ATTACKING THE HID ACCESS CONTROL SYSTEM - Alex Dib

Alex comes from a mechanical/robotics background where he uses his acquired knowledge to conduct covert and overt physical security assessments specializing in physical access control systems. He has contributed to several open source projects such as the official Proxmark3 repository, Concierge, Wiegotcha and more. Alex is currently serving as a Security Consultant at NCC Group. This talk will cover 3 attack vectors on the HID access control system; Long Range RFID cloning, networked door controller exploitation and a replay attack. You will learn how the HID access control system works at a high level and how the RFID card traverses using the Wiegand protocol. Capturing, Cloning and Using the Long Range readers will be explained and demonstrated including a build guide. When Long range cloning fails and you have network access, this talk will cover how to exploit the networked door controller to open doors and add your own RFID credential to the database. When all else fails, using the ESP-RFID-TOOL device to replay credentials will be explained and demonstrated.