Physical Access Control Systems: Practical Hacking and Defense of RFID PACS [2-Day MERCYHURST STUDENTS ONLY]

This listing is explicitly reserved for students of Mercyhurst. You MUST register using your student email address!

Add code MERCYHURST at checkout for additional $440 off.

Practical security is the foundation of any security model.

Beyond firewalls and network hardening, government and enterprise alike must consider how security infrastructure safeguards digital, material, and human assets. Physical security is foundational to the ability to resist unauthorized access or malicious threat.

In this training developed by world-renowned access-control expert Babak Javadi, students will be immersed in the mysteries of PACS tokens, RFID credentials, readers, alarm contacts, tamper switches, door controllers, and back-haul protocols that underpin Physical Access Control Systems (PACS) across the globe. The course provides a holistic and detailed view of modern access control and outlines common design limitations that can be exploited. Penetration testers will gain a practical understanding of what PACS looks like in the field, and how to intercept, clone, downgrade, replay, and bypass one's way through the system. Defenders, designers, and directors will come with away with best practices and techniques that will resist attacks.

This listing is explicitly reserved for students of Mercyhurst. You MUST register using your student email address!

Participation will include hands-on practical experience with tools, exploits, and refined methods for compromising modern Physical Access Control Systems.

Course Curriculum

• Fundamentals of Modern PACS Designs
• Sensor Manipulation and Bypass Methods
• Historical and Modern Security Tokens Including,
• Magnetic Stripe
• 125KHz RFID Technologies including Prox, Indala, ioProx, EM, and others
• 13.56MHz and NFC RFID Technologies including iCLASS, MIFARE, iCLASS SE, Seos, DESFire, and others.
• Understanding and Use of "Magic" RFID Credentials in Cloning Operations
• Integration Challenges of Biometric Authentication
• Practical Instruction, Understanding, and Use of the Proxmark3 RFID Research and Attack Tool
• Reader Weaponization and Extended-Range RFID Cloning
• Tech Downgrade Attacks: Techniques for Identifying Vulnerable System Configurations of Seos and DESFire EV1/EV2
• Principal Methods of Operation of Door Controllers, Control Panels, and their Associated Weaknesses
• Deploying Denial of Service Attacks
• Wiegand Protocol Sniffing, Interception, and Replay

Students will be well-prepared for real-world red team scenarios and learn how to exploit access control technology with the latest attack hardware.  There are also modules detailing the back-end of these systems, allowing Man in the Middle and Denial of Service attacks.

Necessary Hardware Provided On Loan for Class:

• The RFID Door Simulator: Colloquially known as the "Building in a Box", this unique piece of equipment is a self-contained unit intended to simulate authentication operations performed by a paired RFID credential reader and an upstream door controller. It features a unique multi-technology RFID credential reader, an integrated door controller, an OLED display, and a power supply. Enrolled students will practice interacting with a wide array of credential technologies and get hands-on experience with the tools, techniques, and procedures necessary for executing multiple kinds of attacks against PACS environments in the field.
• Proxmark3 RDV 4.01
• Professional PACS Credential Demo Pack: A comprehensive collection of specially configured PACS credentials representing the top technologies used worldwide.
• Penetration Tester's Blank Credential Pack: A comprehensive and practical selection of special-purpose credentials that can be reprogrammed to emulate a wide variety of credentials, including 125KHz, 134KHz, and 13.56MHz technologies.

The hardware kit is provided on loan only. Students wishing to purchase the hardware kit should purchase the regular listing and add discount code MERCYHURST.

Student Prerequisites

• Windows 10 or Windows 11 x64 w/ Administrative Rights
• Webcam and Microphone
• Appropriate Firewall / Security Access

Students will be required to be ready to participate with a computer natively running Windows 10 or Windows 11 with local administrative rights.  Laptops that are restricted from running software due to corporate security policies or the use of Windows "S Mode" may not work during class.

Virtual Machines and other operating systems have performed inconsistently. Students may bring a Linux or MacOS system as well, but those doing so should ensure that they have ready access to a native Windows machine.

Students must ensure local security polices or firewalls do not block any necessary access.