Speakers

  1. Alex Dib
  2. Datagram
  3. Matt ‘Huxleypig’ Smith
  4. Jaakko Fagerlund
  5. James
  6. Jos Weyers
  7. Logan Woods
  8. Luca Bongiorni
  9. MewSec
  10. Michael Maynard
  11. Nullwolf
  12. Peter Field
  13. Mitch ‘Priyer’ Robert
  14. rfc6919
  15. Roger G. Johnston, Ph.D., CPP

Speaker details

  1. hackergotchi of Alex Dib Alex Dib

    Talk Attacking the HID Access Control System

    This talk will cover 3 attack vectors on the HID access control system; Long Range RFID cloning, networked door controller exploitation and a replay attack. You will learn how the HID access control system works at a high level and how the RFID card traverses using the Wiegand protocol. Capturing, Cloning and Using the Long Range readers will be explained and demonstrated including a build guide. When Long range cloning fails and you have network access, this talk will cover how to exploit the networked door controller to open doors and add your own RFID credential to the database. When all else fails, using the ESP-RFID-TOOL device to replay credentials will be explained and demonstrated.

    Working as a Security Consultant for 2 years, currently at NCC Group. Specialisation in Physical Security & Access Control.
  2. hackergotchi of Datagram Datagram

    Talk The Forensics of Lockpicking

    This talk discusses Forensic Locksmithing - the art of identifying microscopic evidence of various non-destructive, covert entry techniques: lockpicking, impressioning, bumping, and more! While you may not be able to see it from the outside, almost all entry methods leave evidence inside locks that can be identified! Time permitting, we’ll also cover inspection of keys, tools, and various “anti-forensics” tools.

    datagram is a physical and digital security expert from the USA that specializes in non-destructive entry, tamper-evident technologies, penetration testing, and cyber security.
  3. hackergotchi of Matt ‘Huxleypig’ Smith Matt ‘Huxleypig’ Smith

    Talk Self Impressioning; the Locks That Pick Themselves

    “Can you imagine being able to pick a lock in seconds with your eyes closed? Can you imagine doing it in a manner so easy that a small child could do it just as well as you? Now imagine doing this to the most secure locks on the planet! Locks like Evva 3KS, Abloy Protec II or Bilock? Compared to picking, conventional impressioning is a rarely used method for NDE of locks. This is because it takes a lot of skill and time to master, as well as access to the requisite key blanks. Self impressioning is impressioning with the skill and time removed. This talk will go through the theory of self impressioning as well as its practical application. As with most techniques, they are only as good as the tools and self impressioning tools are often the most intricate, beautiful works of art ever seen in the locksmithing world. We will study some of these tools, such as the Turbo Decoder (for auto locks), Magic Keys (for lever locks), the tubular lock tool (that we all own) as well as some others that I promise will be a very nice surprise!

    Matt Smith’s history in security goes back longer than he cares to remember. Starting with socially engineering access to sporting events and music festivals (The Ashes, World Cup, Glastonbury) he then got into physec from circumventing the locks on (and subsequently emptying) vending machines. After realising that there might be a legitimate future in it, he went on to work as a locksmith for several years before settling into his current role as a locktool and lock designer. Specialising in disc detainer locks, he cut his teeth by breaking Abloy Classic (after 107 years!), going onto design and make tools for the whole of the Abloy family, as well as the Silver Bullet (universal disc detainer tool). He also has designed many other tools for magnetic locks, lever locks, dimple locks, slider locks and is currently working on a universal pin tumbler decoding system. Also, Bsc (hons) Computer Science.
  4. hackergotchi of Jaakko Fagerlund Jaakko Fagerlund

    Talk The Unpickable Kromer Protector

    An in-depth view into a very old mechanical key lock and what makes it very difficult to pick and decode. This talk will show the mechanics of how the key and lock operates, what kind of anti-pick functions and anti-decoding functions it has, where it is or was used and is it possible to make a tool for it or why is there no tools for it.

    Tool & die maker, safe cracker
  5. hackergotchi of James James

    Talk Understanding, testing and improving physical security teams

    It’s 2:00 AM. While on site for a red team engagement, you walk around a corner to find yourself face-to-face with a security officer. What should you do? What will they do? What do you actually know about this person? Based on over a decade working on the operational side of physical security, this talk looks at the people behind the uniform: who they are, how they operate, and what they do (and don’t do). With a focus on red teaming and security consulting, we’ll go through the key things to know about physical security teams, as well as some practical considerations for red team testing. Finally, we’ll look at good security practices to help build security officer effectiveness.

    James worked in physical security for over ten years before discovering information security as the perfect place to combine his passion for security with his love of tech. During that time, he worked in almost every type of physical security role, performed security analysis and risk assessments to inform national counter-terrorism policy, and led a highly-trained corporate security team as a local security manager with one of world’s largest investment banks. Now a cyber security consultant and occasional red teamer, he enjoys helping clients solve complex problems, translating between technical and non-technical people, and using outdated memes.
  6. hackergotchi of Jos Weyers Jos Weyers

    Talk Attacking masterkeyed systems (the easy way)

    Ever taken several locks apart to figure out their masterkey ? Or had to cut a handful of keys to unearth that hidden treasure ? Guess what ? You’re doing it wrong.

    Jos is a world-record holder in the field of lock impressioning and a mainstay participant at LockSport events around the world. A long-time member of TOOOL in the Netherlands and a key figure at the Hack42 hackerspace in Arnhem, Jos is the Vice-President of TOOOL.nl and helps to oversee that organization and the LockCon conference. Some people know him as the Dutch Kilt guy. Featured in the New York Times. Voted #2 in the category “Hackers and Security” of the Nerd101-list of VrijNederland June 2015.
  7. hackergotchi of Logan Woods Logan Woods

    Talk 8 ways to get past a door

    An important part of physical security red teaming is gaining access to restricted areas. Most commonly, organisations control access using the humble door, with some sort of mechanism to prevent it from being opened by unauthorised parties. This talk will cover eight non-destructive entry techniques, from incredibly simple to rather complex, that have got the presenter past an access control door, and some ways these vulnerabilities could be mitigated

    Logan is a security consultant at Aura Information Security. With a specialisation in physical security and red teaming, a large part of his job is getting into places he shouldn’t be, ideally without anyone noticing.
  8. hackergotchi of Luca Bongiorni Luca Bongiorni

    Talk ANP Catalog: The Adversarial Ninja Playset. How To Bring Your Red Teaming Arsenal To Next Level.

    During the last few years, Red Teaming engagements got more and more popular. This trend has pushed some hackers to R&D and release new opensource devices with the intent to make PhySec operations even more interesting. Smoothing the path to new TTPs and improving some old ones. During this talk will be presented five hacking devices developed from Offensive Ninjas, for Offensive Ninjas: * WHID Injector (a wifi-enabled Rubberducky on steroids and its mobile app, that allows to remotely inject keystrokes and bypass air-gapped environments). * P4wnP1 (a wifi-enabled BashBunny on steroids that allows a wide range of attacks, ranging from air-gap bypass to NET-NTLMv2 creds theft & crack a.k.a. Windows Lockpicker). * WHID Elite (a 2G-enabled offensive device that allows a threat actor to remotely inject keystrokes, bypass air-gapped systems, conduct mousejacking attacks, do acoustic surveillance, RF replay attacks and much more). * RFID-Tool (a wifi-enabled Wiegand bus implant that can sniff & replay data in order to steal & bypass RFID access control systems). * POTAEbox (a work-in-progress multi-purpose penetration dropbox that can be dropped over the “enemy lines” and bypass .1x NAC, act rogue AP and stealthy pwn an entire corporate LAN). For each of these devices, we will go through their technical specifications and operational features. Passing, of course, through some real case scenarios where you can apply them during an Adversary Simulation. Nonetheless, will be presented also some tips for Blue-Teamers on how to detect and mitigate them.

    Luca is working as Principal Offensive Security Engineer within the AppSec Team of Bentley Systems. He is also actively involved in InfoSec where the main fields of research are: Radio Networks, Reverse Engineering, Hardware Hacking, Internet of Things and Physical Security. He also loves to share his knowledge and present some cool projects at security conferences around the globe: BlackHat Europe & USA Arsenal, TROOPERS, HackInParis, DEFCON USA, HackInBo, DEFCON Moscow, OWASP Chapters, SAS, etc. At the moment is focusing his researches on bypassing biometric access control systems, ICS Security and Air-Gapped Environments.
  9. hackergotchi of MewSec MewSec

    Talk The art of human shell for introverts

    An introverted ex psych student turned security consultant will go through privilege escalation and the art of human shell from Social Engineer’s perspective. They will go through Psych 101 concepts, easy mode and boss mode security engagements and empathy as an attack vector.

    μsec - Sydney based security consultant. I mainly focus on Red Teaming, Social Engineering and Physical Security Assessments. I like coffee, Hardware Hacking and memes.
  10. hackergotchi of Michael Maynard Michael Maynard

    Talk A beginners guide to manipulation

    Dial combination safe locks are the pinnacle of mechanical locking systems, and they certainly have a mystique all their own. The safe locks we use today are beautiful pieces of engineering and represent the latest product of an endless arms race between lock makers and safecrackers. But here’s the thing: like all locks, with a little knowledge and a bit of skill they can be beaten. This talk will show you how the Group 2 three wheel safelock works. You’ll learn its weaknesses. And I’ll give you the basic tools you’ll need in order to be one of the few people on the planet that can beat them.

    Michael Maynard is a full time optometrist and part time lock nerd. He lives in Napier, on the east coast of New Zealand’s North Island. He is interested mostly in mechanical locking systems, and in particular likes reverse engineering commercial products to see what the designers were thinking, and what compromises were made in the design of the lock. He picked his first lock in the 1970’s and hasn’t really stopped since.
  11. hackergotchi of Nullwolf Nullwolf

    Talk Side Channel Attacks (for encrypted RF transmissions and other things)

    This talk will focus on performing power analysis to derive encryption keys, and how it can be applied to miscellaneous other devices, including IoT and RF devices, where encryption is getting in your way.

    nullwolf is a Principal Technical Specialist, and the Redteam Subject Matter Expert, at Hivint (a Trustwave Company). When he’s not out redteaming he can be found reverse engineering Software Defined Radio / RF devices and Hardware Hacking.
  12. hackergotchi of Peter Field Peter Field

    Talk Elements of Lock Cylinder Design Cylinders

    Elements of Lock Cylinder Design is an overview of the parts or elements that make a lock cylinder, and the comparison of how variations in the individual elements can increase or decrease the security of the lock.

    By analyzing the components in a cylinder, it is possible to develop a summary of the security rating of the lock. We will use illustrations and photographs of the cylinder to understand how various locks operate. We will use illustrations and photographs to see what the lock and keys look like, how they operate and estimatewhat security they provide.

    Director of Research at Medeco Security Locks.
  13. hackergotchi of Mitch ‘Priyer’ Robert Mitch ‘Priyer’ Robert

    Talk Thinking outside the lock, how I defeated the Bowley, the Forever Lock, and the Yuema 750.

    A detailed overview of the thought process, research, tool design and fabrication, and ultimately how the Bowley lock, the Forever Lock and the Yuema 750 were defeated.

    I’m a tow truck operator that got interested in picking when I got a set of picks from a convention. I got interested in the “unpickable” because for me they are more of a puzzle than other locks and require more research and thought to get into them.
  14. hackergotchi of rfc6919 rfc6919

    Talk RF based analysis of an ISM-band alarm system

    Low-speed ISM-band radio communications are cheap and simple to design into a product, and are conveniently amenable to interception and analysis. This presentation will walk through the analysis of an alarm system that uses this communication layer for control and sensor signalling, focussing on tools & techniques as well as some access control bypasses discovered along the way.

    Defensive sysad by trade, I make things for pay and break things for fun.
  15. hackergotchi of Roger G. Johnston, Ph.D., CPP Roger G. Johnston, Ph.D., CPP

    Talk Three Decades of Defeating Physical Security

    “This fast-moving talk is a summary of lessons learned (both offensively and defensively) from 3 decades of conducting vulnerability assessments and defeating a wide variety of physical security devices, systems, and programs. Attacks and countermeasures for the following will be covered: tampering-indicating seals, intrusion detection, cargo security, electronic voting machines, “indelible” voter’s ink, general election security, electronic locks, biometrics, GPS, RFIDs, tags, product tampering/counterfeiting, and drug testing kits/protocols. We will also examine some of the most common design flaws in physical security devices and systems. The talk will conclude with be a brief discussion of general problems and recommendations concerning insider threat mitigation, psychology & security, layered security, nuclear safeguards, cryptography, and security management.

    Roger G. Johnston, Ph.D., CPP is head of Right Brain Sekurity, a company devoted to security consulting, vulnerability assessments, and R&D. Roger received his Bachelor’s Degree from Carleton College in 1977, and his M.S. and Ph.D. degrees in physics from the University of Colorado in 1983. Dr. Johnston was founder and head of the Vulnerability Assessments Teams at Los Alamos National Laboratory (1985-2007) and Argonne National Laboratory (2007-2015). He has provided consulting, training, vulnerability assessments, and R&D on security for over 70 companies, NGOs, and government agencies, including IAEA, DoD, DOE/NNSA, NSF, Department of State, and intelligence agencies. He or his team have defeated over 1,200 different security devices, and developed practical countermeasures. Roger has won numerous awards for his work. He holds 10 U.S. patents, has authored more than 200 technical papers and book chapters, and has given 90+ invited talks, including 6 Keynote Addresses at national and international conferences. Dr. Johnston has frequently been interviewed for his views on security by international bloggers and journalists. He serves as editor of The Journal of Physical Security.