Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Bishop Fox to Present at DEF CON 31 & Sponsor the Red Team Village

Date:
August 10-13, 2023
Location:
Caesars Forum, Flamingo, Harrah's and Linq
Def Con neon logo on dark purple background.

We're excited to be back at DEF CON 31 with so many opportunities where you can hear from our hackers and security experts. These include:

  • A special session, "Badge of Shame: Breaking into Secure Facilities with OSDP," with security researchers Dan Petro & David Vargas on the DEF CON main stage
  • Our second annual livestream, themed "The Art of Hacking!" on Friday, August 11 on Bishop Fox's LinkedIn, Twitter, and YouTube channels
  • Gold Sponsor of The Red Team Village at the Flamingo Las Vegas, Twilight Ballroom

"Badge of Shame: Breaking into Secure Facilities with OSDP"

Breaking into secure facilities used to be possible by inserting a listening device (such as an ESPKey) behind an RFID card reader and sniffing the unencrypted Wiegand badge numbers over the wire as they go to the backend controller. The physical security industry has taken notice and there's a new sheriff in town: the encrypted protocol OSDP which is starting to be rolled into production. Surely encryption will solve our problems and prevent MitM attacks right? ... Right?

In this presentation, we'll demonstrate over a dozen vulnerabilities, concerning problems, and general "WTF"s in the OSDP protocol that let it be subverted, coerced, and totally bypassed. This ranges from deeply in-the-weeds, clever cryptographic attacks to boneheaded mistakes that undermine the whole thing. We will also demonstrate a practical pentesting tool that can be inserted behind an RFID badge reader to exploit these vulnerabilities.

Get your orange vest and carry a ladder, because we're going onsite!

For more details, visit: https://www.blackhat.com.

"The Art of Hacking" Livestream

Hosted by renowned hackers, Alethe Denis, Lindsay Von Tish, and Tom Eston, we invite you to our livestream at DEF CON 31 on Friday, August 11 from 10 a.m. - 2 p.m. PT.

At its core, hacking is an art form that encompasses creative problem-solving, critical thinking, and the relentless pursuit of knowledge. Hackers are often regarded as the vanguards of innovation with an unyielding drive to unravel the complexities of technology.

During our broadcast, seasoned hackers and cybersecurity experts will delve deep into the intricacies of ethical hacking and explore how the hacker spirit can be harnessed to push the boundaries of technology in a responsible and impactful manner.

For more details, visit: https://bishopfox.com/defcon-2023-livestream.

Red Team Village Sponsorship

We are thrilled to return and support the Red Team Village (RTV) as a Gold sponsor. Stop by and join our Foxes as we spend time with our friends at their workshops, stations, and Capture the Flag (CTF). Watch the video below from when we stopped by to chat with RTV organizer Savannah Lazzara and learn more about Bishop Fox and why we believe in the importance of sponsorship.

Dan Petro Headshot

About the speaker, Dan Petro

Senior Security Engineer

As a senior security engineer for the Bishop Fox Capability Development team, Dan builds hacker tools, focusing on attack surface discovery. Dan has extensive experience with application penetration testing (static and dynamic), product security reviews, network penetration testing (external and internal), and cryptographic analysis. He has presented at several Black Hats and DEF CONs on topics such as hacking smart safes, hijacking Google Chromecasts, and weaponizing AI. Dan holds both a Bachelor of Science and a Master of Science in Computer Science from Arizona State University.

More by Dan
David Vargas

About the speaker, David Vargas

Senior Security Consultant I

David Vargas is a Senior Security Consultant I on Bishop Fox's Red Team, with extensive experience in social engineering and physical penetration testing. David is an active security researcher with multiple CVEs in publicly accessible web applications.

More by David

Ready to get started? We can help.

Contact Us

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.