Hacker News Comments on
I'll Let Myself In: Tactics of Physical Pen Testers
Wild West Hackin' Fest
·
Youtube
·
219
HN points
·
9
HN comments
- This course is unranked · view top recommended courses
Hacker News Stories and Comments
All the comments and stories posted to Hacker News that reference this video.Going by a presentation from a professional pen tester lock picking is usually far down on their list because there are easier ways to open many doors without picking the lock.https://www.youtube.com/watch?v=rnmcRTnTNC8
Someone who wants to get in is probably already on his way out while LPL is only halfway through with the lock.
⬐ JshWrightA big part of what LPL does is exploit those non-destructive bypasses.
Deviant Ollam's talks are always first class. I also love this one, about physical pentesting in general:
This is nowhere near being viable for real world use. Far more concerning is how easy it is to bypass most physical security measures. Forgetting about how easy it is to pick open most locks, many doors aren't even installed properly in the first place. Check out this YouTube video [0] to see what I'm talking about.
They don't even need to be internet-accessible, physical security is often weak as well. Surprisingly relevant:
Reminded me of this talk. So many silly things leading to easy access."I'll Let Myself In: Tactics of Physical Pen Testers"
⬐ mytailorisrichYep. 7:15, exactly that. Plastic sheet and 20 seconds.
The internet brings a much bigger attack surface than local people who can reach a front door, and home users access the same openssh as companies do, but companies (can) afford stronger doors. "Most people's home doors can't withstand a hit from a sledgehammer" -> "we shouldn't talk about cryptographic weaknesses in case someone abuses them" is a stretch, the comparison does break down.[1] is a fun YouTube video about physical pen testing; one example at 13:45 in the video, the presenter is walking home from a bar, walks up to a locked high street bank, spits a mouthful of beer through the gap in the doors, triggers the presence sensor on the inside which lets people out, and the door opens and lets him in.
⬐ perl4ever"The internet brings a much bigger attack surface than local people who can reach a front door""Local people", huh. My front door is visible to everyone on the internet, and I have no practical way to prevent that. Some obscure company went by with their mapping vehicle and...
Now, some people do live in big buildings where less is exposed to the outside, but millions don't.
⬐ jodrellblank> and...and... what? Unless telekinesis has been invented, a photo of your door doesn't increase the amount of people who are able to try opening your door. If you're about to say "someone might choose to come a long way just for my door" then that seems like an argument in favour of what I'm saying - in that case, wouldn't you like to know about any vulnerabilities your door has which you could address, before they arrived, instead of relying on silence and hoping they won't know about them?
⬐ perl4everI'm not really arguing in favor of doing anything in particular; I was just pointing out that people rely on "security by obscurity" in day to day life, despite the fact that everything is connected to the internet. Perhaps there are some subtleties in exactly what "obscurity" is.I'm saying the ideas I read about how the world is don't seem to be connected to my view of reality. I don't have to argue with your conclusions to find fault with your premises, and I'm feeling too lazy to do it right now.
Simple physical penetration testing tactics are easy to learn and apply widely. These skills can be a quick way to have better security awareness, and can be a fun party trick.For example, many of the techniques listed in this (<1hr) video: https://www.youtube.com/watch?v=rnmcRTnTNC8
All those cabinets use the same key across cities as well! Otherwise FEMA and other services would be unable to function. For the same reason all LEO handcuffs use the same key, so that any officer could release any handcuffed individual.Edit: Some googling for links let me to this video, which seems relevant:
I'll Let Myself In: Tactics of Physical Pen Testers
⬐ jedimastertDeviant Ollam has some of the most informative and approchable physical security and pen testing talks out there. He's great.⬐ danpalmer⬐ debtHe’s great at what he does professionally.I get the impression from his talks that he holds some views that may be quite exclusionary - there a some throwaway sexist comments and some political views that some may find uncomfortable or exclusionary.
Watch his talks for his content, if you are ok with these things, but not everyone may be ok with his personal side. That doesn’t matter to everyone when it comes to technical topics though.
Edit: FWIW, I seem to remember this particular talk and the Elevator hacking one mentioned in another thread are fine. I believe it was several layers down the YouTube rabbit hole that I started to hear comments that I objected to.
⬐ farisjarrahDeviant Ollam is great, so informative. I feel like another great conterpoint to Deviant Ollam is the Lock Picking Lawyer on youtube and reddit:https://www.youtube.com/channel/UCm9K6rby98W8JigLoZOh6FQ
He really doesn't waste any time and just gets in there and picks or tears down locks and tells you exactly how good or bad a lock is.
⬐ QuadrupleAI somehow got recommended LPL via the YouTube algorithm, his videos are great - and slightly wrong somehow, a lawyer compiling a hoodlum's dream encyclopedia on how to get through any lock :).⬐ Something1234Gotta drum up business somehow...⬐ hanniabuIt also helps call out lock manufacturer outrageous claims and deception tricking the consumer into feeling like the lock they're buying will be secure by using it.Walk confidently and never make eye contact. Easiest way to get into anywhere. It forces people to verbally call you out which people rarely do.Looking lost or "looking for something" while wandering in is another great tactic.
⬐ c22⬐ tzsI agree with "walk confidently" but I find making eye contact, smiling, nodding, or even saying "hello" while you pass does wonders to subdue people's suspicions.⬐ debt⬐ maxxxxxI agree, but it requires quickly reading the situation. Sometimes it can be as effective as not making eye contact.⬐ bitbangIt's more the reason why you avoid eye contact. Looking nervous while shifting eyes to avoid eye contact looks suspicious. Avoiding contact because you are otherwise distracted thumbing through forms in a clipboard makes it look like you have a purpose for being there.I remember when I was contractor I had to get some screens from another building to kick off the project. They didn't have badges, just somebody at reception. I walked in, took screens almost $30000 worth, carted them out and left. This was my first day, nobody knew me, but nobody challenged me. Only afterwards I realized how crazy this was.⬐ asfarleySo... the only wrong way is to look moderately confident?⬐ agumonkeylook like you belong, the more psychopatic you can ignore the fact you're crossing the line and act if you're everybody's friend the better⬐ chaoticmassObligatory Sneakers scene reference:⬐ MichaelApproved⬐ Spooky23That was a great movie and the scene was fantastic but none of the tactics OP mentioned were used there.I worked in a mall as a teenager and rolled a big safe across the mall through the mall to a shared loading dock for the store owner.Rent a cop guys blocked my way at the door challenged me, and I just said “Wtf does it look like I’m doing, I’m moving a safe, get that door!”
So they opened the door, and I rolled the safe into a white rental van and got in the passenger side without incident.
What people can do without anyone noticing is unbelievable.Once upon a time, I worked at a Unix workstation manufacturer [1], which was having some financial problems.
The hardware developers worked in a room in the center of our offices. It had no windows, and one door to a hallways. If you went right down that hallway, you would pass my office and another programmer's office on your left, and my supervisor's office and the office of the head of software on the right, and then reach the back door to the office.
If you went left, you'd have to go past the reception desk and through an open area to reach the front door. Next to the front door was the office of the guy in charge of engineering.
The way the desks were arranged in all four offices in my hall, and in the engineering head's office near reception, you could easily see if anyone walked by.
The hardware developers had a large format printer in their area. That thing was something like 5 ft side, 4 feet tall, 3 feet deep, and weighed maybe 300 lbs.
One morning they printed something just before noon, then went to lunch. When they got back from lunch maybe 30 minutes later, the printer was gone. During the time they were out of the hardware area, I was in my office, and at least two other people were in their offices in my hall. The receptionist was at the front desk the whole time, and the engineering head was in his office.
None of us saw what happened to the printer. Later that afternoon the company we rented it from called and said that they had successfully repossessed it from us, so apparently a couple repo men managed to stroll into the office, passing several people, walk into the hardware area, disconnect the printer, and walk out with it, with nobody noticing.
Our office was just engineering. Sales and admin were in a different building in the same office park. Manufacturing, shipping, and the warehouse were in a third building there. Meetings with outsiders, even outsiders who were there to meet with engineers, took place in the conference rooms in the sales/admin building. We generally didn't have visitors in the engineering building except when interviewing someone for a job, and we always knew when those were expected.
[1] Callan Data Systems
⬐ chris_wotYou probably should also look at "The Search for the Perfect Door", pretty fascinating.⬐ donatjIt's nice to see this getting some love but a little bitter sweet because I posted it a year ago and it went nowhere. Oh well.Deviant Ollam is always an interesting listen. He's got a very good way of explaining things in understandable layman's terms.
⬐ centizenOllam is top class, he manages to get so much good information across without getting long winded, and never sounds condescending.⬐ DigitalTerminal20:22 how does this help with underdoor tools you can still pull the lever down, cant you?⬐ spacedog11This is fascinating. Thanks for sharing⬐ aszantuInteresting⬐ 333cPrevious discussion: https://news.ycombinator.com/item?id=18203270⬐ thejenkDeviant Ollam does another talk with elevator consultant Howard Payne just about elevator security which is fantastic. It's very similar to this one, but goes deeper into the single subject. There are a few versions on YouTube of various lengths, but here's the 2 hour version: https://youtube.com/watch?v=ZUvGfuLlZus
⬐ netmonkvery nice video very informative.
>Wait, what? I can't find anything about door levers having this kind of security risk.I specifically remember this talk: https://www.youtube.com/watch?v=rnmcRTnTNC8
at around 18 minutes in he shows one of his employees(?) use a long bit of wire to pull the lever and open the door in a matter of seconds.
⬐ SilasXHe shows the result of it, yes, but it's not that easy to have a wire go through a small hole and reach up to grip something and pull. Most outside apartment gates operate on that assumption.⬐ KonnstannThere are a handful of videos where other pen-testers show the process from start to finish, and the space needed to get the wire through is not as much as you think.⬐ SilasXGetting the wire through isn't the problem, it's controlling it afterward. Not surprisingly, the 90 minute video you linked didn't find time to show that part.
⬐ 333cPrevious discussion: https://news.ycombinator.com/item?id=18203270
⬐ camtarnHighlights:- DoorKing and Linear entry systems all have the same keys, which are legal to buy on eBay, and which let you access relay terminals to pop the doors right open
- IR Request to Exit sensors on doors can be defeated using a can of air duster to create a cold spot, or even with a cloud of vape smoke or balloons
- Tactics for cloning RFID passes by passing close to people with a non-contact RFID reader
- Most police cars in the US are keyed with a fleet key, which again is legal to buy. And the police cars get sold off and become taxis, without the locks being changed...!
- Lots of ways to defeat latches, door handles, emergency exit bars, deadlock thumb turners
- Hilarious war stories at the end