Advanced Red Teaming: All Your Badges Are Belong To Us

Presented at DEF CON 22 (2014), Aug. 9, 2014, 3 p.m. (60 minutes).

By definition ”Red Teaming” or Red Team testing originated from the military whereby describing a team whose primary objective is to penetrate the security controls of “friendly” institutions while evaluating their security measures. The term is widely used today to describe any form or blend of logical, physical and social based attacks on an organization. Since the early 2000’s, LARES’ core team members have been presenting on and performing advanced Red Team attacks against all verticals and have a 100% success rate for organizational compromise when performing full scope testing. Fresh out of the think tank of Layer 8 Labs (the R&D division of LARES) and tested in the streets on numerous engagements, this talk will focus specifically on badge access control systems, inherent flaws in their design and demonstrate direct and blended attacks against them. Live demonstrations will be given to show how these flaws lead to facility and system compromise, even against the most secure access control systems and card types being sold to the market today. Custom built tools by the LARES team members will be demonstrated throughout the talk and an interactive discussion will be held at the end of the presentation to discuss current mitigation strategies and industry needs to thwart these attacks going forward.

Presenters:

  • Josh Perrymon - Senior Adversarial Engineer at LARES
    Joshua Perrymon (@packetfocus) is a Senior Adversarial Engineer at LARES. He is a well-rounded certified Ethical Hacker with over 17 years’ experience in the industry. With a focus with real-world exploitation, Josh likes the pressure of Social Engineering and Red Team testing. The type of testing that is always dynamic, and forces quick decisions and persistence. He developed the first OWASP LiveCD "LabRat", and led the Alabama OWASP Chapter. When living in Australia, Josh dove into RFID research, and over the years has worked to take these attacks from the lab to the streets, providing the most advanced and accurate real-world testing. Josh also has worked on a phishing framework over the past ten years, and is focused on bringing that technology to market. When not dressed as a janitor or electrician in attempt to breach a client facility, Josh can be found at his local drag strip playing with nitrous and turbos.
  • Eric Smith - Senior Partner, Principal Security Consultant at LARES
    Eric Smith (@InfoSecMafia) is a Senior Partner and Principal Security Consultant at LARES. Eric is a well-respected, qualified, trained, and certified Ethical Hacker with over 17 years of experience in the IT/IS industry. Eric is experienced in network and application penetration testing, social engineering, Red Team/physical security, wireless, architecture, system hardening, risk/compliance assessments, and policy/procedural development. Eric holds a BS in Information Security Systems along with active CISSP and CISA certifications. When Eric isn’t compromising large scale, heavily protected fortresses, he goes on retreats in search of unicorns, horseshoes and hidden treasures that many claim to be “suicide missions”. Eric was also born with invisible gills and is referred to by close friends and closer enemies as the “phish whisperer”.

Links:

Similar Presentations: