HIGHLY recommend Elevator Hacking, but quick disclaimer: that's from Defcon22 which took place in 2014, not 2020.

Beyond lockpicking: learn about the class-breaks for doors, locks, hinges and other physical security measures

Deviant Ollam is runs a physical security penetration testing company called The Core Group; in a flat-out amazing, riveting presentation from the 2017 Wild West Hackin’ Fest, Ollam – a master lockpicker – describes how lockpicking is a last resort for the desperate, while the wily and knowledgeable gain access by attacking doors and locks with tools that quickly and undetectably open them.

Ollam’s techniques are just laugh-out-loud fantastic to watch: from removing the pins in hinges and lifting doors away from their high-security locks to sliding cheap tools between doors or under them to turn thumb-levers, bypass latches, and turn handles. My favorite were the easy-exit sensors that can be tricked into opening a pair of doors by blowing vape smoke (or squirting water, or releasing a balloon) through the crack down their middle.

But more than anything, Ollam’s lecture reminds me of the ground truth that anyone who learns lockpicking comes to: physical security is a predatory scam in which shoddy products are passed off onto naive consumers who have no idea how unfit for purpose they are.

When locksport began, locksmiths were outraged that their long-held “secret” ways of bypassing, tricking and confounding locks had entered the public domain – they accused the information security community of putting the public at risk by publishing the weaknesses in their products (infosec geeks also get accused of this every time they point out the weaknesses in digital products, of course).

But the reality is that “bad guys” know about (and exploit) these vulnerabilities already. The only people in the dark about them are the suckers who buy them and rely on them.

So when Ollam reveals that thousands of American cop cars, fleet cars, and taxis can all be unlocked and started using a shared key that you can literally buy for a few bucks at Home Depot, or that most elevators can be bypassed with a similarly widely available key, or that most file cabinets and other small locks can be opened with a third key, or that most digital entry systems can be bypassed in seconds with a paperclip (or another common physical key), he’s doing important (and hilarious!) work.

He’s such an engaging speaker and the subject matter is nothing short of fantastic. There are a hundred heist novels in this talk alone. It’s definitely my must-watch for the week.

https://boingboing.net/2019/06/14/fools-paradise-lost.html

My great tools of life @wearedefcon #laptopifestyle #laptopofdefcon #defcon #defcon20 #defcon21 #defcon22 #defcon23 #defcon24

Network Forensics Puzzle Contest for DEFCON 22. Click the photo to read all about Edward Snowden's latest reveal!

Def Con 22 - Social Engineering Village - Las Vegas, NV 2014

HUGE shout-out to Social Engineer, Inc and Chris Hadnagy for the opportunity to speak at Def Con 22! Our talk was titled "Corporate Espionage: Gathering Actionable Intelligence Via Covert Operations".  The talk went great and it the turnout was incredible. Apologies to those who waited in line and couldn't get in due to the room being at full capacity. Because of this, we're going post our Def Con 22 talk with a re-cap of the highlights.

UPDATE::

Here is the link to our talk on YouTube: https://www.youtube.com/watch?v=D2N6FclMMTg Side Note (For the trolls / #Tacticool ):

Brent here. I wanted to address something related to our DC22 talk. It seems as though there are a handful of people trolling us because of my flub while describing “Actionable Intelligence” early in the talk. Fair enough. It was my first presentation and I admit I was nervous. They are also trolling for our use of intelligence-related vocabulary. DC 22′s theme was spy-related and we tailored our presentation around that. However, to the few who can’t seem to look past those points and have advised a few others not to “waste their time” watching the talk, that’s cheap.

I stand by everything I presented as they are effective and proven techniques that Tim and I have both used successfully and still continue to use to this day. I’m aware that there are other techniques available to use, and if you’d like to do your own presentation to show us, or discuss those in a constructive way to help improve those in the InfoSec community instead of tearing it down, please let me know the next hacker con that you’re going to be at so that we can discuss it face-to-face.

...that is all.

----------------------------------------------------------------------

Full room:

The talk:

Lol...just spent the last few hour reliving my early college days...reprogrammed my Defcon badge and added 2 new LED flashing patterns. Thankfully the language is easy enough to read! Can't wait to take this home and play around with it some more...#defcon #defcon22 #badge #spin #parallax

Live Set at DEFCON22 | Wall Of Sheep | Packet Hacking Village

Live Set at #PacketHackingVillage @WallOfSheep @phreakocious @yurkmeister #DEFCON22

This year at DEFCON, I had the honor of playing for the Packet Hacking Village, where the Wall Of Sheep is stationed. The Wall of Sheep provides DEFCONattendees interactive demonstrations in which a group of happy hackers passively monitor network traffic for users that do not use encryption when logging into email, websites, etc. Those that are found get put on the Wall Of Sheep to emphasize…

View On WordPress

Part #1: Corporate Espionage: Gathering Actionable Intelligence Via Covert Operations

As promised, we will provide highlights from our talk in the Social Engineering Village at Def Con 22.

For the first post in the series which shows the outline of our talk and mentions our experience at Def Con, view our post at Solutionary.

http://www.solutionary.com/resource-center/blog/2014/08/def-con-22-and-social-engineering/

Unencrypted HTTP connection in Instagram Mobile App leads to Session Hijacking Vulnerability.