DEF CON 30 - Sam Quinn, Steve Povolny - Perimeter Breached Hacking an Access Control System

The first critical component to any attack is an entry point. As we lock down firewalls and routers, it can be easy to overlook the network-connected physical access control systems. A study done by IBM in 2021 showed that the average cost of a physical security compromise is $3.54 million and takes an average of 223 days to identify a breach. HID Mercury is a global distributor of access control systems with more than 20 OEM partners, deployed across multiple industries and certified for use in federal and state government facilities. Trellix's Advanced Threat Research team uncovered 4 unique 0-day vulnerabilities and 4 additional undisclosed vulnerabilities leading to remote, unauthenticated code execution on multiple HID Mercury access control panels. These findings lead to full system control including the ability for an attacker to remotely manipulate door locks. During this presentation, we will briefly cover the hardware debugging process, leading to a root shell on the target. We will explore in greater depth the vulnerability discovery techniques, including emulation, fuzzing, static and dynamic reverse engineering, and a detailed walkthrough of several of the most critical vulnerabilities. We’ll address our approach to exploitation using simplistic malware we designed to control system functionality and culminate the talk with a live demo featuring full system control, unlocking doors remotely without triggering any software notification

DEF CON 33 - Cash, Drugs, and Guns - Why Your Safes Aren't Safe - Mark Omo, James Rowley
▶︎

DEF CON 33 - Cash, Drugs, and Guns - Why Your Safes Aren't Safe - Mark Omo, James Rowley

DEFCON 19: Steal Everything, Kill Everyone, Cause Total Financial Ruin! (w speaker)
▶︎

DEFCON 19: Steal Everything, Kill Everyone, Cause Total Financial Ruin! (w speaker)

Cybersecurity Insider Sessions: A Practical Guide to Preparing for Mythos
▶︎

Cybersecurity Insider Sessions: A Practical Guide to Preparing for Mythos

Babak Javadi - Basics of Hacking Physical Access Control Systems - DEF CON 27 Wireless Village
▶︎

Babak Javadi - Basics of Hacking Physical Access Control Systems - DEF CON 27 Wireless Village

DEF CON 33 - Unmasking the Snitch Puck: IoT surveillance tech in the school bathroom - Reynaldo, nyx
▶︎

DEF CON 33 - Unmasking the Snitch Puck: IoT surveillance tech in the school bathroom - Reynaldo, nyx

Kristopher Reese
▶︎

Kristopher Reese

Black Hat 2013 - Exploiting Network Surveillance Cameras Like a Hollywood Hacker
▶︎

Black Hat 2013 - Exploiting Network Surveillance Cameras Like a Hollywood Hacker

Integrated SSDs Should Be Illegal, But Why Would They Care!
▶︎

Integrated SSDs Should Be Illegal, But Why Would They Care!

DEF CON 30 - Lennert Wouters - A Black-Box Security Evaluation of SpaceX Starlink User Terminal
▶︎

DEF CON 30 - Lennert Wouters - A Black-Box Security Evaluation of SpaceX Starlink User Terminal

Is Russia Actually Losing?
▶︎

Is Russia Actually Losing?

DEF CON 30 - Roger Dingledine - How Russia is trying to block Tor
▶︎

DEF CON 30 - Roger Dingledine - How Russia is trying to block Tor

Eyes of a Thief at Big Sky Cyber Summit at LMG
▶︎

Eyes of a Thief at Big Sky Cyber Summit at LMG

CompTIA Network+ Certification Video Course N10-006
▶︎

CompTIA Network+ Certification Video Course N10-006

Radio Hacking: Cars, Hardware, and more! - Samy Kamkar - AppSec California 2016
▶︎

Radio Hacking: Cars, Hardware, and more! - Samy Kamkar - AppSec California 2016

DEF CON 22 - Deviant Ollam & Howard Payne - Elevator Hacking - From the Pit to the Penthouse
▶︎

DEF CON 22 - Deviant Ollam & Howard Payne - Elevator Hacking - From the Pit to the Penthouse

Why Israel is the World's Top Hacking Nation | VICE: Cyberwar | Blueprint
▶︎

Why Israel is the World's Top Hacking Nation | VICE: Cyberwar | Blueprint

DEF CON 23 - Dennis Maldonado - Are We Really Safe? - Bypassing Access Control Systems
▶︎

DEF CON 23 - Dennis Maldonado - Are We Really Safe? - Bypassing Access Control Systems

DEF CON 32 - Inside the FBI’s Secret Encrypted Phone Company ‘Anom’ - Joseph Cox
▶︎

DEF CON 32 - Inside the FBI’s Secret Encrypted Phone Company ‘Anom’ - Joseph Cox

Using NMAP Like a Red Team Operator (OPSEC Matters!)
▶︎

Using NMAP Like a Red Team Operator (OPSEC Matters!)

VPNs in the UK Are About to Become Pointless
▶︎

VPNs in the UK Are About to Become Pointless