Open a Locked Door With Canned Air or Hand Warmer – Covert Entry Techniques

The Attack: In our presentations on “Covert Entry“, we discuss bypassing locked doors equipped with REX (request-to-exit) sensors as it’s one of the go-to vulnerabilities that we exploit during assessments. The vulnerability is very common, and the attack is quick. When we share this information, there are those who think it’s just a “trick” and … More Open a Locked Door With Canned Air or Hand Warmer – Covert Entry Techniques


OSINTion Podcast with Joe Gray

On March 07, 2023, we enjoyed conversation with friend and OSINT specialist Joe Gray on his “OSINTion” podcast. Discussions were based around intelligence report writing, rules-of-engagement when dealing with personal devices and individuals, certifications, and of course, social engineering techniques and topics. We appreciated being on the show and hope that you enjoy watching and … More OSINTion Podcast with Joe Gray

War Story: “Can I see that?”

When traveling for these types of assessments, we always consider the location of a client’s facilities. Often, we’re fortunate enough that these locations are adjacent to a hotel, café, food court, or a shared facility in general. How does this help, other than the convenience of a nap or food in between efforts? To a malicious actor, one can use this to conduct passive reconnaissance to gather useful information which is anything from the target facility’s dress code, ingress/egress points, security camera placement, style of… … More War Story: “Can I see that?”

Podcast – Security Weekly

Thanks to the crew at Security Weekly for having me on their show! This was a fun conversation around physical security, covert entry, EDC (every day carry) tools and concealed covert entry tools and escape devices. Here’s a link and description of the podcast from their website: Discussing every-day-carry items that are utilized during covert … More Podcast – Security Weekly

War Story: The Key

Assessment Type: Covert Physical Security Assessment (Onsite)Target Type: Corporate Financial Institute Assessment Background When performing red team engagements that include physical and onsite social engineering components, our ability to piggyback/tailgate into target buildings and sensitive areas has an extremely high success rate. Walking in a confident manner and going through the motions of “badging in,” is simple … More War Story: The Key

War Story: Piggyback BBQ

Assessment Type: Red Team (Onsite)Target Type: Corporate Healthcare Institute Assessment Background With a loose-fitting patterned tie, white button-up shirt, some gray slacks, and a fake badge draped around my neck (that I had made up and printed at the hotel earlier that morning during breakfast), I was dropped off at the target facility by a fellow consultant. … More War Story: Piggyback BBQ

Layer 8 Social Engineering Conference – Podcast

Tim Roberts and I had a great discussion with Patrick from the social engineering-focused Layer 8 Conference. Not long ago, I made a post on Twitter asking which topics, tools, techniques others might like to have me write a blog post about. There were some great responses, such as “what do you do when you’re … More Layer 8 Social Engineering Conference – Podcast