Presented at
BruCON 0x08 (2016),
Oct. 27, 2016, 1:30 p.m.
(60 minutes).
You have spent lots of budget on a high-grade, pick-resistant lock for your door. Your vendor has assured you how it will resist attack and how difficult it would be for someone to copy your key. You've carefully chosen robust and heavy-duty padlocks to secure your critical infrastructure and grounds. Your Plant Ops people feel assured that outsiders wouldn't dare try to pick or smash such a lock open.
Maybe they're right. But... the bulk of real-world attacks that both penetration testers and also criminals attempt against doors and padlocks have little or nothing to do with the locking mechanism itself! This talk will be a hard-hitting exploration (full of photo and video examples) of the ways in which your doors and padlocks -- the most fundamental parts of your physical security -- can possibly be thwarted by someone attempting illicit entry via means that don't involve intricate pick tools or finesse techinques. Bypassing and quick entry are often possible on our physical security hardware due to systemic and simple vulns that we have not yet eradicated. The showcasing of these scary problems will be immediately followed by bulleted lists of simple solutions that are instantly implementable and usually very within-budget.
You, too, can have a near-perfect doors or padlocks... if you're willing to learn and understand the problems that all such hardare tends to have out of the box.
Presenters:
-
Deviant Ollam
While paying the bills as a security auditor and penetration testing consultant with The CORE Group, Deviant Ollam is also a member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers. His books Practical Lock Picking and Keys to the Kingdom are among Syngress Publishing's best-selling pen testing titles. At multiple annual security conferences Deviant runs the Lockpick Village workshop area, and he has conducted physical security training sessions for Black Hat, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, ekoparty, AusCERT, GovCERT, CONFidence, the FBI, the NSA, DARPA, the National Defense University, the United States Naval Academy at Annapolis, and the United States Military Academy at West Point.
His favorite Amendments to the US Constitution are, in no particular order, the 1st, 2nd, 9th, & 10th.
Deviant's first and strongest love has always been teaching. A graduate of the New Jersey Institute of Technology's Science, Technology, & Society program, he is always fascinated by the interplay that connects human values and social trends to developments in the technical world. While earning his BS degree at NJIT, Deviant also completed the History degree program at Rutgers University.
Links:
Similar Presentations: