RF-LAB (Web App UI for Hardware-based Physical Pen. testing tools)

Eltahir, Mohamed Abuelela Ibrahim
Folyóirat címe
Folyóirat ISSN
Kötet címe (évfolyam száma)
Physical Penetration Testing (Physical Pentesting) is a simulated intrusion attempt designed to identify weaknesses in the physical security of systems. To the best of our knowledge, no method is found to efficiently share cloned credentials between Physical Pentesters. In this work, we study the uses of Radio Frequency Identification (RFID) in access control systems, along with its security vulnerabilities and privacy limitations. In addition, we propose a solution that fills the gaps in existing Physical Pentesting tools. Our approach, termed RF-LAB, was discovered to be a more efficient way of doing Physical Pentesting. To the best of our abilities, RF-LAB has been built to be as efficient as possible in allowing all hardware physical Pentesting tools, including custom ones, to share obtained access control credentials. RF-LAB might be turned into a web application that not only distributes but also cracks cards, identifies which card is shared, and decrypts encrypted data in the future. As a result, RF-LAB will be able to increase users' attack vectors as they will no longer be limited merely by the capabilities of their hardware resources.
RFID, Web development, Security research