SecTor 2025 | Behind Closed Doors - Bypassing RFID Readers & Physical Access Controls

Join me to watch attacks on physical access control systems, showcased during multiple live demos alongside interesting stories from real-life physical Red Team assessments. As a Red Teamer, I did a lot of engagements requiring me to break into buildings protected by RFID-based Access Control Systems. Normally, I would start with access card cloning... but what if it's not an option? What are the other ways in which one could bypass these systems to bypass the security mechanisms of physical ACS? We will see: - How to intercept the communication between the reader and the controller that are using the Wiegand protocol, along with a demo of this attack; - How the reader can be weaponized to perform a downgrade attack, allowing for making a malicious clone of a card that otherwise would be hard to forge; - How the OSDP protocol works and what the security implications of using it are - What are the other ways to bypass the access control security mechanisms? I will also share some experience and stories from Red Team engagements to demonstrate how to try and use this knowledge in real life – possibly without getting caught. By: Julia Zduńczyk | IT Security Specialist, SecuRing Presentation Materials Available at: https://ift.tt/1ySxY4D

source https://www.youtube.com/watch?v=DcmOObS1Wgc