DEFCON 30 Debrief

DEFCON 30 served as my second DEFCON experience and first DEFCON speaking engagement! I presented "Keeping Your Distance: Pwning RFID 6 feet and Beyond" in the Physical Security and Radio Frequency Villages with my colleague sh0ck. The talk discussed how we performed physical red teaming engagements under COVID-19 preventative measures. The talk was very well received and we received some great questions and feedback from the audience. Information and guides from the talk can be found here:

GitHub - sh0ckSec/RFID-Gooseneck: Full Build Guide for making your own RFID Gooseneck Long Range Reader!
Full Build Guide for making your own RFID Gooseneck Long Range Reader! - GitHub - sh0ckSec/RFID-Gooseneck: Full Build Guide for making your own RFID Gooseneck Long Range Reader!

I heard from some other great speakers and a few topics really piqued my interest:

  • Developing Malware in Nim. According to Cas Van Cooten in the Adversary Village, Nim presents some interesting EDR and AV bypass capabilities. I will definitely be looking into this more
  • MITRE makes a really interesting Command and Control (C2) framework called Caldera. I got to experiment with it a bit and it looks like I tool I might leverage in the future.
  • I snagged a thumb turn J tool lock bypass tool and some master keys from keyed-alike building management systems that will definitely help me on future red team engagements.

Overall, DEFCON 30 was a great experience and very well organized so props to all the goons and organizers. I got to make some awesome connections and turned a few virtual contacts into IRL contacts. Looking forward to next year!!