The document outlines an electronic access control workshop focusing on attacking NFC and RF-based systems. It discusses the history and components of access control systems, including tokens, readers, controllers and backends. Specific NFC card technologies like MIFARE Classic, MIFARE Ultralight and HID iClass are examined, noting many have been broken or have shared encryption keys. The document then proposes a methodology for penetration testing NFC access systems and reviews tools like HydraNFC, ProxMark3 and ChameleonMini that can emulate NFC cards or sniff RF transmissions.
Which new scenarios are enabled by Windows 10 for NFC, Bluetooth LE & Beacons?Andreas Jakl
Beacons are one of the hottest topics of mobile development right now. Bluetooth Smart / LE is indispensable for Wearables and the Internet of Things (IoT). NFC is now finally arriving in the mass market.
With Windows 10, Microsoft has significantly expanded the possibilities for proximity technologies. In this overview, you will learn about the new scenarios and see several concrete examples of what is possible and how you can leverage it for your own projects!
Agenda:
NFC
- NFC simulation
- Smart Cards
- Raw NFC tag access
- Host card emulation (HCE)
Bluetooth Smart
- Bluetooth Beacon support
- Beacon specifications (iBeacon, Eddystone & co)
A Best Android Introdtuction .
1. Android Introduction (Android components, Android Architecture, Activity life cycle, Activity stack etc.)
2. Near Field Communication (NFC) Overview.
3. Google map and GPS.
4. Push notification and C2DM concept.
ACR122L is a plug-and-play device that does not require any driver installation. It is a serial interface NFC contactless reader with LCD developed based on the 13.56 MHz RFID technology and the ISO/IEC 18092 NFC standard, and supports ISO 14443 Type A and B cards, Mifare, and all four types of NFC tags.
Near Field Communication is a very Versatile wireless technology. It has its range up to just 10-20 cm, but its short range is its advantage. Lets explore this technology and try to exploit it.
Which new scenarios are enabled by Windows 10 for NFC, Bluetooth LE & Beacons?Andreas Jakl
Beacons are one of the hottest topics of mobile development right now. Bluetooth Smart / LE is indispensable for Wearables and the Internet of Things (IoT). NFC is now finally arriving in the mass market.
With Windows 10, Microsoft has significantly expanded the possibilities for proximity technologies. In this overview, you will learn about the new scenarios and see several concrete examples of what is possible and how you can leverage it for your own projects!
Agenda:
NFC
- NFC simulation
- Smart Cards
- Raw NFC tag access
- Host card emulation (HCE)
Bluetooth Smart
- Bluetooth Beacon support
- Beacon specifications (iBeacon, Eddystone & co)
A Best Android Introdtuction .
1. Android Introduction (Android components, Android Architecture, Activity life cycle, Activity stack etc.)
2. Near Field Communication (NFC) Overview.
3. Google map and GPS.
4. Push notification and C2DM concept.
ACR122L is a plug-and-play device that does not require any driver installation. It is a serial interface NFC contactless reader with LCD developed based on the 13.56 MHz RFID technology and the ISO/IEC 18092 NFC standard, and supports ISO 14443 Type A and B cards, Mifare, and all four types of NFC tags.
Near Field Communication is a very Versatile wireless technology. It has its range up to just 10-20 cm, but its short range is its advantage. Lets explore this technology and try to exploit it.
The Google Nexus S offers support for Near Field Communication (NFC), an extension to an RFID smart card protocol popularly used for secure access, metro passes (Oyster/Clipper), and electronic money (FeliCa/Octopus). NFC in smartphones promises adding these features to the phone you carry by allowing the it to emulate both RFID tag and reader.
NFC additionally adds new capabilities like exchanging configuration data such as WiFi settings, trading vCard contact information, reading URLs, triggering SMS text messages or initiating calls, and secure bi-directional communication between NFC devices.
This session will cover what NFC and RFID is and is not, what Android on the Nexus S is currently capable of, and some examples of how to add NFC to your apps.
http://where2conf.com/where2011/public/schedule/detail/18443
This is a presentation, which lists technical facts about two different types of air interface for contactless proximity smartcards. Similar type of interfaces are used for RFID tag reader communication. This presentation highlights some of the features of Type A and Type B communication to bring out the differences between each of them.
Near field communication (NFC) is a set of standards for smartphones and similar devices to establish radio communication with each other by touching them together or bringing them into proximity, usually no more than a few inches.
SmartWorld is an ISO 9001:2008 IT solutions provider focused in card solutions and secure identification domain. With expertise in card personalization solutions , EMV Testing Tools & Consultancy , e-security & physical access control products, logical access control solutions, SmartWorld provides unrivalled customer service by truly understanding unique secure identification needs. With a passion for providing high quality, innovative products, and an in-depth understanding of the solution application, SmartWorld has earned a name as a trusted identification expert.
SmartWorld has partnered with leading brands such as MAGICARD , CARD EXCHANGE , INGERSOLL RAND SECURITY TECHNOLOGIES , IDTECH etc that positions us to serve the needs of the customer providing turnkey solutions.
Specialties
MAGICARD ID Card Printers, SmartCard Readers, Card Management and Personalization, Schlage Access Control Readers, Badging Solutions, BRITON Electromagnetic Locks, EMV Testing tools, training & consultancy, MIFARE Encoding, Mobile Readers, Smartcard Encoding, NFC
Contact US: enquiries@smartworld.ae
On Relaying NFC Payment Transactions using Android devicescgvwzq
NFC (Near Field Communication) defines the set of RFID standards designed to bidirectionally communicate via wireless and interchange data point-to-point between devices in proximity, normally a few centimeters (up to 10cm). Services that use NFC communications as contactless payments are exponentially growing: Public transport, parkings, fast supermarket cashers, vending machines and even NFC-capable credit/debit cards.In this talk, we investigate relay attacks in NFC-capable credit/debit cards. This attack exploits the communication proximity principle in NFC, which is shown to be non secure. Although a lot of attack countermeasures exist, they do not face with this attack vector since up to date special hardware was required to perform it. However, the story is rewritten with the NFC-capable mobile devices available in the market.
This work shows how nowadays a relay attack in NFC-capable credit/debit cards is possible using an NFC-capable Android device without further modifications (i.e., no root permissions, custom firmware, or custom OS are required). A PoC app implementing the attack is shown in the talk, as well as distributed relay attack scenarios that might become real before long.
Introduction to the Windows 8 Platform Proximity APIs for NFC apps.
Create your own Near Field Communication apps to interact with peers as well as NFC tags. Also introduces the open source NDEF Library for Proximity APIs: http://ndef.codeplex.com/
- Subscribe to proximity messages
- Publish messages to peers and tags (WindowsUri and NDEF records)
- Parse & create NDEF messages (including Smart Posters)
- Launching apps on own and peer devices
- Registering for custom URI schemes and protocols
- LaunchApp tags to directly start the app
- Peer to peer: quick data exchange and long term connections with Wi-Fi Direct / Bluetooth
- Establishing peer to peer socket communications simply by tapping two devices
- User Experience Recommendations for peer to peer apps
ACR128 Dualboost Contact and Contactless Smart Card Reader - product presentation by Advanced Card Systems Ltd. Feel free to visit www.acs.com.hk or www.acr128.com
The Google Nexus S offers support for Near Field Communication (NFC), an extension to an RFID smart card protocol popularly used for secure access, metro passes (Oyster/Clipper), and electronic money (FeliCa/Octopus). NFC in smartphones promises adding these features to the phone you carry by allowing the it to emulate both RFID tag and reader.
NFC additionally adds new capabilities like exchanging configuration data such as WiFi settings, trading vCard contact information, reading URLs, triggering SMS text messages or initiating calls, and secure bi-directional communication between NFC devices.
This session will cover what NFC and RFID is and is not, what Android on the Nexus S is currently capable of, and some examples of how to add NFC to your apps.
http://where2conf.com/where2011/public/schedule/detail/18443
This is a presentation, which lists technical facts about two different types of air interface for contactless proximity smartcards. Similar type of interfaces are used for RFID tag reader communication. This presentation highlights some of the features of Type A and Type B communication to bring out the differences between each of them.
Near field communication (NFC) is a set of standards for smartphones and similar devices to establish radio communication with each other by touching them together or bringing them into proximity, usually no more than a few inches.
SmartWorld is an ISO 9001:2008 IT solutions provider focused in card solutions and secure identification domain. With expertise in card personalization solutions , EMV Testing Tools & Consultancy , e-security & physical access control products, logical access control solutions, SmartWorld provides unrivalled customer service by truly understanding unique secure identification needs. With a passion for providing high quality, innovative products, and an in-depth understanding of the solution application, SmartWorld has earned a name as a trusted identification expert.
SmartWorld has partnered with leading brands such as MAGICARD , CARD EXCHANGE , INGERSOLL RAND SECURITY TECHNOLOGIES , IDTECH etc that positions us to serve the needs of the customer providing turnkey solutions.
Specialties
MAGICARD ID Card Printers, SmartCard Readers, Card Management and Personalization, Schlage Access Control Readers, Badging Solutions, BRITON Electromagnetic Locks, EMV Testing tools, training & consultancy, MIFARE Encoding, Mobile Readers, Smartcard Encoding, NFC
Contact US: enquiries@smartworld.ae
On Relaying NFC Payment Transactions using Android devicescgvwzq
NFC (Near Field Communication) defines the set of RFID standards designed to bidirectionally communicate via wireless and interchange data point-to-point between devices in proximity, normally a few centimeters (up to 10cm). Services that use NFC communications as contactless payments are exponentially growing: Public transport, parkings, fast supermarket cashers, vending machines and even NFC-capable credit/debit cards.In this talk, we investigate relay attacks in NFC-capable credit/debit cards. This attack exploits the communication proximity principle in NFC, which is shown to be non secure. Although a lot of attack countermeasures exist, they do not face with this attack vector since up to date special hardware was required to perform it. However, the story is rewritten with the NFC-capable mobile devices available in the market.
This work shows how nowadays a relay attack in NFC-capable credit/debit cards is possible using an NFC-capable Android device without further modifications (i.e., no root permissions, custom firmware, or custom OS are required). A PoC app implementing the attack is shown in the talk, as well as distributed relay attack scenarios that might become real before long.
Introduction to the Windows 8 Platform Proximity APIs for NFC apps.
Create your own Near Field Communication apps to interact with peers as well as NFC tags. Also introduces the open source NDEF Library for Proximity APIs: http://ndef.codeplex.com/
- Subscribe to proximity messages
- Publish messages to peers and tags (WindowsUri and NDEF records)
- Parse & create NDEF messages (including Smart Posters)
- Launching apps on own and peer devices
- Registering for custom URI schemes and protocols
- LaunchApp tags to directly start the app
- Peer to peer: quick data exchange and long term connections with Wi-Fi Direct / Bluetooth
- Establishing peer to peer socket communications simply by tapping two devices
- User Experience Recommendations for peer to peer apps
ACR128 Dualboost Contact and Contactless Smart Card Reader - product presentation by Advanced Card Systems Ltd. Feel free to visit www.acs.com.hk or www.acr128.com
This seminar presents an overview of networking and local connectivity of Java ME platform: HTTP, Sockets, Datagrams, messaging, Bluetooth, serial and RFID.
Show different Standards as ECMA 340 and 352. Talks about security problems and solutions. Shows ECMA 385 and 386 as a SSE & SCH services for p2p mode.
As conclusions:
NFC by itself cannot provide protection against eavesdropping or data modification. The solution is the establishment of a secure channel over NFC. Since Man in the Middle attacks are unfeasible, a Diffie- Heffman cryptography can be applied. NFC-SEC standard uses ECDH crypto and AES algorithm.
NFC and consumers - Success factors and limitations in retail business - Flor...Florian Resatsch
Shown at the WIMA 2007 in Monaco, this presentation covers ideas and discussions around frequencies for retail business. Consumer applications with NFC are also discussed.
CIVINTEC Global is the world leading R&D and manufacturer of reader devices, terminals and systems, specialized in NFC technology, 13.56MHz contactless smart card, biometric and embedded OS technologies. CIVINTEC Global is an innovative product supplier of smart card and security solutions for various markets which include physical access control, time attendance, club membership, personal identification, public transportation, e-payment etc.
Electronic Access Control Security / Безопасность электронных систем контроля...Positive Hack Days
Ведущий: Маттео Беккаро
Мастер-класс посвящен эксплуатации уязвимостей электронных систем контроля доступа. Ведущий расскажет о наиболее распространенных технологиях, их уязвимостях и возможных способах атаки. Участникам, которым удастся провести атаку, достанутся аппаратные гаджеты Opposing Force.
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблюPositive Hack Days
Ведущий: Маттео Беккаро (Matteo Beccaro)
Доклад посвящен общим вопросам транспортной безопасности, мошенничества и технологических сбоев и будет интересен как профессиональным пентестерам, так и любителям. Докладчик рассмотрит несколько серьезных уязвимостей в реальных транспортных системах, в которых используется технология NFC, и продемонстрирует открытое приложение для тестирования таких систем со смартфона.
Architectural Patterns in IoT Cloud PlatformsRoshan Kulkarni
IoT PaaS platforms help accelerate the delivery of IoT solutions. This deck outlines the various architectural patterns in IoT Cloud Platforms - A useful checklist to ascertain your own IoT Solution Architecture.
This presentation talk about some of the challenges in detecting advanced malware which uses evasion techniques such as inline assembly or previously unknown approaches. The presentation also focuses on leveraging the static code analysis as an opportunity to detect these evasive malware in the sandbox
Inria Tech Talk dédié à une actualité brulante : la sécurité de vos objets connectés.
Aujourd'hui, il est indispensable de développer des outils pour générer les tests de sécurité de ces objets dans des scénarios d’usage réalistes.
Les chercheurs-experts Inria vous présenteront les attaques existantes et celles développées d’une manière artisanale sur des automates programmables industriels et des objets connectés au cours de ces dernières années.
La présentation est disponible ici :
https://french-tech-central.com/events/inria-tech-talk-iot/
Domain 3: Security Engineering - Review (Part 2)
Virtualization and Distributed Computing, System Vulnerabilities, Threats and Countermeasures, Cornerstone Cryptographic Concepts, History of Cryptography, Types of Cryptography and Cryptographic Attacks
My talk from the ICS Cyber Security Conference in Atlanta on October 24th. Really enjoyed the great conversations on a topic which really can highlight the difference of opinions in the ICSsec community. Hope you all enjoy!
[cb22] Red light in the factory - From 0 to 100 OT adversary emulation by Vi...CODE BLUE
Since 2010 Stuxnet caused substantial damage to the nuclear program of Iran, ICS security issues have been raised. Lots of researchers dig into the hacking skills and path and those known attacks in the history and more malwares and events happened. Enterprises need an efficient way to find vulnerabilities but they might not have the budget for ICS pentesters , which need strong background knowledge , and all the fields they have. To solve this problem, we try to make a rare OT targeting , open source adversary emulation tool as a plugin on MITRE open source tool - Caldera. Users can easily combine IT attacks with our OT adversaries and change steps of attacks or send manual commands in the process.
We summarize the experience of reviewing over 20 factories traffic and analyzing 19 MITRE defined ICS malwares, PIPEDREAM/Incontroller in 2022. We found the main trend of ICS malwares changes from single protocol targeting to modularized , multiple protocols supporting. The actions in malwares can be summarized as a 4 stages attacking flow, We will explain it with the real attacks from malwares. We use the above conclusions to build automatic adversary emulation tool.
Now the tool already supports 10 common protocols and over 23 techniques on the MITRE ICS matrix , which is able to reproduce over 80% of defined ICS malware actions in OT. We also follow the 4 stages conclusion to add some attacks havent been used by any malwares. We have tested it on real oil ,gas ,water, electric power factory devices , protocol simulations for SCADA developers and honeypot. We will have a demo in this presentation.
Presentation used during SAP Tech days 2018 in Tokyo during a joint presentation between Hortonworks & Vupico represented by myself, what to think when implementing an IoT strategy. Why use Fog / Edge computing, showcased in a fun use case that I built: a cocktail machine built using raspberry pies with AndroidThings, cameras, TensorFlow lite, Mobilenet 1.0, peristaltic pumps and orchestrated by NiFi.
This presentation goes through several topics areas that are of specific interest in developing IoT Gateway solutions. IoT is a popular area of development that presents unique challenges like hardware and operating system selection, product life-cycle support and maintainability, software architectural solutions, connectivity, security, secure updates, and API availability. We discuss technologies and concepts like Hardware acceleration support, Linux kernel maintenance, Edge networking, LXC/Docker/KVM, Zigbee, 6loPAN, BLE, IoTivity, Allseen Alliance, SELinux and Trusted boot.
The aim of the presentation is to give an overview of the challenges in building an IoT Gateway and the Solutions available using Embedded Linux.
This presentation was delivered at LinuxCon Japan 2016 by Jim Gallagher
From the demise of conventional signature-based endpoint technologies have risen next generation solutions. These technologies have cluttered the marketplace introducing a conundrum for endpoint selection. This session will focus on the key requirements for effective security prevention, detection, and remediation. It will introduce a real-world framework for categorizing endpoint capabilities, and enable selection of solutions matching the unmet needs of security programs. The following topics will be covered:
• What do i actually need?
• Real-world framework to categorize endpoint capabilities
• Map vendors into buckets within the framework
• Housekeeping, what's needed before you even start?
• Cheat sheet of probing questions to ask vendors
• Best practices of deploying best of breed solutions
Similar to Electronic Access Control Security (20)
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
2. Me
||
§ Matteo
Beccaro
§ Founder &
Chief
Technology
Officer
at
Opposing
Force
§ The
first
Italian
company
specialize
in
offensive
physical
security
§ Twitter:
@_bughardy_
|
@_opposingforce
3. What
do
you
need?
||
Extract
the
zip
What
you
will
find
in
the
archive:
§ VM
with
all
tools
and
libraries
for
the
hands-‐on
parts
§ VirtualBox installer
§ VirtualBox guest-‐addition
username: opposingforce
password: opfor2016
4. Workshop’s
index
of
contents
||
§ Module
1
– Introduction
§ Historical
introduction
on
access
control
attacks
§ Module
2
– Attacking
NFC
§ NFC:
what
are
we
talking
about?
§ Weapons
for
NFC-‐based
solutions
§ Penetration
test
methodology
§ Hands-‐on
§ Case
studies
5. Workshop’s
index
of
contents
||
§ Module
3
– Attacking
RF
communications
§ Radio
Frequency
and
EAC
Systems
§ Exploring
Radio
Frequency
communications
in
practice
§ Hands-‐on:
receiving
your
first
transmission
§ SIGINT
with
GNU
Radio
§ Understanding
RF
communications
security
§ Module
4
– The
challenge
§ Introducing
the
challenge
§ The
awards
J
7. Introduction
||
§ Access
Control
system?
A
system
composed
by
several
elements
which
aim
is
to
limit
the
access
to
certain
resources
only
to
authorized
people.
The
system
is
composed
by
two
type
of
elements:
Human Technological
14. What
is
an
Electronic
Access
Control
system?
||
§ It
may
employ
different
technologies
§ NFC
§ RF
§ Biometrics
§ Mag-‐stripe
§ Mobile
phones
§ etc.
16. Agenda
||
§ Module
2
– Attacking
NFC
§ NFC:
what
are
we
talking
about?
§ Weapons
for
NFC-‐based
solutions
§ Penetration
test
methodology
§ Hands-‐on
§ Case
studies
17. What
is
NFC?
||
§ NFC
stands
for
Near
Field
Communication
§ Frequency
at
13.56
MHz
§ 3-‐5
cm
of
range
§ Widely
used
for
§ Access
control
systems
§ Electronic
ticketing
systems
§ Mobile
phone
applications
19. MIFARE
Classic
||
§ 1-‐4
KB
memory
storage
device
§ Strong access
control
mechanisms
§ A
key
is
required
to
access
data
sectors
§ Use
of
Crypto1 Crapto1 algorithm
§ Sadly
broken..
§ ..but
still
so
widely
used
(!)
– RFID
door
tokens,
transport
tickets,
etc.
20. MIFARE
Ultralight
||
§ 64
byte
memory
storage
device
§ Basic
security
mechanisms
§ OTP
(One-‐Time-‐Programmable)
sector
§ Lock
bytes
sector
§ Mostly
used
for
disposable
tickets
§ It
has
some
more
secure
children:
• ULTRALIGHT
C
• ULTRALIGHT
EV
21. MIFARE
DesFire ||
§ 2
KB,
4KB
or
8
KB
memory
size
§ Advanced
security
mechanisms
(3DES,
AES,
etc.)
§ File
system
structure
is
supported
§ Several
variants
are
available
§ DESFIRE
§ DESFIRE
EV1
§ DESFIRE
EV2
22. HID
iClass ||
§ Same
encryption
and
authentication
keys
are
shared
across
every
HID
iClass Standard
Security
installations
(!)
§ Keys
have
already
been
extracted
(!!)
§ Two
variants
§ iClass Standard
(very
common)
§ iClass High
Secure
(not
that
common)
§ Both
variants
are
BROKEN
23. NFC-‐based
Electronic
Access
Control
systems||
§ We
need
to
create
a
common
methodology
§ We
need
tools to
effectively
assess
these
systems
§ We
need
secure
architecturesas
references
and
best
practices
25. The
token
||
§ Usually
a
NFC
card
§ MIFARE
Ultralight
§ MIFARE
Classic
§ HID
§ The
card
can
store
§ Timestamp
of
the
last
stamping
§ Details
on
the
location
where
we
used
the
token
§ Credentials,
access
level,
etc.
26. The
token
||
§ What
about
MIFACE
Classic?
§ It
is
just
BROKEN
§ What
about
MIFARE
Ultralight?
§ Well,
it’s
bleeding..
§ Lock
attack
§ Time
attack
§ Reply
attack..
§ HID
§ BROKEN,
again
27. Readers
||
§ Can
operate
offline
or
online
§ Wire
or
wireless
connected
to
the
controller
§ RS232,
Ethernet,
etc.
§ Usually
supports
multiple
standards
§ Can
store
secrets
and
keys
used
for
authentication
§ Usually
it
can
§ Read
token(s)
data
§ Send
token
data
to
the
controller
§ Give
a
feedback
to
users
on
operation’s
success
28. Controller||
§ Connected
both
to
readers
and
backend
§ Wiegand,
Ethernet,
rs232
§ Receives
data
from
the
reader(s)
§ Support
multiple
readers
technologies
§ Sends
the
data
to
the
backend
§ Open
the
door
§ Deny
the
access
29. The
backend
||
§ It
can
be
cloud-‐based
or
not
§ Usually
wired
connected
§ RS232,
Ethernet,
etc.
§ Performs
multiple
operations
§ Provide
token
validation
“logic”
§ Statistics
§ Logging
30. Agenda
||
§ Module
2
– attacking
NFC
§ NFC:
what
are
we
talking
about?
§ Weapons
for
NFC-‐based
solutions
§ Penetration
test
methodology
§ Hands-‐on
§ Case
studies
31. Tools
of
the
trade
||
§ HydraNFC
§ ProxMark3
§ ChameleonMini
§ NFCulT
32. HydraNFC ||
§ HydraNFC (~90
€)
§ http://hydrabus.com/hydranfc-‐1-‐0-‐specifications/
§ Users
Texas
Instrument
TRF7970A NFC
chipset
(13.56MHz
only)
§ MIFARE
1k
and
14443A
UID
emulation
§ ISO
14443A
sniffing
(also
autonomous
mode)
§ 2
different
raw
modes
33. ProxMark3
||
§ ProxMark3
(~200
€)
§ HF
and
LF
capabilities
§ Very
large
community
§ http://proxmark.org/forum/index.php
§ Supports
almost
every
known
RFID
tags
§ Support
sniffing
and
emulation
34. ChameleonMini ||
§ ChameleonMini (~100
€)
§ http://kasper-‐oswald.de/gb/chameleonmini/
§ HF
(13.56MHz)
only
§ Almost
same
capabilities
as
HydraNFC
§ Different
chipset
§ The
firmware
is
only
available
for
old
revision
35. Opposing
Force
own
weapon
||
§ NFCulT (~0
€)
§ Originally
designed
for
ticketing
systems,
it
can
be
also
used
for
generic
EAC
system
security
assessment
§ Mobile
app
for
NFC-‐enabled
Android
smartphones
§ Implements
Lock,
Time
and
Reply
attacks
§ A
“custom
edit
mode”
is
available
for
bit
by
bit
data
editing
§ The
app
currently
supports
the
MIFARE
Ultralight
format
only
§ MIFARE
Classic
support
will
be
released
on
summer
2016
36. The
custom
editing
feature
||
§ The
features
is
useful
to
better
understand
the
structure
of
data
stored
onto
the
token
§ Quick
encoding
from
hex
to
bin
and
back
§ The
app
allows
token
bit
by
bit
data
editing
37. Agenda
||
§ Module
2
– Attacking
NFC
§ NFC:
what
are
we
talking
about?
§ Weapons
for
NFC-‐based
solutions
§ Penetration
test
methodology
§ Hands-‐on
§ Case
studies
42. The
reader
||
Attack Surface Attacks to
Perform Impact
NFC Interface
Analyze
the
authentication
mechanisms
Secrets
extraction,
MiTM
attacks
Hardware
board
Analyze the
exposed
interface
(JTAG,
UART,
etc.)
Firmware
or secrets
dumping
Ethernet,
wiegand, etc.
Is
MITM
possible?
Intercepting the
exchanged
data
Intercepting secrets
or
sensitive
data
44. The
controller
||
Attack Surface Attacks to
Perform Impact
Hardware
board
Analyze the
exposed
interface
(JTAG,
UART,
etc.)
Firmware
or secrets
dumping
Eth,
serial
Interfaces,
etc.
Is
MITM
possible?
Intercepting the
data
Intercepting secrets
or
sensitive
data
Computer
Application
Analyzing exposed
network
services
Complete control
of
the
machine
(e.g.,
add
new
users)
46. The
backend||
Attack Surface Attacks to
Perform Impact
Web
application(s)
Classic
web
app-‐related
attacks
Data
exfiltration,
service
interruption,
etc.
Network service(s)
Classic
network
services-‐related attacks
Data
exfiltration,
service
interruption,
etc.
Physical location
Try
to
get
physical
access
to
the
servers
Basically,
heavily
PWNED
48. The
channels||
Attack Surface Attacks to
Perform Impact
Hardware
board
Identify
forgotten or
backdoor
pins
Data
exfiltration,
firmware
dumping
External wires
Try
to
intercept
data
passing
through
those
wires
Intercepting
sensitive
information
Wireless connection Intercept
and
inject
data
Intercepting sensitive
information,
send
spoofed
information
49. Agenda
||
§ Module
2
– Attacking
NFC
§ NFC:
what
are
we
talking
about?
§ Weapons
for
NFC-‐based
solutions
§ Penetration
test
methodology
§ Hands-‐on
§ Case
studies
51. Agenda
||
§ Module
2
– attacking
NFC
§ NFC:
what
are
we
talking
about?
§ Weapons
for
NFC-‐based
solutions
§ Penetration
test
methodology
§ Hands-‐on
§ Case
studies
54. MIFARE
Ultralight
ticketing
system
||
Lock
bit
for
the
OTP
sector
is
not
checked
by
the
stamping
machine
Absence
of
a
UID
blacklist
in
the
backend
Timestamps
are
not
encrypted
nor
signed
59. Agenda
||
§ Module
3
– Attacking
RF
communications
§ Radio
Frequency
and
EAC
Systems
§ Exploring
Radio
Frequency
communications
in
practice
§ Hands-‐on:
receiving
your
first
transmission
§ SIGINT
with
GNU
Radio
§ Understanding
RF
communications
security
60. Radio
Frequency
and
EAC
Systems
||
§ Radio
Frequency
identification
is
widely
used
to
control
physical
accesses
§ Advantages
§ Automatic
identification
§ High
reliability
§ High
security
61. Radio
Frequency
and
EAC
Systems
||
§ Different
technologies
based
on
operating
frequency
band
§ Low
Frequency
(LF)
– 125
KHz
§ High
Frequency
(HF)
– 13.56
MHz
§ Ultra
High
Frequency
(UHF)
– 433
MHz,
860-‐960
MHz
and
2.4
GHz
62. Radio
Frequency
and
EAC
Systems
||
Low
Frequency
band
§ Tags
§ Access
control
token
63. Radio
Frequency
and
EAC
Systems
||
High
Frequency
band
§ Door
locks
§ Ticketing
systems
64. Radio
Frequency
and
EAC
Systems
||
Ultra
High
Frequency
band
§ Automated
Gates
§ Keyless
Entry
Systems
§ Alarms
§ Smart
Locks
65. Radio
Frequency
and
EAC
Systems
||
§ Common
technologies
and
protocols
§ Fixed
and
rolling
code
§ NFC
§ Bluetooth
§ ZigBee
§ Z-‐Wave
66. Agenda
||
§ Module
3
–Attacking
RF
communications
§ Radio
Frequency
and
EAC
Systems
§ Exploring
Radio
Frequency
communications
in
practice
§ Hands-‐on:
receiving
your
first
transmission
§ SIGINT
with
GNU
Radio
§ Understanding
RF
communications
security
67. Exploring
Radio
Frequency
communication
||
§ How
to
explore
wireless
communications?
§ Software
Defined
Radio
(SDR)
devices
with
GNU
Radio
§ Software
implementation
of
most
parts
of
a
radio
system
§ Cheap
hardware
§ High
flexible
68. Exploring
Radio
Frequency
communication
||
Device Frequency
Range Bandwidth Price
RTL-‐SDR
Dongle 24
MHz
– 1.76
GHz
2.4
MHz ~
20
€
HackRF 1
MHz
– 6
GHz 20
MHz ~
300
€
USRP B200 70
MHz
– 6
GHz 56
MHz ~
700
€
Three
SDR-‐compatible
devices
69. Exploring
Radio
Frequency
communication
||
§ GNU
Radio
§ Platform
to
develop
radio
applications,
called
flowgraphs
§ Series
of
connected
signal
processing
blocks
§ GNU
Radio
libraries
include
blocks
to
perform
signal
processing
70. Exploring
Radio
Frequency
communication
||
§ GNU
Radio
§ Supports
the
programming
of
custom
C++
blocks
§ GNU
Radio
Companion
(GRC)
§ Graphical
UI
to
program
GNU
Radio
applications
§ Supports
the
creation
of
UI
for
applications
80. Agenda
||
§ Module
3
– Attacking
RF
communications
§ Radio
Frequency
and
EAC
Systems
§ Exploring
Radio
Frequency
communications
in
practice
§ Hands-‐on:
receiving
your
first
transmission
§ SIGINT
with
GNU
Radio
§ Understanding
RF
communications
security
82. Agenda
||
§ Module
3
– Attacking
RF
communications
§ Radio
Frequency
and
EAC
Systems
§ Exploring
Radio
Frequency
communications
in
practice
§ Hands-‐on:
receiving
your
first
transmission
§ SIGINT
with
GNU
Radio
§ Understanding
RF
communications
security
83. SIGINT
with
GNU
Radio
||
§ Define
a
methodology
to
study
real
world
signals
§ Three
main
steps
Intercept
and
record
signal
Study
characteristics
Reverse
transmitted
data
84. SIGINT
with
GNU
Radio
||
§ Define
a
methodology
to
study
real
world
signals
§ Three
main
steps
Intercept
and
record
signal
Study
characteristics
Reverse
transmitted
data
85. SIGINT
with
GNU
Radio
||
§ GQRX
§ SDR
receiver
and
spectrum
analyzer
based
on
GNU
Radio
and
QT
Graphical
toolkit
§ User-‐friendly
interface
§ Supports
RTL-‐SDR,
HackRF, USRP
and
other SDR
devices
§ Records
signal
to
WAV
file
93. SIGINT
with
GNU
Radio
||
§ Black-‐box
interception
of
a
RF
signal
§ If
the
frequency
is
unknown,
search
power
peaks in
the
spectrum
94. SIGINT
with
GNU
Radio
||
§ Define
a
methodology
to
study
real
world
signals
§ Three
main
steps
Intercept
and
record
signal
Study
characteristics
Reverse
transmitted
data
95. SIGINT
with
GNU
Radio
||
§ Modulation
§ Impresses
a
waveform,
called
carrier,
with
another
signal
that
contains
data
to
be
transmitted
96. SIGINT
with
GNU
Radio
||
§ Signal
Identification
Guide
www.sigidwiki.com/wiki/Signal_Identification_Guide
97. SIGINT
with
GNU
Radio
||
§ Audacity
§ Useful
to
study
recorded
signals
§ Support
RAW
data
files
used
with
USRP
and
HackRF utilities
98. SIGINT
with
GNU
Radio
||
§ Case
Study:
remote
control
at
433
MHz
99. SIGINT
with
GNU
Radio
||
§ Case
Study:
remote
control
at
433
MHz
100. SIGINT
with
GNU
Radio
||
§ Case
Study:
remote
control
at
433
MHz
101. SIGINT
with
GNU
Radio
||
§ Let’s
study
the
signal
§ Amplitude
Modulation
(AM)
§ Only
two
amplitude
levels
§ Binary
transmission
using
On-‐Off
Keying
(OOK)
modulation
§ Repeated
trains
of
pulses
§ Different
lengths
to
encode
the
‘0’
and
‘1’
bit
102. SIGINT
with
GNU
Radio
||
§ Define
a
methodology
to
study
real
world
signals
§ Three
main
steps
Intercept
and
record
signal
Study
characteristics
Reverse
transmitted
data
103. SIGINT
with
GNU
Radio
||
§ Focus
on
a
single
train
§ The
first
pulse
indicates
the
beginning
of
the
“message”
104. SIGINT
with
GNU
Radio
||
§ Transmitted
message
is
001010010001
§ Short pulses
represent
binary
‘0’
while
long
pulses
binary
‘1’
105. Agenda
||
§ Module
3
– Attacking
RF
communications
§ Radio
Frequency
and
EAC
Systems
§ Exploring
Radio
Frequency
communications
in
practice
§ Hands-‐on:
receiving
your
first
transmission
§ SIGINT
with
GNU
Radio
§ Understanding
RF
communications
security
106. SIGINT
with
GNU
Radio
||
§ Case
study’s
solution
security
§ The
remote
control
always
sends
same
fixed code
(!)
§ Malicious
people
can
record
and
replay
signals
thus
obtaining
an
unauthorized
access
§ Solution
§ Rolling
code
107. SIGINT
with
GNU
Radio
||
§ Rolling
Code
§ Remote
control
always
sends
different codes
§ Sender
and
receiver
are
synchronized
with
an
internal
counter
§ An
hardware
algorithm
calculates
the
‘next’
code
on
the
basis
of
the
internal
counter’s
value
§ A
widely
used
algorithm
is
KeeLoq
§ Rolling
code
is
NOT
a
unbreakable
mechanism..
109. Agenda
||
§ Module
4 – The
challenge
§ Introducing
the
challenge
§ The
awards
J
110. Challenge
introduction||
You
are
now
part
of
a
Red
Team,
which
has
been
engaged
to
breach
the
physical
security
of
a
high
security
facility
controlled
by
a
super
secret,
and
“probably”
evil,
organization
known
as
h4k3rZ
T34mZ
Your
task
is
to
open
the
external
facility’s
electric
gate,
thus
allow
your
team
to
enter
the
facility
and
proceed
with
the
intrusion..
111. Hint?
||
You
find
one
employee’s
remote
controller..
It
seems
to
be
broken
and
you
can’t
use
it
to
open
the
gate
but
you
decide
to
open
it
to
see
inside….