Aperture Labs Ltd. // Adam Laurie

Register Now

Abu Dhabi 2010 Training Session //Nov 8-9


Too often our community focuses on the proliferation of software flaws and exploits and forget that our virtual universe is rooted in the physical world. Without the ability to protect the physical hardware that underpins everything we strive to protect we are doomed to fail. Like the lock and key, there is an assumption that as RFID systems are part of a security device, they are actually secure. Over the two days of this course, we will dispel these myths, and show you the real RFID industry. Discover the real vulnerabilities in the technologies in use, and their strengths, weaknesses and limitations. RFID should also be high on any security minded person's agenda, given the proliferation of markets that are adopting this new and exciting technology. From transport payment systems to hotel door keys, ID cards to ePassports, credit cards to human implants, car keys to clothing labels, these things are everywhere and are not without their associated risks...

What you will learn:

This course will teach you the fundamentals of RFID systems, the reader and token technologies in use today, and the low level protocols used to communicate between them. We will look at the detail of how each technology works, their relative strengths and weaknesses, as well as specific vulnerabilities and how to exploit and defend against them.

Course Structure:

The two day course will be split into:

  • Day one: Overview of reader and card technologies, interface protocols, biometrics, vending, e-passports.
  • Day two: Attack and defence. Each technology will be examined from the attacker and defender's point of view.

Who Should Attend:

Information security officers, particularly those charged with the physical security of their buildings or sites, or those in companies with integrated IT and physical security systems and processes. Penetration testers, red teams, law enforcement, military and forensic examiners also stand to benefit from insights into weaknesses in systems they may come into contact with.

What to bring:

This is a hands on course, so students should bring an Intel based laptop with bootable CD drive, or a Linux based system that they are prepared to install utilities and tools onto.


Adam Laurie is a freelance security consultant working the in the field of electronic communications. He started in the computer industry in the late Seventies, working as a computer programmer on PDP-8 and other mini computers, and then on various Unix, Dos and CP/M based micro computers as they emerged in the Eighties. He quickly became interested in the underlying network and data protocols, and moved his attention to those areas and away from programming, starting a data conversion company which rapidly grew to become Europe's largest specialist in that field (A.L. downloading Services). During this period, he successfully disproved the industry lie that music CDs could not be read by computers, and, with help from his brother Ben, wrote the world's first CD ripper, 'CDGRAB'. At this point, he and Ben became interested in the newly emerging concept of 'The Internet', and were involved in various early open source projects, the most well known of which is probably their own—'Apache-SSL'—which went on to become the de-facto standard secure web server. Since the late Nineties they have focused their attention on security, and have been the authors of various papers exposing flaws in Internet services and/or software, as well as pioneering the concept of re-using military data centres (housed in underground nuclear bunkers) as secure hosting facilities. Adam has been a senior member of staff at DEFCON since 1997, and also acted as a member of staff during the early years of the Black Hat Briefings, and is a member of the Bluetooth SIG Security Experts Group and speaks regularly on the international conference circuit on matters concerning Bluetooth security. He has also given presentations on forensics, magnetic stripe technology, InfraRed and RFID. He is the author and maintainer of the open source python RFID exploration library 'RFIDIOt', which can be found at http://rfidiot.org.

Ends Sep 14

Ends Oct 31

Ends Nov 7

Nov 8