Red Team Alliance / CORE Group Profile - Babak Javadi Interview
Babak Javadi is one of the foremost researchers in physical security and red teaming, that is, pretending to be an enemy so they can discover problems to help an organization improve its defenses.
His research has been featured in various DEFCON Presentations (including DEFCON 27 video, DEFCON 28 video, DEFCON 29 video), and in 2021, we covered his work on an HID Readers BLE DoS Attack.
Recently, Javadi wrote an insightful post titled Credential Downgrade Attacks: Insights from a Security Researcher responding to our report HID Standard Profile Makes 13.56 MHz SE / Seos As Vulnerable As Cracked 125 kHz For Downgrade Attack.
In the first of a new series profiling physical security researchers, we spoke with Javadi to understand what he does both in Red Team Alliance and The CORE Group.
Executive *******
***** ****** ** *** **** ***** and *** **** ******** *********** ** physical ****** ******* ***************. **** ***** public ******** ** ***** *************** *** red **** **********. ***** *********** ******** businesses *** *********** **** ******** ************* insights. **** *** ********* ** ** 18,000 **** *** ***** ********, ****** broadens ******** ***** *** ******** ********-******** consultancy, ****** ** ****** ***** ****** for ******.
Babak ******'* **********
****** *** **** ** *** ****** community *** **** ** ***** *** co-founded*** **** ************ ** *********** (*****)** *** **. *** ***** ***** are ******** ********, ****** ** ****** control ******* *** *****, ****** ****.
*'** **** ** *** ****** ********* for **** ** *****, ***** ** a ******** *** **** ** * professional. * **-******* *** **** ************ of *********** (*****) ** *** **, branching *** **** *** ***** ************ around ****. ***** ****, *'** **** involved ** *** ******* ** ******** security, **** ********** ***** ** ********** access ******* *******.
****** ** * ****** *****'* **** ******* *****, ******* **** ******* ** *** standard.
* ** * ***** *** ****** member ** ***’* **** ******* *****, and *’** ****** **** **** *** years ** **** **** * **** heavy ****** ** ** *** ** get * ********** ** ****** *********** vendors ** ***** ** *********.
**** ** ******** ** ** *** successor ** *******, ***** *** **** been *** ******* ** ******** *****.
*** ****** ********* ** ***** ******* puzzles *** ******* **** ******** ***'* behave ** ********, ****** ****.
*** ****** ********* ** ****** ***** puzzles. *** **** * ******, * widget, ** * ******** ******** ******** a ******* ***. ******* *** **** you **** *** ***'* ** ********* or *** **** ** ***** ******** things, *** ***'** ****, "**, ******?" You **** ****** **** ****** *** find **** ** ***** ****** ****** the *** ****'** *** ******** **. And *** **** ******, ****’* ****** interesting ** **** ** **.
** ******* ******* ******* ** ****** it, *** *** ********** ***** *** to ******** *** ******, ******.
**********, * **** **** **** *****. I **** ******* *******. * **** hacking ******* **'* ***. ****'* ****** why **** ***** ****; **'* ***. With ** **********, * *** ** take ********* * ***** *****, ********* that *’* **** **** **, *** use ** *** ****. ** ** happens **** **’* ****-******* *** *** business **** ** **** “********”.
** *** ************, ****** ******* **** to ******* *** **** *** **** of *** ******* ** ******* ********* topics ** ******* *********, ********** ********* limitations **** "********* ******** *******."
*’** ****** ***** ***** ***** ** my ******* ** ***** **** ********* topics **** ************** ******. **** ************, it’s ********** ******** ** ******* * certain ***** ** ********* ******** *******. It’s ********* ** ********** *** ** arrive ** *** ********** **** ** find ********* **. **** *****, ***** are **** ******* **** **** *** initially ****.
Bridging *** ****** ********* *** *** **** *****
**** ******* / ******** *********** **** at * ************* ** * ******* in * ****** ******* *********** *** whys *** **** ** ****** *********, Javadi **** ****.
* **** * *** ** ********** who *** **** ** **** ** a ******* ** * ******. ******** the ************* ** ******* **, **** say, "** ***, ** *** *********** security. ***'* **** ********** **** ****'** doing?" ** *** ** * **** short-sighted **** ** **** ******* ****** aren't ******** ** * ******.
****** ***** **** ** ** ********* to ********** *** ****** ********* ****** security ***** *** ** ******** *** reasons *** ******** ********* **** ***** them. ****** ********** ***** *** ********* behavior ** ******* ****** ****** ******** decisions *** **** ** ** *** unique ** *** ******** ********.
***** *** **** ******** ********* **** tend ** **** ****** *** **** complicated **** ** **** **** ** be. ** ******, ***** *** ******* things **** ***** ** ******* ********* behavior. *’** ***** **** ***** **** through ** *** ********, *** * don't ***** ****'* ****** ** ****. Those *** ****** ***** ** ** around, ** *** ** *** ****** that *'** ****** ****** ********* ** both **** *** ******** *********** *** from *** ********** ***********, ** ****** to *** * **** ********* ************* of **** ********'* *********** *** *** what *** ********* ******* ******* *** so ** *** **** * **** accurate *** ****** ************ ***** **. That ****** ** ** **** ********** accurate *********** ** ***** ** *** practical **** **** *** *** ** exposed **, *** ********* ***** **** may ** ********, *** ***** ** go **** *****.
The **** ***** *** ******** **********
*** **** *****, ******* ** **** ******* ******** ******** *** ***********, ******** ********** ******** *** *** security ********. *** ******* ***** ***** Javadi ** *** ******** ** ******** and ***** ***, *** ** ***** as******* *****, ** *** ******** ** *********.
*** **** ***** ** * ******** and *********** ******* ******** ********-******* ******** such ** *********** ******* *** ********, per ******.
***** *** ********, ** *** * Research *** *********** *******. ** ** own *******, **’* *** ** *** things **** **** ** ***** **** most ** *** ***** ******** ************* out *****. **, ********, *** **** are *** ******** ** ***** ***** that **** ****** ** ******** ***** like **** ** *****. ** ***** a **** ******* ** ************ ******** and ****** *******. *** ********-******* ******** include *********** *******, *********** ********, *** various ***** ** ******.
*** *******'* ******* ******* *** ***** and *************, *** ***** *** ******** systems *** **** ********.
*** ******* ***** **** *** ***** seeking ** ********** ***** ******* ** proposed ******** ************** ** ************* *** approach ** ** **** ******** *** identify *********** *****.
*** ******* *** **** ******* *********, including **************, ******, **********, *** *******. Javadi **** **** **** **** ***** clients ********** ** *** ******'* ******** infrastructure ******* *** ********* **** *****.
** ****** **** **** ******* ****** companies, ********** ** ************** **** ** water ********* ** *****. ** **** gaming *******, **** *******. ** **** tech *******, ***** **** *** ******* industry, ********* ******, **** **** ** R&D. ** ** * ****** **** mix. **'* ****** *** *** * concern ***** ************* ** *** ******** of ***** ******** ************** ***** **** their ********* **** ***** **.
*** ********** ******* ****** ** ************* the ******'* ******** ***** ***** ******* and **** *********** ******* *** ****** that ***** ******** *** *******, *** Javadi. *** **** ***** **** ****** clients ******** ******* ** ***** ****** and ********* ** ****** ************ *** their ******** *******.
**** ******* ** *******, ** ***** ask *** ********: “**** ** ** that ***'** ****** **? ****'* *** worst **** ******** *** **** ********?" We ***** ** ****** ************* ** identify ***** ********* *******, **** *** threat ******, *** *** ****** ** the ********. ****'* **** ** *** start ****** ********* ********* *** ********* if *** ******* ******** ***** ****. If **, *****, ** ***, ****'* the **** *** ** ********** ****? Is ** * ******* *****? ** we ******* *** ********? ** ** this ********* ***** ** **** **** to *********** **** *** *********** *** in ***** ** **** ** *** defend ******* *** ****** ******* *************?
Red **** ******** **** *** ** *** **** *****
*** **** ***** *** ****** *** teams, ******* ** ****** ***** *******, lock ************, *** ****** ********** ***** to *** **** ********, ****** ****.
*** * **** ****, **'** ****** red ***** ******* ********* ****** *** covert ******* ** *****, **** **** manipulation ** ****** **********.
*** **** ************ *** ** *** **** ***** in **** **** *** **** ***** and*** *************, ******* *** *** *********' ******** businesses.
*** **** ******** *** *** **** Group *** ******** *** ******* *********. For * **** ****, ** ******** our ******** ******** ********* *** ************ services ** ****. ** **** ** partnered **** * ********* ***********, *** Mesa, ** ***** *** **** ********. We **** **** *** ******** **********, and ** *** **** **** ***, and **’** **** ******** ** **** primarily *** *** **** *** *****.
*** *** **** ******** ******* ** training *** *************, *** *** **** Group ******* ** ************, *******, *** solutions *** *******, *** ******.
*** **** ******** ** ******** *** certification, *** *** **** ***** ** research, **********, *******, *** ******** *********. We ** **** ******** **** ******** else ** *** **** *****, *** we're *** * ********-**** *******, ** are * ********* *******.
*** **** ***** *** *** **** Alliance **** **** **** ** ********* combined, ****** ********** **** ** *********** and ********.
**'** * ******* ***** [**** ****]. We're ****** *********** *** ******** **** what ** **.
Red **** ******** *** ******** *********
*** **** ******** *** *********** ** "improve ******** ******** *** ****** ***** training ********* ** *************." ****** **** their ******** ******* **************** **** ************ *** ******* *** ***** ******** courses ** *** **** ********.
** *********** *** **** ******** ** 2017 ** ************* ******* *** ******** security *** ****** ***** ******** ********* to ************* **** *********. ****** ****, we *** ****** ** ******** *** over * ****** *** ** *** SANS ********* *** ****** *** ****. While **’** ****** **** ***** ** the ******** **’** ******** **** ***** trainings, ** **** ** ***** ** better.
************** ******** ******** ** *************, *** team *******, ******** *** ************** *******, and ******** ****** *******.
*** **** ******** ***** * ********** approach ** ***** *******, ******** **** a ****-***** *********** ** ********** *** systems *** **** ********* *** ** detect *** ******* *************** ** *** real *****.
** **** * ********** ******** ** terms ** ************* ** * **** level **** *** *** *** ********* components, *** **** **** ********, *** we *** **** *** **** ** the ****** ***** ** ******** ** limitations **** *****. **** ** *** to ********* ****** ** * *** that ******** *** ** *** **** the *****, ********* ********* **** *** not **** ******* ** *****, *** at *** **** ***** **** **** questions ** ***.
*** ******** ******* *** *******, ***********, manufacturers, *** ********** ********* ******* ** learn **** ***** ******** *************** *** how ** ******* ****.
** *** * *** ** ********** red ******* *** * *** ** internal *** ******* **** ********* ****** companies **** **** ***** *** ******** red *****. **'** *** *********** **** through. **'** *** * ****** ** manufacturers, *** ** *** * *** of ********** ******** ** ****.
Hands-On ********** ******* *** ********
*** **** ******** ******** * ******** training *** *** ***** *******, *********** hands-on ********.
*** ** *** ******* *** ********* in-person *****. **** ****, **** ******* are **** ******* *********. ********** ** always *****-**, ********** ** *** *** take *** *****. **** **** *** take * ***** *********, *** *** the **** ********* *** ** ******** that *** **-**** ******** ***.
*****-** ******** ******** *** ******** ******* in *** ***** ** ********* ********* experience ** *** ******** *** ******* them *** ** ******** **** ******** and ***************, *** ******.
*’** ***** **** **** ****** ***** in **** ******** ** ******* ***** hands *****. *** ******-**** ***** **** old ****** *****. ***’** *** ** be **** ** **** **** *****, you've *** ** ** **** ** test ****** ***. ** ***** *** more ********** **** ****** ***'** ***** something ********* ** **** *** *** into * ******* **** ***** ***'** not ***** ******** *****. ********* ***** are **** ********. *** **** *** we *** ******* **** ********** ** by ****** **** ****** **** ****-***** hardware ** **** ****. *** ******* trainings *** **** ** *** **-****** classes ** ****** *** ******** ******** and *********** **** *** ******** ** the ********* *** **** *****.
Courses ******* *** *******
*** **** ******** ******** **************** ******* ** ******** ****** ******* systems, ****** ***** *******, ******** *********, surveillance ********, *** ******* ****. *** courses ***** **** $*** *** * one-day ****** *** ***** ********** *** first ********** ** $*,***+ *** *-*** courses, ***** *** **** *************.
New ************* ******** ** *** *****
*** **** ******** ** ********** * five-day ******** ******** ****** ******* ******* and ***************, ****** ****.
* **** * **** *** ******** that's ** *********** ****'* ***** ** be ******** ******** ****. **'** ***** a **** ******* ** *** ***** in *** **** ****** ** *****.
Flagship ******** ** *** *****
*** **** ******** / *** **** Group *** *** **********, *** ** Fredericksburg, **, *** * *** ******** facility ** *** *****, **. *** course ********* ** ******** ** ******** in ***** ********** *** ** ******** for *** **** *********.
**** ** ***** ** ******** ********, there's * ******* ****** ** ****** you *** ** **** *** **** to ***** *** **** ********* **** you. **, ** ******* ******** *** our **********. ** **** * ********* in **************, ********, *** ** **** our *** ******** ******** ******** ** Las *****, ******, ***** ** **** a **** *****-** ******** ***********. ***** aspect ** *** ******** *** **** designed ************ *** *** ***** *** other ******** *************. **’** *** ************* come ******* ***** ** **** ***** some ****** ******** *** ****** ******, and **** ****** * **** ******** view ** **** ** *** ****** challenges ***-*****, **********, *** ************* ****.
*** *** ***** ******** ******** ** being *** **, **** ******* ********** ready *** ********, ****** **** ****. The *** ******** **** ****** **** training ************ **** * **** ****** and *** ** ******** ** ******** red **** ********** *** ******** *********.
** **** ** **,***-******-**** ******** ** Las ***** **'** ******** ***. ******* thousand ****** **** *** ******* *** up *** ********** *** ***** ****. We're ****** **** * **** ****** being ************** ** ****** **** ******** environments. ********* ********** ***** **** ** and ******* ******** ********* ** ********. I **** **** ************** ***********, ***** allows ** ** ******** *** ****** to ******* * ******** ****** ***** earning * ******.
** ***** * ***** ** **** interview? *'* **** * *** ** people ******* ** ***** ***** ** out.
** *******, **** ** ** **********, we ***'* ****** ***** / *******. We ***** **, ******** *** ******* so **** **'* **** ******** *** clearer.
** **** ** * ***** *********, I'd ** ***** ** ** ** best ** ****** *** ********* *** have ****.
*** *** *** *******: ** * mash-up **** *** **** ******* ******; create **** ******* ******; **** **** unhackable?
******, ***, *****'* * *** ****. I'll ** ** ****.
* ***** **'** **** **** ****** with *** ** *** **** *** it's *** ****** **** ** **** a ***** **** ** ********** ** all *******. * ********* ***** **** of ** **** ** ******** *** other ******* ** *** ******** ** video ******** *** **** ****** ********* thus ***.
**** ****, ** ** **** **** content ****** *** ** **** **** eyes ******!
********* ****, *'* ****** ******* ** unhackable. ****. *** ** *** ** is **** ** **** ********* *** difficult ** ****.
*'* **** ** ****** * **** thank *** ** ****, ****, *** the **** ** *** **** ****. It's *** **** ******** **** * wide *** ******* ********. ******** ** may ********* ******** ** **** ******* and *******, ** ***** * ****** goal.
**** *** *****, *'** **** ** best ** ***** ******* ******* *** professional ****** ***** *** *** *********** security ******** ** *****. **'* *** a ******* **** ****** **** ********, but * **** ** ***** *'** been ********* **********.
**'* **** ** ***** ** **** with ** **** ***** ********** ****** both ** *** ****** ***** *** in *** *********** **** ** *** security ********, *** *'** **** ************ impressed ** *** ****** ** ******** and ********* ****** *** ******** **** come ** ** ** ***** ***** knowledge, ***********, *** ******* *** **** unique **** ** *******-******* ** **** "security".
***'* **** *** *********** *****. * rising **** ***** *** *****.