Yo I really like this guy, he is a breath of fresh air to all the other people that talk on the stage.

I like this guy.

very good speaker, pleasure to listen to

Dennis Maldonado, I have watched many many DEFCON videos, yours was awesome. I was cracking up and you had my attention the entire time. Good job man! I am sure being in front of all those people is nerve racking all on its on. I enjoyed it!

He doesn't remember what happened after he got off the stage lol Such a great talk, so informative AND entertaining. True young professional. Love it man, need more people like this. Confident, tech savvy, clever, and organized, a few jokes, and you got a great DEFCON talk. Love this community

One of the best presentations I have seen yet - nice job Dennis. :)

Great talk, man. Nice to see somebody comming out and pointing at the flaws of access control systems. These devices are developed without any thought going into securing the control mechanisms that messing with them almost doesn't qualify as hacking.:D You are just using it's features... :D (not trying to undermine this talk, just stating that developers of ACS should really get their s**t together)... And yeah, until then, guys, use just serial connection for this - don't use serial-to-ethernet - doing so means inviting anyone in...

So funny. great talk

Gooooooooood speaker! Hoping to see You @24

Wow. He really got drunk from that shot. :D

Great speaker, interesting and easy to understand topic! Hope to hear more of this guy and I'm going to download his tool asap.

I liked this talk and the speaker.

With those 500s and 1000s If you call the box’s phone line while dialing it out, it’ll auto pick up your incoming call and you can press 9 on you phone and it’ll open it. This method tricks it into thinking it’s called up and a tenant has answered

Note, his Twitter is @DennisMald, not @DennisMaid.

moar defcon!

Dude, this open bottle of water stresses the heck out of me...

Awesome talk, plus I think this guy got drunk with that shot lol

This was an amazing speech, super fun to listen to and try out haha.

Great speaker :D

This guy is great lol

Great talk(er)!

good talk

Dennis was great, and that access system really sucks a**.

So secure it makes hacknet look like a simulator. Good work!

Has any of this changed up till now?

I wonder how much of this is still relevant. Espec the part about connecting these devices to the internet..since there's still a lot of people connecting things to the internet willy nilly without thinking about the security implications of that. Plugging access control systems to the internet when they already have the ability to be directly managed by a PC seems pointless? Just connect it via serial to a PC on-site, then set up remote access to that management PC. That way you get much better options for access control, since then you're looking at securing access to a regular PC, rather than just some basic device designed to do one thing.

Why don't the devices have the ip kit installed by default? Just have an Ethernet port as part of the existing boards in the box.

I'm just here cuz I'm a delivery driver and I'm sick of customers not giving me gate codes.

Good presentation, question, did you try using a connection through the Phone Line ?

The data is reversed because it's in Little-Endian 14:00 .. But why they store ASCII strings as "little-endian" is beyond me. Hell, why do they even store numbers-only passwords as strings?

25:48 What is the python code? I mean the script

Nortek has an older panel called Max 3 and it uses Hub Manager Pro (8.1) as the PC head end software. it is also password protected to log into the program, but you can replace the password files with a default password file and it leaves the fob and user databases in-tact. When you're done, you can replace the password files with the one you don't know the password to. The default password is HUBMAN.

This is the kind of kid that should be president

I FREAKIN' LOVE DEFCON!!!!! SCIENCE BITCH

How is it possible that some piece of shit like this can be on the market? Does nobody else a kid test these devices? Is no official certification needed for security devices in the US? Unbelievable! Edit: Great talk Dennis, thank you!

How are these security systems so flawed? Why do they hire people who don't care to design them then hire competent people to pen test them. Why not just hire the competent people to design them in the first place?

Anyone notice the fastest DefCon speaker is wearing a sloth shirt? He's easily one of my top 5 five DefCon speakers. I hope to see him there for 2019.

wtf happen to the audio???

So you can earn money by developing security mechanisms which aren't secure. Hilarious. Loved your talk, keep going!

They would not make me take that alcoholic drink!

benson & hedges

He did well, It would be such a feat to perform as he did the first time. For me at least.

When he said the password can only be 6 numbers (and only numbers), and additionally that there is an unlimited number of tries, I nearly blew my load

That's fucking hilarious

I can confirm shapeways steel key is about $15

Oh access control systems are fun. They're similar in many ways to alarm systems and as such use a cheap ass processor like a Z80 or a 6502.

Um, ah, uh, uh, ah, uh, ah, um, uh, uh, ah, um, ah, uh...!!!

ಠ_ಠ

This guy really needs a public speaking course. He rambled on about nothing for the first 7 minutes then I ragequit.

Sloth 🦥 t shirt! Great taste