Introduction to Smart Cards and leveraging them in attacks

Presented at BSides Austin 2018, March 9, 2018, 10 a.m. (60 minutes).

Most admins assume that deploying the cumbersome smart card will secure their identity challenges. The fact is, PKI smart cards suffer similar vulnerabilities that most other security controls do and can be bypassed using reasonable software attack vectors. In this workshop, pen testers will get an overview of how smart cards work including example call stacks, common use cases and deployment configurations, learn workarounds for poor policies and configurations, how a smart card defends itself, and how to leverage their high trust in attacks. This high level overview will cover OS-level and software based attacks, and will not cover hardware, wireless, or physical attacks on smart cards.


Presenters:

  • Tim Honker - Security Solutions Engineer II - Rapid7
    Tim Honker enjoys building things and breaking other people's things. Since 2010, Tim has served at several cybersecurity companies specializing in IAM, MFA, vulnerability management, and penetration testing. Currently a Senior Solutions Engineer at Rapid7, Tim previously worked at a major IAM provider as level 2 support troubleshooting PKI smart cards in complex Fortune 500 environments, and helped troubleshoot partner's custom source code to interface with their smart card libraries, middleware, and drivers. Tim is currently a Senior Sales Engineer for Rapid7's Threat Exposure Management portfolio.

Links:

Similar Presentations: