Exploiting Enterprise Access Control

Presented at SAINTCON 2019, Oct. 22, 2019, 2:30 p.m. (60 minutes)

RFID-based access control is everywhere in your life. It's at your work, its in your apartment building, it lets you into hotels. Come and learn how it all works, how it is implemented in the real world (often incorrectly), how it can be exploited, and how these problems can be mitigated. This is a beginner level talk; everyone can learn something from it!

Presenters:

• Kaydan/Pips - DC801
  A seasoned challenge creator and gamemaster, Pips has authored and made countless cybersecurity related challenges for Colleges, DEFCON, Conferences, etc. Pips is a Security Engineer working in FINTECH. Previously, he has worked as an access control architect for an MSP, creating and deploying access control solutions across Utah. He gives his time over the last five years to the local non-profit hackerspace 801labs, and is an organizer/twitter manager for DC801.

Links:

• https://saintcon2019.sched.com/event/W6To/exploiting-enterprise-access-control

Similar Presentations:

• ToorCon San Diego 18 (2016) / R&D report: how to test access control before your IT inadvertently breaks
• THOTCON 0x3 (2012) / How I fucked your grandma
• DEF CON 23 (2015) / Are We Really Safe? - Bypassing Access Control Systems