Bypassing Request-to-Exit (REX) sensors with canned air and other mediums isn’t a new attack, and is widely used as a covert method of entry. However, there are times where this attack could be possible, but certain elements such as a small physical gap that the straw can’t fit through, REX sensor being farther away, etc., … More Improved Canned Air Attacks Against REX Sensors
Thanks to Latest Hacking News for interviewing Tim and I on the subject of physical security. Check out the interview: Latest Hacking News Podcast #245: Brent White and Tim Roberts, NTT Security
Something that bothers me, and I often comment about during my presentations is the media’s portrayal of a “hacker”. Hackers are shown as someone wearing gloves and a ski mask on a computer. I know that this is for effect to show criminal activity, but the issue here is that these sort of ideas stick … More Spotting the Social Engineer
Thanks for those who reached out afterwards, asking more information about project management and other items we discussed at our Wellness Village talk at DerbyCon this year! Also, HUGE thanks to Amanda Berlin for letting us speak, and for creating the Wellness Village. Hopefully it will become a regular part of the conference. After a … More DerbyCon 8 – Wellness Village Talk
For those who travel and want to protect from the Under-the-Door tool, there is a very quick, and simple way to do so. First, if you’re not familiar with the Under-the-Door (UtDT), it’s a device that fits between the physical gap at the bottom of doors, is then rotated upwards, grasps the lever-style door handle, … More Protecting from the Under-the-Door Tool
Just for fun, I decided to make a few crash bar (J tool) bypass tools to hand out at DEF CON 26. They are made with weldable wire, and some heat shrink for the grip, and to help prevent scratching. Also, for the sake of size, I decided to create a very small hook that … More Crash Bar Bypass Tools for DEF CON 26
Found some awesome write-ups from Alex Dib regarding building your own RFID cloner and a useful Proxmark3 cheat sheet, and wanted to share! Proxmark3 Cheat Sheet Great cheat sheet for those using the Proxmark3 software. https://scund00r.com/all/rfid/2018/06/05/proxmark-cheatsheet.html RFID Thief v2.0 Very detailed write-up for building your own long-range RFID cloner. https://scund00r.com/all/rfid/tutorial/2018/07/12/rfid-theif-v2.html
Here are some presentations that I made for “Who’s Slide Is It Anyway”, “Slideshow Karaoke”, “Slideshow Roulette”, or whatever else you want to call it. They are pretty random, and a fun play on popular topics and buzzwords within the #InfoSec community. They are meant to be fun and technically inaccurate on purpose, and in … More Who’s Slide Is It Anyway
While working on a two-week long engagement with a client, we had built enough rapport to joke openly, and be ourselves (which is a scary thought). Through this, I had started teasing him about his departments “security awareness” posters. These things were so cheesy. So, at the end of the two weeks, as we were … More Vintage Security Awareness Posters
Make an Incomplete Nmap Scan .xml File Usable for Rawr and Other Applications That Accept .csv File-types This is a very non-technical how-to for newcomers who have found themselves in a situation where for some reason or another, their Nmap scan wasn’t able to complete. This can be a problem when you were planning on feeding … More Make an Incomplete Nmap .xml File Usable Again
