Windows 11 natively (not in a VM). Laptops restricted by corporate security policies or Windows "S Mode" may not work during class. Linux and MacOS systems have performed inconsistently; students using these platforms should ensure ready access to a native Windows machine.

Course Progression

After completing PACS 21X, students are prepared to advance to:

PACS 22X: Credentials and Data Models In-Depth

Students may also choose to take other regional variants (PACS 212: North American, PACS 213: European, PACS 214: Australian) for deeper focus on region-specific credential technologies and platform implementations.