Card cloning doesn't have to be hard.

Presented at ToorCon San Diego TwentyOne (2019), Nov. 8, 2019, 5 p.m. (25 minutes).

I’ve created an open source web interface to the Proxmark3-rdv4 hardware that makes it easy for anyone to work with the tools. I do a quick overview of technologies, and a live demo of the tool.

Many people use low-frequency and hi-frequency cards to control access to their offices, datacenters, and even hardware devices. I’ve created an open source web interface for the Proxmark3-rdv4 hardware that makes it easy for anyone to work with the tools. This could be easily deployed to something like a Raspberry Pi zero, and then any mobile device with a web browser can talk with it, making this a mobile tool for pentesting projects. I will do a quick overview of the common types of access cards, and how you can easily clone some of these cards or even run brute force attacks against the readers. I will have a demo set up for people to check out the software/hardware and can do some real-time badge cloning in the space after the talk.


Presenters:

  • David Bryan / VideoMan as David Bryan - Aka VideoMan
    David M. N. Bryan is an penetration tester with X-Force Red, IBM’s elite security testing team. Responsibilities include establishing standardized tools and processes for our consultants and working with clients on penetration testing projects. David has well over a decade of experience. From being a defender of security at a top ten banks, to securing the DEF CON network. David has been a participant in the information security community for over two decades. David has been the attacker in many scenarios as a penetration tester covering: ATMs, embedded devices, network, wireless, web applications, and physical security. David has presented at many security conferences including: BlackHat, DEF CON, ToorCon, LayerOne, ToorCamp, BSides Events, AppSecUSA, Etc. David lives in cold, but beautiful Minneapolis Minnesota.

Links:

Similar Presentations: