A practical guide to RFID badge copying
During red teaming assignments we are sporadically asked to attempt to gain access to certain physical “flags”. These flags could be the inside of a server room, or the workstation of a member of the management team. There are many different RFID card reading systems on the market. Unfortunately, the security they provide is often lacking. With this blog post we want to demonstrate how easy it is to bypass the card reader security mechanism when it is insufficiently secured. Specialised hardware is required to clone existing RFID cards, this hardware can easily be obtained and is relatively inexpensive. For this case study, we use the Proxmark3, which is a device developed by Jonathan Westhues that allows sniffing, reading and cloning of RFID (Radio Frequency Identification) cards. This guide is intended for educational purposes only and should not be used to bypass security measures without proper authorization.
FEATURES
SIMILAR TOOLS
A PoC tool for generating Excel files with embedded macros without using Excel.
Online Telegram bot for collecting information on individuals from various websites.
Ivy is a payload creation framework for executing arbitrary VBA source code directly in memory, utilizing programmatical access to load, decrypt, and execute shellcode.
A cross-platform tool for creating malicious MS Office documents with hidden VBA macros and anti-analysis features.
Check if a domain is in the Alexa or Cisco top one million domain list.
Customize Empire's GET request URIs, user agent, and headers for evading detection and masquerading as other applications.
BeEF is a specialized penetration testing tool for exploiting web browser vulnerabilities to assess security.
A wargaming network for penetration testers to practice their skills in a realistic environment.
Participation in the Red Team for Pacific Rim CCDC 2017 with insights on infrastructure design and competition tips.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.