Notice
Please note that early bird discounts do not apply to Hosted courses.
The cost of this course is inclusive of a $400 equipment fee which affords all students the use and ownership of all of the tools featured in the classroom exercises. Students will each be issued their own ProxMark 3 RDV2 RFID cloning and attacking unit (complete with both high frequency and low frequency antennas) and an ESPkey...the latest and smallest signal sniffing and replaying circuit used in advanced attacks against electronic access control systems. If purchased elsewhere, this hardware would cost well over $500.
Physical Access Control Systems: Elements of Design, Offense, and Defense
- Contents | Additional Info
- Delivery Methods:
Live
- 12 CPEs
- Laptop Required

You've worked hard to secure your servers, workstations, and network. But increasingly, your physical security is tied into electronic access control systems, bringing major exposure to your enterprise if these systems aren't secured properly. How can you trust your systems if their physical security is in jeopardy? Every security pro should have some skills in assessing access control systems, and this class provides exactly what you need.
Whether an enterprise is using HID Prox cards, NXP Hitag chips, Mifare credentials, or even iCLASS technology, students who have taken this course will be well-versed in the functionality, weaknesses, and attack vectors of such systems. From how to perform practical card cloning attacks in the field to advanced format downgrade attacks, students are prepared for real-world red team scenarios and learn how to exploit access control technology with the latest attack hardware.
Outline:
Access Control History and Design Elements
125KHz Credentials:
- AWID, Overview and Cloning
- EM4102/EM4200, Overview and Cloning
- HID Prox / ProxCard II, Overview and Cloning
- Kantech ioProx / ioProx XSF, Overview and Cloning
- Atmel T5555 / T5577 Tags, Emulation Overview and Cloning Capabilities
- Motorola / HID Indala Overview, and Cloning
- Overview of other uncommon credentials
125/134KHz Vehicle Transponders:
- NXP Hitag (PCF7931) Overview, and Cloning
- NXP Hitag II (PCF7936) Overview, and Cloning
13.56MHz Credentials and Smart Cards:
- HID iCLASS Deep Analysis, Review, Reverse Engineering, Cloning, and Weaknesses
- Advanced Attacks and Configuration Cards
- NXP Mifare Classic Detailed Overview, Cracking, Cloning, Weaknesses
- Overview of other common and uncommon credentials, with discussion of security implications and strengths of each
Practical Cloning in the Field, Advanced Format Downgrade Attacks
Backend Detailed Overview, Weaknesses, and Attacks:
- Man in the Middle
- Denial of Service
Defeating Tamper Detection
Defenses and Mitigation
Electronic Access Control Attack Tools
Course Syllabus
HST.1: Physical Access Control Systems: Elements of Design, Offense, and Defense - Day One
CPE/CMU Credits: 6
HST.2: Physical Access Control Systems: Elements of Design, Offense, and Defense - Day Two
CPE/CMU Credits: 6
Additional Information
Laptop Required
Laptop Requirements:
- Windows 7 or Windows 10, or latest MacOS
- At least one USB port
- Latest version of VMware Player, VMware Workstation, or VMware Fusion installed
If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.
*CPE/CMU credits not offered for the SelfStudy delivery method