Too often our community focuses on the proliferation of software flaws and exploits and forget that our virtual universe is rooted in the physical world. Without the ability to protect the physical hardware that underpins everything we strive to protect we are doomed to fail. Like the lock and key, there is an assumption that as access control systems are a security device, they are actually secure. Over the two days of this course, we will dispel these myths, and show you the real access control industry. Discover the real vulnerabilities in access control systems, the technologies in use, and their strengths, weaknesses and limitations.
RFID should also be high on any security minded person's agenda, given the proliferation of markets that are adopting this new and exciting technology. From transport payment systems to hotel door keys, ID cards to ePassports, credit cards to human implants, car keys to clothing labels, these things are everywhere and are not without their associated risks...
What you will learnThis course will teach you the fundamentals of access control systems, the reader and token technologies in use today, and the back-end protocols used to communicate between the components.
RFID will be examined in particular detail, with reference to recent high profile (and less well known) security issues.
This will include:
We will look at the detail of how each technology works, their relative strengths and weaknesses, as well as specific vulnerabilities and how to exploit and defend against them.
Course StructureThe two day course will be split into:
Information security officers, particularly those charged with the physical security of their buildings or sites, or those in companies with integrated IT and physical security systems and processes.
Penetration testers, red teams, law enforcement, military and forensic examiners also stand to benefit from insights into weaknesses in systems they may come into contact with.
PrerequisitesThis is a hands on course, so students should bring an Intel based laptop with bootable CD drive, or a Linux based system that they are prepared to install utilities and tools onto.
is a security researcher and entrepreneur with over 20 years experience in the technology and security industries, and, amongst other things, has been the Operations Director of DEFCON for nearly 15 years. He divides his time between advising governments, military and the police on access control vulnerabilities and researching credential technologies, detection technologies, creating bypass devices and developing defenses for exposed flaws. From time to time he is a speaker and trainer at international security conferences. In 2007 he made global news when he released the first cross platform access control system vulnerability. Founding his first company in 1994, he went on to develop one of the world’s first web application servers, completed the first online credit card transaction with a major UK bank and designed the software that ran Europe’s busiest website. Additionally, he holds half a dozen or so international patents.
is a white hat hacker and open source security researcher with over 20 years experience, and a string of 'firsts' to his name. He wrote the world's first CD ripper, co-published the world's first open source secure web server (Apache-SSL), co-founded the world's first commercial multi-user online game (Gods), founded the world's first ultra secure hosting facility based in a nuclear bunker, exposed the world's first Bluetooth security holes, and now spends his life speaking and training and trying to find the world's first technology without a security flaw in it... He is currently focused on RFID and publishes an open source python library at http://RFIDIOt.org.
Early:
Ends Feb 1 |
Regular: |
Late: |
Onsite: |
€ 1600 |
€ 1800 |
€ 2000 |
€ 2300 |
Black Hat USA 2009
July 25-30
Caesars Palace
Las Vegas, NV
Training July 25-28
Briefings July 29-30
Black Hat USA Briefings Main page is online now.
Find out about our 2009 venue, Caesars Palace.
Black Hat Webcasts
On the third Thursday of every month, Black Hat does a free infosec webcast. Meet security thought leaders and get your questions answered.
Can't make it to our live webcast events? Subscribe to the Black Hat Webcast RSS feed and take the webcasts with you in podcast form.
Upcoming Topics
Black Hat Social
LinkedIn
LinkedIn members can join our Black Hat Group and post news articles of interest to the community, make connections and discuss security topics.
Facebook
We have a Facebook fan page now. Please check us out there - share your ideas, your photos, and your videos with us.
Flickr
Check out our Black Hat photostream. Comment. Contribute. Got great pix? Share with the community.
Twitter
Find out what's going on with Black Hat in real time by following us on Twitter. Meet other Black Hat speakers and attendees, share what matters to you.
Delicious
When something in the news catches our eye at Black Hat HQ, we post the link on Delicious.