Tim Roberts and I had a great discussion with Patrick from the social engineering-focused Layer 8 Conference. Not long ago, I made a post on Twitter asking which topics, tools, techniques others might like to have me write a blog post about. There were some great responses, such as “what do you do when you’re … More Layer 8 Social Engineering Conference – Podcast
Who’s Your Hacker interviewed Tim and I regarding social engineering, penetration testing, red teaming, surveillance, and much more. There were great questions, and some great insight to what we do. 🙂 Thanks for having us on!
Thanks to Low Voltage Nation for inviting me to be on another fun podcast!This one was in my office, where I focused on a handful of tools utilized for covert entry, wireless surveillance, social engineering, and a few more. You’ll hear me refer to other videos that demonstrate that particular tool being used. To save … More Covert Entry Closet – Podcast
Thanks to Kilo23 Group for the interview with Tim and I! We covered quite a bit during this regarding covert entry tools, social engineering techniques, COVID-19 effects of the job, Tiger King, and much more.
Thanks to Blake and Low Voltage Nation for hosting Tim and I for a fireside chat. We discussed some of the nitty-gritty of what it means to be a security consultant, breaking into buildings, time and self management, and much more. There’s also an exclusive peak into what has been dubbed my “serial killer” closet. … More Podcast – Low Voltage Nation
Opening a locked door with just a piece of plastic is just as bad and simple as it sounds. If a lock is not equipped with, or has a deadlatch button that’s improperly configure, it’s very easy and quick to slip the latch and let yourself in. In the following videos, you’ll see where I … More Open a locked door with a piece of plastic
It’s no secret that the security of your hotel room isn’t great, and gaining access to a room is nearly child’s play for criminals. It is also estimated that around 60-70% of hotel thefts are from hotel employees. There are numerous entry tools available to the public that can quickly bypass the physical security controls, … More Increasing Your Hotel Room Security
A popular method for securing small concealable lock pick sets is to insert them into the spring from a retractable ball-point pen. A safety pin is then added to secure the set in place. Although this is a great method, I have had a few issues with it: The picks fall out if there is … More Lock Pick Concealment (EDC) Wallet
As a physical security professional, I frequently travel with items such as lock picks, and other bypass tools when they are needed for assessments. I have had many people ask me after conference presentations, local Nashville security meetups, etc. about the very vague Tennessee state law regarding the possession of lock picks, which makes it … More Lock Picking Laws in Tennessee
Are the employee’s at your target location paying attention?
Only the most daring physical pentesters are comfortable wearing such a bold shirt to really put a company’s incident response and security awareness training to the test. … More Physical Intrusion T-Shirt
Bypassing Request-to-Exit (REX) sensors with canned air and other mediums isn’t a new attack, and is widely used as a covert method of entry. However, there are times where this attack could be possible, but certain elements such as a small physical gap that the straw can’t fit through, REX sensor being farther away, etc., … More Improved Canned Air Attacks Against REX Sensors
Thanks to Latest Hacking News for interviewing Tim and I on the subject of physical security. Check out the interview: Latest Hacking News Podcast #245: Brent White and Tim Roberts, NTT Security
Something that bothers me, and I often comment about during my presentations is the media’s portrayal of a “hacker”. Hackers are shown as someone wearing gloves and a ski mask on a computer. I know that this is for effect to show criminal activity, but the issue here is that these sort of ideas stick … More Spotting the Social Engineer
Thanks for those who reached out afterwards, asking more information about project management and other items we discussed at our Wellness Village talk at DerbyCon this year! Also, HUGE thanks to Amanda Berlin for letting us speak, and for creating the Wellness Village. Hopefully it will become a regular part of the conference. After a … More DerbyCon 8 – Wellness Village Talk
If you’re not familiar with the Under-the-Door (UtDT), it’s a device that fits between the physical gap at the bottom of doors, is then rotated upwards, grasps the lever-style door handle, pulls down and opens the door from the inside. It’s very easy to use, and is publicly available for purchase. Lever Handle: Under-the-Door tool: … More Protecting from the Under-the-Door Tool
Just for fun, I decided to make a few crash bar (J tool) bypass tools to hand out at DEF CON 26. They are made with weldable wire, and some heat shrink for the grip, and to help prevent scratching. Also, for the sake of size, I decided to create a very small hook that … More Crash Bar Bypass Tools for DEF CON 26
Found some awesome write-ups from Alex Dib regarding building your own RFID cloner and a useful Proxmark3 cheat sheet, and wanted to share! Proxmark3 Cheat Sheet Great cheat sheet for those using the Proxmark3 software. https://scund00r.com/all/rfid/2018/06/05/proxmark-cheatsheet.html RFID Thief v2.0 Very detailed write-up for building your own long-range RFID cloner. https://scund00r.com/all/rfid/tutorial/2018/07/12/rfid-theif-v2.html
Here are some presentations that I made for “Who’s Slide Is It Anyway”, “Slideshow Karaoke”, “Slideshow Roulette”, or whatever else you want to call it. They are pretty random, and a fun play on popular topics and buzzwords within the #InfoSec community. They are meant to be fun and technically inaccurate on purpose, and in … More Who’s Slide Is It Anyway
While working on a two-week long engagement with a client, we had built enough rapport to joke openly, and be ourselves (which is a scary thought). Through this, I had started teasing him about his departments “security awareness” posters. These things were so cheesy. So, at the end of the two weeks, as we were … More Vintage Security Awareness Posters
Make an Incomplete Nmap Scan .xml File Usable for Rawr and Other Applications That Accept .csv File-types This is a very non-technical how-to for newcomers who have found themselves in a situation where for some reason or another, their Nmap scan wasn’t able to complete. This can be a problem when you were planning on feeding … More Make an Incomplete Nmap .xml File Usable Again