As penetration testers and security professionals, we need ways to ensure that we can gain persistent access to secured areas and facilities during our testing. What we need is a way to gather cards during penetration tests that won’t alert our targets that we’ve copied their cards. In order to be discreet, we must copy their cards from a short distance with a normal looking bag. During this time we will talk about how we have overcome these challenges with a weaponized HID reader. We’ll also talk about how we use this during our ongoing penetration tests to gain access on some of our most physically secure clients- as well as provide details on card systems and how they work. Finally, we’ll also share the design and process for our device, the RavenHID- which improves on some previous garage reader designs allowing the gathering of badges from up to two feet directly to a mobile phone.

Back to Derbycon 2014 video list