RavenHID: Remote Badge Gathering -or- Why we sit in client bathrooms for hours

DerbyCon 4.0 - Family Rootz

Presented by: Lucas Morris, Adam Zamora
Date: Saturday September 27, 2014
Time: 14:00 - 14:25
Location: Stable Talks

As penetration testers and security professionals- we need ways to ensure that we can gain persistent access to secured areas and facilities during our testing. What we need is a way to gather cards during penetration tests that won’t alert our targets that we’ve copied their cards. In order to be discreet- we must copy their cards from a short distance with a normal looking bag. During this time we will talk about how we have overcome these challenges with a weaponized HID reader. We’ll also talk about how we use this during our ongoing penetration tests to gain access on some of our most physically secure clients- as well as provide details on card systems and how they work. Finally- we’ll also share the design and process for our device- the RavenHID- which improves on some previous garage reader designs allowing the gathering of badges from up to two feet directly to a mobile phone.

Lucas Morris

Adam Zamora


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats