< Forrige nyhet Neste nyhet >
PACSMAN-22 - Variant of Concern

PACSMAN-22 - Variant of Concern

Fredag 25, November 2022

Welcome to 2023. After many harrowing years the guardians of physical access control have tried again and again to claim victory over the pesky PACS-man and yet… the mutations continue…


The toolkit known as “Odo” quietly entered the scene last summer and over the past six months has continued to adapt and improve.


Come and sit with our friendly ghosts of access control as they detail the latest variant of this open-source PACS entry toolkit, how it can be adapt to different environments, and what steps are necessary to fully defend against it!


Is there a demonstration? Yes. There will be several live demonstrations of exploit tookit features. The demonstrations will be relying on use of Bluetooth Low-Energy and Wi-Fi, but pre-recorded demos will also be available for use in case of technical difficulties due to local RF saturation.


Willing participants are asked to join in ritual prayer to the DEMO GODS as live hardware demonstrations commence.

About Odo:


Project Odo is a field toolkit that updates several open-source hardware tools including the ESPKey and Proxmark3 with new capabilities and provides a practical framework for wireless interoperability and covert automation of exploits. The purpose of Odo is to convert “research-grade” tools into “field-ready” tools that are practical for deployment during a red team operation.


Basic Operational Workflow:

1. An ESPKey is used to weaponize any standard RFID reader by logging it’s Wiegand output and storing it for re-use.


2. A Raspberry Pi Zero W running Odo is used to automatically connect to ESPKeys installed on a local weaponized reader carried by the attacker or installed at a target door.


3. Odo downloads known-good credentials and automatically transmits the data to a Proxmark3 hidden in the attacker’s pocket.


4. If the attacker wears a badge holder that hangs the badge over the Proxmark3 area of the pocket, the credential data is automatically written to the badge without any additional interaction from the attacker.


5. From an observer’s perspective, nothing has happened, but the attacker has instantly taken on the logical identity of any target they have passed by.


When configured and deployed correctly, the tool suite allows for physical privilege escalation in the analog world. As the attacker approaches areas of higher security, they are more likely to encounter individuals with higher privileges.


This presentation will be held by Babak Javadi and Nick Draffen.



Babak is the Founder of The CORE Group and Co-Founder of the Red Team Alliance. In 2006 he co-founded of The Open Organisation of Lockpickers, serving as Director for 13 years. As a professional red teamer with over a decade of field experience, Babak’s expertise includes disciplines from high-security mechanical cylinders to alarms and physical access controls.


Nick sometimes gives off a mad scientist vibe, an engineer who dives deep into technology, namely in the area where the physical and digital world meet. By day a security engineer/architect working to secure lab instruments and everything around them, and by night building/breaking things in his lab.


If you wonder if your ID is secure, think again! You should not miss this session if you want to learn how hackers steel you ID!


Meld deg på HackCon#18 her.