DEF CON 31 - Unlocking Doors from Half a Continent Away - Trevor Stevado, Sam Haskins

Contactless credentials have become increasingly popular for secure authentication and access control systems due to their convenience and efficiency. In this talk, we will discuss a specific weakness in the ISO 14443A protocol that enables replay attacks over moderate latency connections, leading to the potential for long-range relay attacks. During the presentation, we will delve into the history of contactless credential attacks, how manufacturers have adapted, and discuss why we focused on a relay attack. We will provide an overview of the ISO 14443A protocol and explain how the relay attack is executed and the ‘features’ of the underlying protocol that make it possible. Finally, we will demonstrate and release a new tool to make this relay attack feasible with the Proxmark, as we attempt to unlock a door in Ottawa, ON with a card on-stage in Vegas. In addition, we will discuss the response from HID Global following our responsible disclosure against their SEOS readers and suggest mitigations to prevent these attacks on your access control systems.

DEF CON 33 - Cash, Drugs, and Guns - Why Your Safes Aren't Safe - Mark Omo, James Rowley
▶︎

DEF CON 33 - Cash, Drugs, and Guns - Why Your Safes Aren't Safe - Mark Omo, James Rowley

Cybersecurity Architecture: Who Are You? Identity and Access Management
▶︎

Cybersecurity Architecture: Who Are You? Identity and Access Management

Neil Perry
▶︎

Neil Perry

Access Control Fundamentals: PART 2: Readers, Panels, OSDP, Wiegand & Mobile Explained
▶︎

Access Control Fundamentals: PART 2: Readers, Panels, OSDP, Wiegand & Mobile Explained

How The Dark Web Actually Works | How Crime Works | Insider
▶︎

How The Dark Web Actually Works | How Crime Works | Insider

Kristopher Reese
▶︎

Kristopher Reese

DEF CON 31 War Stories - Tracking the Worlds Dumbest Cyber Mercenaries - Cooper Quintin
▶︎

DEF CON 31 War Stories - Tracking the Worlds Dumbest Cyber Mercenaries - Cooper Quintin

DEF CON 32 - From getting JTAG on the iPhone 15 to hacking Apple's USB-C Controller - Stacksmashing
▶︎

DEF CON 32 - From getting JTAG on the iPhone 15 to hacking Apple's USB-C Controller - Stacksmashing

DEF CON 32 - Inside the FBI’s Secret Encrypted Phone Company ‘Anom’ - Joseph Cox
▶︎

DEF CON 32 - Inside the FBI’s Secret Encrypted Phone Company ‘Anom’ - Joseph Cox

Something is jamming GPS over Europe. Here's what we found
▶︎

Something is jamming GPS over Europe. Here's what we found

DEF CON 31 - Visual Studio Code is Why I Have Workspace Trust Issues - Chauchefoin, Gerste
▶︎

DEF CON 31 - Visual Studio Code is Why I Have Workspace Trust Issues - Chauchefoin, Gerste

Billionaire's WARNING: I'm SELLING. The Crash Is Already Here!
▶︎

Billionaire's WARNING: I'm SELLING. The Crash Is Already Here!

DEF CON 31 - From Feature to Weapon  Breaking Microsoft Teams and SharePoint  - Nestori Syynimaa
▶︎

DEF CON 31 - From Feature to Weapon Breaking Microsoft Teams and SharePoint - Nestori Syynimaa

The World's Most Important Machine
▶︎

The World's Most Important Machine

Qubes OS: The Last Bastion of Digital Freedom
▶︎

Qubes OS: The Last Bastion of Digital Freedom

Nicholas Carlini - Black-hat LLMs | [un]prompted 2026
▶︎

Nicholas Carlini - Black-hat LLMs | [un]prompted 2026

DEF CON 31 - Spread Spectrum techniques for anti drone evasion David Melendez, Gabriela Garcia
▶︎

DEF CON 31 - Spread Spectrum techniques for anti drone evasion David Melendez, Gabriela Garcia

I spent 7 days evading America’s 82 MILLION surveillance cameras
▶︎

I spent 7 days evading America’s 82 MILLION surveillance cameras

Update from Ukraine | Huge! Ukraine Liberates South! Russians Run! More Ships Lost
▶︎

Update from Ukraine | Huge! Ukraine Liberates South! Russians Run! More Ships Lost

DEF CON 32 - Finding & exploiting local attacks on 1Password Mac desktop app - J. Hoffman, C. Morgan
▶︎

DEF CON 32 - Finding & exploiting local attacks on 1Password Mac desktop app - J. Hoffman, C. Morgan