Physical Security – We Hack People

War Story: “Can I see that?”

August 18, 2022

When traveling for these types of assessments, we always consider the location of a client’s facilities. Often, we’re fortunate enough that these locations are adjacent to a hotel, café, food court, or a shared facility in general. How does this help, other than the convenience of a nap or food in between efforts? To a malicious actor, one can use this to conduct passive reconnaissance to gather useful information which is anything from the target facility’s dress code, ingress/egress points, security camera placement, style of… … More War Story: “Can I see that?”

War Story: The Key

February 10, 2021

Assessment Type: Covert Physical Security Assessment (Onsite)Target Type: Corporate Financial Institute Assessment Background When performing red team engagements that include physical and onsite social engineering components, our ability to piggyback/tailgate into target buildings and sensitive areas has an extremely high success rate. Walking in a confident manner and going through the motions of “badging in,” is simple … More War Story: The Key

War Story: Piggyback BBQ

October 7, 2020

Assessment Type: Red Team (Onsite)Target Type: Corporate Healthcare Institute Assessment Background With a loose-fitting patterned tie, white button-up shirt, some gray slacks, and a fake badge draped around my neck (that I had made up and printed at the hotel earlier that morning during breakfast), I was dropped off at the target facility by a fellow consultant. … More War Story: Piggyback BBQ

Portable RFID Access Control Lab

August 27, 2020

When teaching how to attack access control systems such as proximity card readers, it’s much easier to have a solution that allows me to demonstrate, as well as provides students the ability to practice these attacks in the classroom.Access control systems vary from location to location, and getting approval from the facility’s owner to attack … More Portable RFID Access Control Lab

Open a locked door with a piece of plastic

January 29, 2020

Opening a locked door with just a piece of plastic is just as bad and simple as it sounds. If a lock is not equipped with, or has a deadlatch button that’s improperly configure, it’s very easy and quick to slip the latch and let yourself in. In the following videos, you’ll see where I … More Open a locked door with a piece of plastic

Why Project Scope Matters

September 13, 2019

In the wake of recent events with a physical security assessment, there are a few things that stand out… … More Why Project Scope Matters

Latest Hacking News – Interview

May 21, 2019

Thanks to Latest Hacking News for interviewing Tim and I on the subject of physical security. Check out the interview: Latest Hacking News Podcast #245: Brent White and Tim Roberts, NTT Security

Hak5 LAN Turtle

November 8, 2016

My #Hack5 LAN Turtle is ready for deployment! This has certainly been a helpful tool to use for #SocialEngineering assessments. –Brent

CircleCityCon – 2015

June 12, 2015

CircleCityCon in Indianapolis! DrBearSec knows how to put on a great hacker conference. Thanks for having Tim and I out to speak. Our talk was titled “From Parking Lot to Pwnage – Hack-free Network Pwnage”. We did a bit of a different format with this talk. You’ll notice we’re sitting in chairs. The more informal, conversational … More CircleCityCon – 2015

B-Sides Nashville – 2015

April 13, 2015

THANK YOU to B-Sides Nashville for having us come out and speak. This con was fun, the talk went great and the participation and questions from those who listened was refreshing. The title of our talk was “From Parking Lot to Server Room” and was scheduled from 10:30-11:30am on the “Red” track. Check out http://bsidesnash.org/ … More B-Sides Nashville – 2015

DEF CON 22 – Social Engineering Village

August 18, 2014

HUGE shout-out to Social Engineer, Inc and Chris Hadnagy for the opportunity to speak at Def Con 22! Our talk was titled “Corporate Espionage: Gathering Actionable Intelligence Via Covert Operations”. The talk went great and it the turnout was incredible. Apologies to those who waited in line and couldn’t get in due to the room being … More DEF CON 22 – Social Engineering Village

We Hack People – Covert Entry

Tim Roberts, Brent White – Covert Entry, Social Engineering, Red Team, Hacking, Physical Security, Bypass, Lock picking

Tag: Physical Security