When traveling for these types of assessments, we always consider the location of a client’s facilities. Often, we’re fortunate enough that these locations are adjacent to a hotel, café, food court, or a shared facility in general. How does this help, other than the convenience of a nap or food in between efforts? To a malicious actor, one can use this to conduct passive reconnaissance to gather useful information which is anything from the target facility’s dress code, ingress/egress points, security camera placement, style of… … More War Story: “Can I see that?”
The Attack: In our presentations on “Covert Entry“, we discuss bypassing locked doors equipped with REX (request-to-exit) sensors as it’s one of the go-to vulnerabilities that we exploit during assessments. The vulnerability is very common, and the attack is quick. When we share this information, there are those who think it’s just a “trick” and … More Open a Locked Door With Canned Air or Hand Warmer – Covert Entry Techniques
“This device allows you to practice lock picking as though you’re having to reach through security bars, and the lock is not in clear view.“ When we first learn to pick locks, we often hold the padlock comfortable in our hands, placing it in the perfect position. This helps us to learn the basic, and … More Tactical Reversed Lock Picking Practice Stand
Who’s Your Hacker interviewed Tim and I regarding social engineering, penetration testing, red teaming, surveillance, and much more. There were great questions, and some great insight to what we do. 🙂 Thanks for having us on!
Thanks to Kilo23 Group for the interview with Tim and I! We covered quite a bit during this regarding covert entry tools, social engineering techniques, COVID-19 effects of the job, Tiger King, and much more.
Opening a locked door with just a piece of plastic is just as bad and simple as it sounds. If a lock is not equipped with, or has a deadlatch button that’s improperly configure, it’s very easy and quick to slip the latch and let yourself in. In the following videos, you’ll see where I … More Open a locked door with a piece of plastic
Bypassing Request-to-Exit (REX) sensors with canned air and other mediums isn’t a new attack, and is widely used as a covert method of entry. However, there are times where this attack could be possible, but certain elements such as a small physical gap that the straw can’t fit through, REX sensor being farther away, etc., … More Improved Canned Air Attacks Against REX Sensors
Recently, we assessed two point-of-sale (POS) systems for clients in different industries – Retail and Restaurants. POS systems are the latest and greatest hacking target taking place around the nation. In the last couple of years, we’ve read a lot about big organizations being hacked and credit card information stolen. In these instances, terminals from the … More Point-of-Sale System Security Analysis : How hackers gain access to POS systems in retail and restaurants
If you’re not familiar with the Under-the-Door (UtDT), it’s a device that fits between the physical gap at the bottom of doors, is then rotated upwards, grasps the lever-style door handle, pulls down and opens the door from the inside. It’s very easy to use, and is publicly available for purchase. Lever Handle: Under-the-Door tool: … More Protecting from the Under-the-Door Tool
Just for fun, I decided to make a few crash bar (J tool) bypass tools to hand out at DEF CON 26. They are made with weldable wire, and some heat shrink for the grip, and to help prevent scratching. Also, for the sake of size, I decided to create a very small hook that … More Crash Bar Bypass Tools for DEF CON 26
Found some awesome write-ups from Alex Dib regarding building your own RFID cloner and a useful Proxmark3 cheat sheet, and wanted to share! Proxmark3 Cheat Sheet Great cheat sheet for those using the Proxmark3 software. https://scund00r.com/all/rfid/2018/06/05/proxmark-cheatsheet.html RFID Thief v2.0 Very detailed write-up for building your own long-range RFID cloner. https://scund00r.com/all/rfid/tutorial/2018/07/12/rfid-theif-v2.html
Recently, I performed a physical assessment against a large hospital. There are several gaps that were discovered, but I will not cover those in this post. With the high level of traffic in an environment like a hospital with many employee types, patients, vendors, volunteers, etc., it’s common for many people to be in/out of … More Physical Assessments Against Hospitals
Resource to flash the Proxmark3 from the standard HF mode, to LF mode: https://legacysecuritygroup.com/index.php/projects/categories/9-rfid/7-proxmark-3-emulating-hid-tags-in-standalone-mode WINDOWS Download the github proxmark3 standalone LF emulator Master by Corey Harding —https://github.com/exploitagency/github-proxmark3-standalone-lf-emulator Run Easy Flash Utility for Windows .bat This tool is handy for reflashing your Proxmark3 for whatever you need it for Reference: https://www.youtube.com/watch?v=06DgTuJcMQ8 Plug in your Proxmark3 and … More Proxmark3 Resources
A great reference for things to consider about electronic locks. … More Electronic Locks
So, apparently many IBM POS (MM987 MM926 code cut numbers) systems are keyed alike. Give it a try on your next physical security assessment where they may be used: eBay Link
Tim here. So, with consulting work comes travel. Over the years, I have traveled extensively and stayed in a variety of hotels and suites. Through this experience, I have noticed several issues with hotel (specifically room) security. In this blog, I am going to walk you through some of the consistent issues that I notice … More Hotel Room Security Or Lack Thereof
You must be logged in to post a comment.