Badge of Shame: Breaking into Secure Facilities with OSDP | allinfosecnews.com

Feb. 6, 2024, 5:52 p.m. | Black Hat

Black Hat www.youtube.com

...In this presentation, we'll demonstrate over a dozen vulnerabilities, concerning problems, and general "WTF"s in the OSDP protocol that let it be subverted, coerced, and totally bypassed. This ranges from deeply in-the-weeds clever cryptographic attacks to boneheaded mistakes that undermine the whole thing. We will also demonstrate a practical pentesting tool that can be inserted behind an RFID badge reader to exploit these vulnerabilities....

By: Dan Petro , David Vargas

Full Abstract and Presentation Materials: https://www.blackhat.com/us-23/briefings/schedule/#badge-of-shame-breaking-into-secure-facilities-with-osdp-32762

attacks badge breaking cryptographic general pentesting pentesting tool presentation problems protocol shame tool vulnerabilities

More from www.youtube.com / Black Hat

Startup Spotlight Competition at Black Hat 3 days, 13 hours ago | www.youtube.com

bhusa blackhat cybersecurity infosec +1

Locknote: Conclusions and Key Takeaways from Day 2 3 weeks, 1 day ago | www.youtube.com

black hat black hat europe board board members +15

Locknote: Conclusions and Key Takeaways from Day 1 3 weeks, 1 day ago | www.youtube.com

black hat black hat europe board board members +16

Keynote: My Lessons from the Uber Case 3 weeks, 1 day ago | www.youtube.com

addition best practices case convicted +16

Keynote: Industrialising Cyber Defence in an Asymmetric World 3 weeks, 2 days ago | www.youtube.com

adversaries challenge cyber cyber defence +10

The Black Hat Europe Network Operations Center (NOC) Report 3 weeks, 2 days ago | www.youtube.com

back black hat black hat europe center +14

My Invisible Adversary: Burnout 3 weeks, 6 days ago | www.youtube.com

adversary attackers attacks burnout +11

The Magnetic Pull of Mutable Protection: Worked Examples in Cryptographic Agility 3 weeks, 6 days ago | www.youtube.com

analysis ask bad codeql +10

A World-View of IP Spoofing in L4 Volumetric DoS Attacks - and a Call to … 4 weeks ago | www.youtube.com

attacks call cloudflare detection +10

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote

View on infosec-jobs.com

Data Privacy Manager m/f/d)

@ Coloplast | Hamburg, HH, DE

View on infosec-jobs.com

Cybersecurity Sr. Manager

@ Eastman | Kingsport, TN, US, 37660

View on infosec-jobs.com

KDN IAM Associate Consultant

@ KPMG India | Hyderabad, Telangana, India

View on infosec-jobs.com

Learning Experience Designer in Cybersecurity (f/m/div.) (Salary: ~113.000 EUR p.a.*)

@ Bosch Group | Stuttgart, Germany

View on infosec-jobs.com

Senior Security Engineer - SIEM

@ Samsara | Remote - US

View on infosec-jobs.com