"Through the Eyes of a Thief" - LMG Basement, 2019-10-10

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

i just wonder what the hell the thumbnail sauce is

👍︎︎ 1 👤︎︎ u/TransitOfMercury 📅︎︎ May 17 2021 🗫︎ replies

Captions

and this kind of goes on from there NSA recruit after parents raising hacker kids after anthropologists to embed it for six years with him anonymous and and on and on so I hope you have fun with that look it up anywhere and it's called the hacker next door thanks yes any other remarks thank you very much to Sherry and everyone in LMG and to all of you this is a full room or something midweek and an afternoon and a small quiet town so I am sure that you would much rather be enjoying beautiful weather and scenery and somehow you're here so we're gonna try to make it worth it and I definitely understand like people who know me or met me or catch me online we understand that my job is a fun job right out of the gate not gonna lie like none of my team and I belong anywhere in this room we were not authorized to get in this room but of course there we are because that is what we did we are professional thieves our job is to mimic and simulate and emulate attackers and to think like them to to you know spot a target spot the weaknesses exploit that and get inside and gets all the critical assets and it's it is very exciting I'm not gonna lie it is not physics nothing like this is a magazine shoot the number of things wrong firstly you know we've got Rob and the photographer is like - do you have your sidearm totally like stand there in sole position he's like we don't have guns anymore when we do think that's that's his only job he used to be federal police right and also in my hands is wrong because then I go you know take out you know take out your lock picks down there and you know you know get up get up at that door and make sure you know with your life it's no that makes good good photography okay like sure lock-picking that's how I'm known and if you've ever seen any of my lock-picking slides like we can talk about this all day and I have talked at length about this and if you've ever seen any of my videos like you've seen these animations about how a lot works and how a key works okay while the bidding goes this way with the Keyblade and it pushes the pins and that's how the pins get to the shear line and I love explaining this stuff and I love explaining how you can get the pins in the right alignment without a key right like using pick tools if you've ever seen any of my play talks or animations many times these animations you know up you know not for me people are just throwing them on Reddit and Twitter have you ever seen block diagrams like this right okay we're not going to talk about basically any of this because as I tried to tell the photographer for that one you know photo session I'm like this is not what we do most of the time for the most part like yes lock-picking is fun and if we want to do you know some stuff later I can talk about it but in the real world flake setting meticulously setting one pin and I've been like that's somewhere down like step eight of trying to get in a building most of what we do as a team is way faster and way more low-tech and frankly way easier to understand because it's such a basic level of like bypassing style attacks I'm like let's get right to it right let's talk about some of the dumbest things that both real criminals and you know want to be criminals like us do did you know the number of doors I've taken off by knocking the image pins out like if the hinges are facing you which again in a residential environment you wouldn't expect that right because well my door opens in but no in commercial land we we have well more than 50 people here that makes this an area of assembly which means all doors have to open outward they have to open out one with less than five pounds of force but if an attack is in place there's a whole bunch of code that you get into which means that coming up to doors and knock in the inch pins out is absolutely valid this is a slick little tool by the way as a hammer a hinge pin knocker way smaller than walking around with you know a hammer in your back pocket so yeah like bash the inch pins now walk the door away from the wall you can absolutely do that and start looking around and commercial environments again doors are going to open up word and those hinges are going to be on the outside do not dismiss this as an attack vector I've used it a lot and for most of the things I'll talk about by the way I love not just dropping like angry fearful stuff I like giving you solutions as simple as this attack is the solution is also equally simple so this is called a security hinge you can see it has a little peg it has a little hole over here and when mounted you drill a hole looking up in the frame the idea being you swing the door shut that peg inserts into that hole and if the door is closed it doesn't matter if I take all the pins out of the on the engines right I can't wrench this away from the wall and that's a simple part that's an easy thing to have you don't even have to rehang your doors if you don't if you already have an existing structure right these are called jamb pins they're made by a manual major manufacturing the old company founded by Gerry Finch she was a famous locksmith and it's a brilliant brilliant device how does it work well you got your regular inch take out these screws replace them with jam pins all right take out these screws replace them with nothing you've just created a security hinge and you didn't have to rehang your doors you didn't have to do a whole bunch of mess you didn't have to hire a professional like anyone can do this I advocate a lot of these low-tech solutions in a commercial environment you may of course sometimes see a little set screw that's called a captive pin so you can't actually knock that from the outside by the way this is if you haven't guessed right this is clearly like taupe wallpaper very much an interior door inside a building but there's a clearly a large door closer here if you had to take a guess in my life of travel what kind of door am I looking at here yes this is a hotel absolutely I travel of my wife and I are both traveling about two-thirds of the time mostly because we like to be together so if she's doing a thing I'll go with her I'm doing a break-in she'll come with me so we spend a lot of time in hotels let's talk about though tell us through the eyes of a thief right so do we have any other frequent travelers in the room okay absolutely so right off the hop terrible terrible Dorfman in so many buildings right this is a door that looks closed but not really closed so like if I could like smash this door open full open bounced off the wall looks closed no it's not closed because door fitment is a mess in a lot of places right here's another hotel is it gonna close looks pretty looks kind of closed I heard even click sounds click II know just push it again I just fought with this door for 30 seconds before I gave up and was like well I don't have anything before stealing thankfully but yeah the idea will revisit this a lot door fitment problems and you'll see if they're exploitable in many ways simple mechanical door fitment problems you think it's closed ok is it really closed maybe we even go to dinner thank God the industry accepted standard if you want to like yell at someone is open the door by the width of the door itself it should self close and watch correctly and if you want to like get on your facilities teams or get on your constructors if you got a thing there's only going up that is how your doors should perform or if you want to test because that's a pretty that's a pretty egregious test like a lot of doors aren't going to perform this way but they should door fitment is a big thing we leverage will talk let's let's talk about door fitment in an attackers perspective so here we have a locked door this is critical infrastructure this is a water pumping facility for a town that doors locked but that doors open well that's no good let's see that again sound like a flute use again it slams shut its proper lot but I'm reaching in with something it's not a lockpick alright that door is open so if anyone has seen a lot I mentioned this all the time in my talks right this is a tool called a traveler hook I'm just reaching in you'll see it better from the other angle here I'm reaching in a tiny gap in the door and I'm able to grab the latch and just swing it out of the way just hook the pull it out over the door this is really really common I'm gonna say at least a third of our attacks wind up involving the traveler hook or lash slipping and some in some part of a building this perimeter maybe not every door is vulnerable but at least one and I originally learned about this my buddy named Keith he was a actually a training locksmith years before I got into the game and I'm gonna be was going to be at this event and they said I'm Keith it's not you know I met you online for the tool but I'm really excited to meet you you know I you were actually a training locksmith in the field and we looked up I was like hey I really would love to like see your entry kit that you would carry around like when you were working so he don't sound these tools like I said no you're not your service tools your entry can't what his say he's like oh these are my entry tools yeah well I was like like credit class slipping he's like oh yeah doors all the time it's a mess and that was my flooring are you thinking what is this thing in the middle he's like oh it's a traveler nothing opens everything it's a textile industry tool all right it's like an o-ring pick if you go to Harbor Freight you can find things like this so yeah if you can get it that latch and get it moving why pick the lock what no what about this oh we can get it the latch stuff we got a big protective plate over it can't get a travel to hook in there you can get piano wire in that oh the problem is not whether or not I can reach the latch the idea is if I even if I can touch the latch directly I shouldn't be able to slip it or hook it or anything like that this diagram right here this is showing something that most doors today will have this is called a dead latch and that's sort of a collision of terms right like when you see my house has a dead bolt and my door has like a latch on the door what is it dead latch so highlighted in yellow that is the latch that the door shuts the last spring's out in the strike plate if you lean on the door will not open and many of you are aware that like doors used to just have that and if you've grown up many years on this earth is have you remember that this is what every latch looked like but sometime around late 70s early 80s we started going from this over to this elack's that has this extra you know what's this guy this is little extra fingers sitting over here well that little protrusion sometimes called the dead latch plunger sometimes called the guard bolt if you're in the locksmith they were alone highlighted in red if that is the sign of a dead latch but again most of us who see this we only see it when the door is open you're like I got the you can press the book and it's well that you might not be aware that when the door shuts that dead latch plunger that guard mode is supposed to be held back by the strike plate it is not supposed to pop out into the strike plate hole if that little plunger is held back the latch itself the large park is now dead it is blocked and will not slip or hook or any of those attacks so if you have a dead lights working correctly that's great it's harder on me the problem is many people don't door fitment again is our culprit you have the wrong hardware if the if the strike plane is not the right size and here we have you know a server room opening is a very restrictive government tool here and is called a piece of garbage I'm gonna show us a piece of plastic into this in this door jamb BAM server room access now let's look closely in that does this look like the original factory strength Lee that didn't come with this slave commercial handle set right like why is this let me just look at the size of the strictly hole it's enormous why is it so big what kind of hardware is this yes you come here on our site darvany access control you can see there's a card reader on the door this is an electronically controlled door so if someone's badges in there's a little solenoid powered electronic strike that will pop out of the web right if the integrator you're using if the inner installer and constructor is not using the right hardware if they're using like oh well we always order this one cuz it's got the big hole it always works on every day I heard this one constructors and they're like yeah we always order they the X 27 because it always plays nice no like no no no that's not what you want you want tight fitment because you want that guard hole to be retracted again more critical infrastructure this is street level access like from the outside in that door nice locked I'm not going to mess with that lock is okay but there you go like BAM like this is this is all the door fitment I don't belong in here hi I'm like I should I'm a walking OSHA violation in this room but you know a five dollar hook gets me from Street to pumps that's better and we can talk about this in other ways I mentioned egress devices crash bars and things that's me reach it that was so fast let's play that again we're sorry I'm talking up here too much this is reaching through the door with just a bent Rock turn yank slap okay because again how many pounds of pressure on that exit device five pounds of pressure an old person in a feeble person a kid there's a fire they have to get out you have to be able to release the lock on that door with a little pressure weather stripping is not a solution for door fitment weather stripping is great for your environmental but that is not a security surface right if I can hit that crash bar if I can hit that exit paddle right there and you can see this monstrous gap right here in the door how many people have ever seen this piece of hardware oh my gosh yes the rock wood style tour panic exit device so a number of companies selling here's our buddy Robert and these are two guys from facilities they thought he was like a wizard he walked up to this door and they're like he didn't back what was that he didn't Majan if he's showing them okay well you know I'm just gonna reach in with a giant hook by the way and a number of this the footage you're seeing reaching through the gaps there is something else in frame that could mitigate some of this risk who notices something in this shot right there is a there's clearly a dead bolt I mean it's a little hard to tell but it's actually like 2:00 in the morning and this is a low or probably no occupancy structure at night they could legally like lock this deadbolt they're not violating coded let's talk about code let's talk about temples so to be code based you have to have a thumb turn a manual thumb turn on your inside deadbolt this whole like double key thing that you sometimes see that's not going to fly with most civil authorities and if there's a thumb turn on the inside of the door and if there's a gap on the edge of the door well this tool exists have you ever seen one of these first responders firefighters in this room might know what this is this is a thumb turn flipper reach it through the door just kind of an area so there's if they like space equals options if there's a gap if there's a fitment problem there's a way usually for my team to get in we can talk about padlocks if we want and again I said I don't need any pink blocks right every one of these locks up here aren't by passable I don't mean like we can take out and manipulate something I mean like 10 seconds or less anybody with no training I can have you flying through every one of these locks we have footage of this we having said what I'm gonna say is we have examples up here instead of be playing you videos and so forth I'm have time I'll just give you one right the one that kind of in the middle because it's it's such an old dumb attack right this is how many people have seen this lock this black padlock right so this is called a comb pick I'm gonna go ahead and just kind of reach under the pins and just bring that open this is probably one of the most I would say it's the most bypass amalaki don't depot except for all the others every last one of these we can show you springing them open in no time every one of you can do that every one of you can do that these locks to a lot of door locks but let's talk about electronic locks for a second like physical and mechanical devices are one thing but we start to get into light well there's card reader access systems and there's like sensors and alarms like I could never do that yes you could let's go with the symbolist attack against many electronic doors say this is a developing and prototyping lab in Philadelphia where we used to have our office and we're there with one of our buddies Ross and this is actually the building owner and Babak is just show Ross a tactic he's like alright so here no no move it over here and you do a thing they're using again really hard to source tool here what kind of tool they're using yes this is a can of air and you can see like a little bit of gas something what was happening there and then the door is open right and Evan the building owner is like wait do that again what we're exploiting here is called a request to exit sensor many many electronically controlled buildings will have sensors that look like this above doors if you haven't noticed them before you're going to start noticing them especially this one this is the Honeywell is 210 like it's resold by a billion integrators because it's the super cheap one and it's easily tunable this is everywhere many many facilities you have to credential in but on your egress like how many people have worked in a facility where you credential in but you can just exit by walking up right in many instances if that's an electronically locked door it has to unlock somehow this is the cheapest and easiest way to make a door unlocked electronically it'll detect motion it uses passive infrared as long as it sees any change in thermal ciseaux and that must be a person leaving I'm gonna unlock now and we're tricking it by using either you know just a can of air duster which is the simplest cheapest solution you just take your standard office duster flip it upside down and that propellant inside will boil off when it hits the atmosphere if you have like you know like Edmund Scientific or they're like if you do a lot of chip-chip debugging work you might find or cold or you might find techspray free spray and sometimes called it's again it's it's gonna work the same way the idea is you have this door this door is locked but if we shoot that gas through BAM the rep sensor thinks someone is on the inside of the door leaving that door suddenly unlocks yes I recall you did this here in town with a delinquent I did this intelligent you'll see that in like two slides yeah that's good because I show that in my classes it's their favorite I love it so this is a fellow who runs an event called Derby con this is Dave Kennedy and he's a big easting like they've got almost spoils so he can make these big cloud soon when our friend Chris told about this he's like he tried this out he's like all right just trying to be nice listening to hear that release he's hearing listening for the circuit to go click and feel that door unlock because if he can't rip the sensor so I love that I love that clip and Dave's a cool guy I don't smoke I do drink so let's say we have this right so we've got this door this is clearly a locked door but there's a right sensor up there and I had walked out of like the Reds bar or something just walking downtown with a whiskey one night I didn't enter the bank itself and this is the ATM vestibule it's no crimes where I think committed this is my lawyer can answer that racket yeah like that's correct sensors man rec sensors will Jam you every time like hotels here's a hotel late at night I left without my key but I wanted to get back inside so I'm just wait there's everything like the big brochures like come see the mystic caverns like I just took one of his brochures where was like keeping the brochure before I did that yes where's I under my arm why warm it up exactly all you have to be is a noticeable amount of different from the ambient cold or hot and then BAM so yeah better tech exists even in this space if you have a commercial space if you really care so this is again this is that passive infrared and you'll see everywhere you start looking this is made by GE this is infrared and microwave radar so it has to see something vaguely human-sized and as to be coming toward the door so yeah that our technique says dual technology sensor sexists what's the downside the downside is false negatives if you have a bunch of customers and they're like walking up to the door with boxes and they bounce into the door because it didn't read them that integrator is going to get angry phone calls like come out here like to the sensor better and that integrator is not going to want to install this especially since it costs more and you know causes problems integrators want to satisfy the customer in a way that doesn't result in more coughs by the way if you have like an uber secure facility like the kind of the best solution allegedly its featured in this nice business building here common spot what what they're doing yes you said push-button exit a little green light over here absolutely has anyone ever been in the building that just push to exit absolutely so this is a lot harder to trick out I'm not going to blow gas you know through the door and all that kind of stuff I'm not going to say that you don't see these in environments like server cages though where sometimes again could plan this better here we have a server it's a lot of the cages secure cages are locked but again the integrators like alright they want to button they want the thing that comply with dates between 40 and 40 inches off the ground that's lunch like this is the kind of stuff that you see in the world all the time and a lot of this is again legal code you can't have that button of bajillion D miles away from the door because what if someone's in a wheelchair you have to make sure you can't be all ablest like someone needs to hit it hang grab the door with one hand if they're slow-moving and it's it's we're joking here but it's it's hard it's hard to do it right and we get jammed up on a lot of things something that's just ruination of most security buildings or at least it ruins them against us when we come in an attack right lever style door handles what's the last time you saw a knob in a commercial building like you haven't for years because if someone doesn't have rib function in their hand I mean they need to be able to use the door especially in emergencies this leather style door handle super vulnerable to what is known as an under door tool if you're not familiar with under door tools they are basically just a rod and a wire you reach up with the rod you pull the wire and you hit the inside handle from the outside this is something we this is a destroyer of worlds in most corporate environments and it's so simple I mean this is a fabric hobbled one using own Depot parts not even a commercial product right here hit the handle pull the handle this is us on a job late at night we're at an IDF wiring closet and when we showed the client this video they're like oh is Rob like he can take a screwdriver out he they thought he was gonna unscrew this grate and crawl through it and then watch them what the hell is he doing he's using is the screwdriver in his sock and then they see him leaning his head into the door and the you know the CEO is like scratching this one thing and then all of a sudden the door pops open and that's how we got into the batch wiring system because again Rob is rocking this handle over yank push are there solutions for this yeah there absolutely are frankly contoured door sills and contoured door bottles really are the best solution here interlocking door sills interlocking door bottoms you'll see these on exterior doors but there's very little that says this is a code violation indoors you can absolutely have we didn't even have an articulating cell cap again these are sort of environmentally gear products so that all you're paying for your air conditioning but these will completely stymie us trying to shove something under the door and you can use these you can deploy these not in every office but if you have one super secure room consider it consider protecting the door bottom you'll force me to go over the door top InfoSec Pope if you go to you know 8:01 if you down in Utah st. Conn there's a wonderful crew so Pope taught me this what is this product for the young uns in the room this is called film and you should tell other groups but yeah you send the bow of the film over the door you walk it over how do I know where my height is I'm on the other side how do I know how high the handle is it's on the other side or you just give her a Yank most doors will open up and there you go so ya over door attacks the hardest part honestly this attack is finding film a giant movie reel but I didn't ask where he got it so I got come to meet the man if you want just you know he knows the cool solution to this way all these door handle attacks one of the neatest things I ever saw was this right here this is a handle shroud and it was on like one facility that we were I was like oh my god I think we were refit on this server door a bunch and I finally camera under the door from like all my god what is that it was a whole mess we had to get in a different way and I asked the security manager I'm a hey the the door handle shrouds that was kicking on but where did you get this thing he's like oh no this place used to be a different building we just inherited those they were there you realize those aren't security products what is like no they're there for like Clark's going past doors so you don't get hung up on the handles like this isn't the great county line you can just order this kind of like there you go put them around your handles and ruin my deck if you've ever been especially in accommodations like hotels have you ever seen door handles mounted sideways or down it's all because of under door attacks absolutely like building managers that are in the know they will do this or that I saw this once this is wonderful I call this albino alligator protecting your door we're trying to figure out what this what like hey so the little plastic eclipse around the is that because I'm under door attacks he was like oh yeah you've heard of that yeah we have people breaking in rooms sometimes like where did you get these little clips they look they're small they fit perfectly he's like well but you have one of the Suites right so you know that the closet as the sliding door tracks it's just those products that you can just get at Home Depot like they're available so oh my gosh I love I love dumb cheap solutions that you can hold on and me my job if I'm doing it right is to make my life harder because my job is to make your world better for a cheap and easy kind of fixes by the way if you travel that whole hotel thing you can't like drill into the hotel door you might get you know your deposit not back but when you kind of do is go ahead and stuff a towel in there you've ever seen you know this trigger before anybody you know is Douglas Adams fan always know where your towel is so that'll absolutely interfere with the idea of the door and trying to pull on the handle I love I love this like our Dutch friends show this in a talk years ago and I I do this at night I do this in hotels nowadays when I stay places so we've talked about doors we talked about let's talk about keys for a second let's talk about how secure your keys are or how secure the maintenance staff slinkys often this isn't a corporate campus yes there was a maintenance apartment that was just sitting there like I could have just stolen all of these E's if I wanted to but that's kind of you know someone might notice the keys are gone let's talk about other ways to steal keys let's talk about if you have let us say this was an Airbnb and many times when you're checking into an Airbnb how do you get the keys the keys are in this photo right here yeah there was a lockbox somewhere in this photo what do you think it is everyone loves to guess the rocks it's not the rocks what and the host thing is near the hose thing how many people have seen this at Home Depot and Lowe's and every other hardware store the 5400 series oh my god so this is a ridiculously by passable tool no it's not really about that it's decodable again with that same fit blade of metal that you can make out of any little shim stock you come across you can run those wheels find little gaps in the wheels I can teach anyone to do this in about 30 seconds and these look basically every key box on the market is awful pop it open grab keys out of them now like that's an airbnb right so who cares more and more commercial buildings nowadays are weird shared use structures when you have like infrastructure or the roof and Verizon has to come out once every few months and do something with an antenna so you there's eight different key boxes on this one we have one over the door and we have a whole ton down here and every one of them are hot garbage but they've all detained like eight copies of the master key for this building it was like we were just like hey did you get a master key yet today so be a mailman all right let's decode this one you take a master can you all right let's go erect this property it was just it was key bonanza right so being able to like use a lockbox there there are there are not they're not a good way to protect keys if I want to steal keys I will absolutely look for lock boxes what about stealing keys without even going hands-on this is a talk I gave at North Carolina there's a crack on down there called cackalacky con is a very fun time and I talked about stealing keys either through caste and mobile attacks with hot metal or optically decoded this was a talk I was setting up at a university and they had like a wiring room with the projector controls so somebody came in they said okay let open this thing okay we'll turn on the circuits okay blah blah I need the Wi-Fi okay and this thing kind of threw this key down for a second as they were switching everything on and I didn't want to take the key I mean I'm their guest I'm not a complete jerk but they didn't take the photo of the key and it's not a great photo this is like drive by with a cell phone don't get there but this is enough for me to dump this into a little template that I have you understand the cuts on Akeem are called the fitting of the key they're not an infinite range there are very discrete individual zones that a key can be cut to and if you have template files which I am I talk I throw these templates up on github you want to download the templates take a photo of a key straighten it out in your favorite image editor and then just look your way down those the template lines this is Ashley keys from the most common keys in commercial America slate starts at zero and then goes from there one two three four so if we look is this system well heck no it's not a one or two or three what does this look like that looks like a five okay great that's the first cut of this key knowing what you know and my templates have little blue is even gray is odd what's the next line you can see that front can you shout it out that looks like you two slate goes all the way down to nine what's what's the next one a couple up from that there we go we got a seven we got a regular blue in the next one yeah we got a six is she's even how about next seven and then - all right 30 seconds as a group we just decoded this key from a complete crappy photo like that and in the field you don't also by the way up to like running to a locksmith I have what's called a little pan size key punch so I can throw a blank in the punch punch punch punch punch punch punch spit the key out and then there you go there's a copy without ever touching the original key and this is the kind of stuff that goes through my head when I'm in like lift and other you know share drive services so many people just there dangling their house keys out there and I realized that you know this is not everyone's threat model I know this person's keys I've gotten right up to cards and you can absolutely get the bidding even at a terrible angle and you can see in the bidding of this key we've decoded this standing right there pretending oh yeah I'm not as a visitor system that's weird I have to check my contact all right I'll come back later and we just come around the side door because we just made a freaking key there's a YouTube video of a bunch of people who are protesting in front of like an FBI building and some guy is coming he's like hey look I'm sorry but you really I gotta put you back on the sidewalk and he's talking to people and I'm looking at the YouTube video and someone sent it to me he's like hey what is that what is that in this pot okay yeah so that's a Yale one you know there you go that's a y one and there's your bidding okay so hopefully that doesn't go to something important that's on YouTube I know if you look at your own keys you might even notice something that could make the job even easier forget the templates and the lines for a second yeah there's numbers on these key let's wait a minute so this one says eight six five by five and this is two two eight three now wait a minute if I did put the lines on there does that does that kind of look like eight six three that's called a direct bidding code many people's keys have direct bidding codes stamped on them from the factory and if your keys are just sitting on the bar next to you or a table and yours with people I I jumped into slack with the tool people I was like hey I'm doing a talk and really than anybody have to wrap it in code but someone get a lot of key photos and boy did the community deliver because there are so many keys out there like Brett jumped in he's like yeah I got a couple every one of these is the direct bidding code on this key so the idea is if your keys are just hanging you know on your hip and someone can see them clearly I love that people are checking their keys right now this is marvelous well done if you want to introduce you to this little utility tool it covers up your teeth it's not designed to be a like a key shield right it's designed to be a screwdriver and bottle opener but I mean absolutely if you want your keys to kind of stay out of sight pick up a little a five dollar key shield on Amazon and then you get an extra you know screwdriver a wire stripper and so forth what you got I would love to convey your key for you just just right now officialy gonna use the punch on you'll use the punch on so yeah think about think about what information you're leaking sometimes because again if I can just get a glance at it I can usually turn that I can weaponize that information but someone might say we'll look alright I understand that mechanical keys but you know we do you have electronics all around our facility alright let's talk about some electronic access controls let's talk about telephony access controls these are super popular in large presidential and small office environments when you have like a little phone directory or maybe a pin code to get in would it astonish maybe some of you to know that most of these brands have one key so like this is linear well in the air has the two two two three four three key and it opens the linear panel on every one of these boxes across their whole product line what can you do if the box is open well there are momentary switches in there you can just fire the release and trip door contacts so here I'm in a big gated facility but I have my linear key I love that oh no to get out of the car just momentary I'm going to try the rotary leg all right let's see the gates start moving solid entry and the people that we pulled up to their building and they're like how did you get in here I'm like well you have a box on the door that you know is controlled by this key which is not a restricted key like anyone can order this from just you know installer catalogs if you look around and you see these big boxes outside of buildings if you ever see the big a Z called the big three buttons this is like you can spot that from Google Maps and we see them on a target were like yes 14 Dorking systems another big player huge market share Dorking systems all use the same key they use the 16 120 King they've used it since the 90s and again if you can open up the panel there's a whole lot of parts inside of there that you can mess with what can you do inside the parts well you can jump out the door relays you can even fire extra switches there's a postal access mode that you can fire this one doesn't even have the postal switch hooked up but I know that if I bridge contacts four and six because it's always four and six on the terminal block I can ground it out and that will fire the door that will just unlock all the door release 16 120 key opens it up get a little loop a wire in here it's like Matthew Broderick with the beer cans there we go okay doors open is the 16 1 2012 it works across the entire Dorking product line it must be only restricted door king customers no it's not freakin even like everybody can find these keys my favorite key for like candlelight systems by the way as we're talking about it has anyone heard me talk about the CH 751 there's a couple of hands going up so the same certified one is effectively the most common key in America it is reused and reused and resold and repackaged in so many installations there was a story years back about you know thieves are doing guest Punk credit card skimmers and because they have this key that opens the gas pump and NBC News got you know static people don't show the key you're giving away and locksmiths cracked up is like oh my god ch seven five one really yes really if you go on Amazon look on their locks at home hardware search for key it's the most popular item that turns up results every rinky-dink I need a stupid lock on this thing for no reason key has a good chance of being the CH seven five one like again this is like all too cold you're too hot let's argue about it in the office who cares about this but I'm like these are two office locks this isn't this is the faculty this is a fire annunciator and this is a brief of that this is the badge system this is the door controller but they're both CH seven five ones people have started sending me and my buddy Howard photos of this key working in places ever since we even talked about it another door controller installation Cee 7/5 won an alarm panel CH seven five one this is great how many people have been in the building where like all the important keys are behind the worst lock in the building like here's your Lockbox this is a ch seven five one and it gets me every key in the building you know my favorite part about this in this photo opened by a CH 75 one there are no less than three more CH seven that do other stuff in this company so oh my god like if you get one key if you see one can disarm they could be that so yeah it's like a dollar and it opens so much stuff that up down up down up pattern has been reused and resold for decades and you throw it into things it'll start astonishing you but we were talking about electronics with a little sidetracked sorry get back on track so always never used a badge system who's ever used electronic reactions okay so these are they used to be the realm of business only and now they're really penetrating the market in a lot of ways so people are accustomed to seeing you know card size credentials or key fobs and use them at the reader I have a different reader that I always travel with this is my reader this is called proxmark this is an electronic credential basically debugging an attack tool and if I hook it up to my laptop I can do a lot of things to credentials I can interrogate credentials I can crack keys on the credentials I can dump the credentials I can copy them to other credentials by the way what kind of credential am I using here yeah it doesn't look like it was made by HIV what kind of key is that that's a hotel room key absolutely I the first thing I do when I check into a lot of hotels is play with the electronic locks who I their trying to copy and crack the you know the key cards in my room or if you get maybe an electronic safe right oh my god electronic safes they're in every hospitality you know install nowadays does it shock anyone that most hotel safes are hot garbage as well because again they're supposed to be easy to use and cheap that's what hotels care about they don't care if they're actually secured so here we have alright we've locked up our safe the next time you're in a hotel you're bored look if your hotel safe has a little raster package go ahead and look underneath that battery it's almost always a little color plate covering up the mechanical override lock as mechanical override lock is almost always a pile of foul sauce this is a little cheap Chinese cross rake as it is looks an odd kind of lock you couldn't pick it but it's way easier just to shove this rake in there pop and again like that's a crazy expensive restricted tool enough like this is a $13 tool for the whole set you get one out to all your friends or you can get a coffee this is a nicer tool this is an actual cross link work a little more reliably I mean the other one works pretty fast this works even faster this is Robert he's checking into for another job pretty much all of our fitting videos of safes they're all involved guns in them so I hope you're ok with that this is one tab Roberts like well I wonder what could be behind this brass plate look back there of course is the override lock what kind is it of course it's a horrible lock because they're not expecting anyone to know it's there they're not expecting anyone to try to attack it and when Robert pops it open he says ok well I've got my cross pick he doesn't even have to rake the land he just shoves the pick in and he was like does that oh my god that's turning and it just suddenly falls open so Hospitality's as you can hear a much chattering on the video here so yeah look in your in room safes look at how many of them have those little little usually brass kind of enamel badges on them ok that's not to say the only thing we do I mean we have had targets where a client has certainly trying to say if they're using we'll take it apart we'll look up a logic analyzer we're not going to get too far into the weeds but if you want to get into circuit design and chip design we have you know we've got a little IC doing some work here but we also have a clearly exterior memory like why is there X 0 so the EEPROM doesn't have its own hardship memory ok well something is being stored on this so let's hook up our probes and like wire it to our logic analyzer and just try things with the safe and our electronics diavik he's trying to write code trying the wrong code and he was just looking at traffic being pulled off the chip is like oh I can see it's trying to read my code that I set out of memory a fun thing to do in a lot how many how many people have ever used their intern safe how many digits is it always it's always for always for try to put more digits in like wrong digits and see if it immediately yells at you on four or does it keep letting you input stuff to like six there's usually a supervisory code and by interrogating the chip he was able to see like what are these numbers going across the bus that's not my code and even trying to even like how I put it back together try oh wow that constantly opens but so so this woman's friend Jen she's clocked or safe up and again if you start putting numbers in and it allows you to do more than four you might have a code that's a supervisory code somewhere hidden in that system and we've called manufacturers up and be like hey so I have to say how do I change the Supervisory code and they're like what there's no supervisory code how did you notice a lot of these companies don't talk about this the really fun ones are when you have a safe that clearly supports this function and it's never been programmed if you're in a hotel you try locked your safe up right you try numbers and you realize it's accepting more than four digits you say to yourself well okay this is going to allow me there must be a supervisory code all right six digits cool start trying dumb and you might goodness like all zeros nice thank you excellent so yeah in your in your in your hotels like what do I do in hotels I mean I just travel the Pelican case and I lock it up I have nice locks on my hard sided other case and that's my safe that I trust way more than the hospitality safe and in my room I have a bunch of hidden cameras like put hidden cameras around you there they're so cheap now they're all online if anyone was in my room at my hotel in town I will know it'll alert me and if you're actually going to sleep I love throwing these little things out at you there's something called a security door stop it's in all of our travel bags man we've stayed overseas like we're the sandbox you know North Africa or something like we've stayed in really shady compounds what you do is you have this little metal wedge you shove it under the door and you crank this screw down into the floor essentially that's not going anywhere that or even cheaper if you don't want to like damage the floor if you're a nice guest there is something called a grip strap that goes around the deadbolt it is on Amazon as well I don't work for these companies I just love showing you what I think are cheap easy solutions there's always some configuration if you take a minute and think about it that you can get this around the deadbolt in a way that will not let someone on the outside either use a key or use their card access and so forth so most of the time when I'm racking out and I'm on the road there's going to be some tool like this on the inside of my door and I can get a good eight or nine hours hard down and I know no one's coming in with if they're not ignoring the housekeeping sign and everything else like that again these aren't fully you think it's a deadbolt well I've thrown the deadbolt in many cases if someone can hit the inside handle and how do you do that well you do that with your under doors right I like that extra protection so we keep getting off track I promise we're going to talk about good stories we're gonna talk about electronics one more second company so stealing that we stopped by stealing keys let's talk about stealing electronic credentials this is a long-range rfid reader it's what you would see a lot like a parking garage right it's instead of a couple of inches this has a read range of one to two feet while we recognize these my team and I especially Babak the fellow you see on the left he won't give a whole new entrance will give his circuitry little power supply with a loose converter a little Bluetooth chip that he can interact with it and then this will just run sniffing for credentials no wires in the wall you'll just walk around with it and if I get near you or near you just get you have a credential in your pocket I can try to steal it out of your pocket now that looks weird if you're walking around with a pizza box like that but if you just throw it in a backpack throw it in the laptop bag this is a credential grab right out of his pocket right there and our friend dentist he can see on his phone okay got a good read all right I'm gonna pretend I'm leaving them we do this all the time against targets because a lot of employees have routines we put surveillance on the target we find out when they're coming and going we find out what transit they're using we find out what restaurants they like to get to we had a really hard and target once then everyone who left the building they didn't want to know they worked there so they would tuck their cards in and we weren't sure like do they have their badge did not is it in but they didn't have a lobby that you could show up really I am here for a meeting oh they're not in right now they're okay well they do a restroom they have a restroom in a lot so what do we do we will get a car grab in the restroom BAM like absolute a little laptop bag on the floor took a few minutes but yeah we got someone to come in nailed it that was that was enough to like BAM get that get that credential get in the building the the mitigation for this they make little shielding protection covers for your carts if you've ever been in a high-security facility you might have been issued a badge inside of a little blocking sleeve there's a reason they exist it makes our job a lot harder instead of attacking your card well what do we have to do that and we have to attack the reader the reader on the wall you'll see this is some of the stories I'm going to tell you right if you get that reader off the wall and get to the wires behind it those winners aren't just providing power some of those wires are data lines where the reader gets the credential and it shoots that credential data down a wire to the door controller well we could install a little microchip just punch it down right on the wires and then just start sniffing grandchild Atta if we put it back on the wall there's a chip about the size of a postage stamp it's called an ESP key and there there's one installed like right there that's all it takes self-powered right off the red black wires and it is a risk getting credentials getting credentials getting credentials and we can come back later dump those credentials that we stole and leverage them burn them onto new badges we can get even crazier for a second with RFID because I love I love talking about this freaks people out right so we've talked about regular credentials that many people have kind of used these in the past or maybe your apartment or maybe like a gym might have given you a key fob that's not the only form factor that RFID credentialing technology comes in in the middle here we have stickers they're actually not to scale let's make them to scale they think and let go on a cell phone if you don't want to carry a badge you can badge in with your cell phone all right on the far right though those are also RFID credentials they are also not to scale let's fix that what are those does anybody know yes those are bio implant credentials I my wife several other people in our firm between the first and second metacarpals on our hands we've gone under the needle and we have chips in our hands they are rewritable reprogrammable they can emulate a lot of different tech if you don't believe me like the video is on YouTube you can watch me getting stuck what can you do with these you can absolutely interact with readers what am I like this is just me talking with you know a little kid and I'm like hey we're headed from the reader oh really my beeps maybe you were doing it wrong do it again and she's like how did you do that she's trying she's family no and then yeah you know it was really fun to like you know best around people and I'm like no check my handouts she's like why he chips in your hand weird yeah this is not the only purpose for this right you can reprogram these chips if you have a good credential so this is my wife this is her hand we've reprogrammed it to the badge for a building where she had access so even though they took her keycard later when she was done this brief engagement she can come up to the building the door's locked here we go BAM this is not science fiction like this is real stuff and it applies in many ways in my life again I stain a lot of hotels if I don't want to carry my room key around maybe I'm going to be too tipsy later and I'll forget or something never lose your room key again if you have it built into your hand I actually did that here the hotel I'm staying at in town this is just a half an hour ago I don't know where my keys are at this point but I don't have to know because my room is here okay rub it with my hand okay and there we go door access now these are just funny kind of examples there's a real story though on an actual job where we had gotten authorized to sort of we blocked our way into a building we into the good story section so we had gotten into a building as like contractors I know we're here to you know refill the fluorescent fluid or something okay badges okay we knew their contractor names we had a good story but we wanted to get into important fruits and our badges did not work on those stories well I'm not even going to try it because I don't want the access logs to be full ready but earlier we had start a card from a badge from a garden so I like alright so most of the people on the team they took their badges and they started rewriting them to match you know in a guard they can get into a lot of doors I wanted to fly a little worn on the radar I wrote the badge for the guard on my hand I got into a data hall it was it was really you know easy I'm like BAM okay in and I'm you know dropping a little notice that like prove we were there an employee he came around and this employee is like hey what are you doing in here oh my god whatever the story was we happen he's like now - no hang on hang on he like cracks his head in the hallways like sir he brings a guard over he's like can we figure this out this is a real high secure facilities like this gentleman is in here and that's that's a red badge that's a that's an offender a contractor badge you have to have an escort I need to know why you're in here and I was like I I thought this was this is not where I'm supposed to be I mean I was looking just to check the readings on this thing we were talking about environmental readings for you I'm like I just came to check the environmentalist I got my thermostat me and things he's like no look I understand you you seem like a nice guy and you're covering for someone I want to know who let you into this room because it's it's not you you're in trouble but someone else needs to understand policy and look I'm not trying to jam you up here but I really I just bashed in I don't know what to tell you man so they actually took my badge off my you know like him they hit the door with it the door stays red obviously he's like you did not match in and I really need you to stop jerking me around I'm looking it was like look card mister guard because the guards are always less trained I don't know what to tell you man I mean this guy is really trying I want to follow policy I swear if you you got cameras in this place call the sock right now I'm not trying to jam you up but literally no one needs to be in trouble my bags let me in and the cards like hey yeah this is mobile six yeah I'm here in the date of all five so yeah we got a situation as if there's a guy with a beard and uh you know deaf brown hair yeah he's in here with a red badge he's saying that I mean no one let him in can we can we go ahead and play that footage but so what they did is they ran footage back on the exterior door and it's footage of me literally walking up with this badge that I stretched out on a lanyard and they just see me do this and the door turns green and they're like the sock is walking away though yeah dude right I'm watching the video red badge just opened the door and like they could have searched me and I wouldn't have another badge on me because it was in my freaking hand so like it's goofy as a party trick most of the time but when it works it's a really choice kind of tool to happen highly recommended dude go for it like literally it's lonely coolest body mods I've ever done what else oh they think they were like there's got to be a problem with Linnell access we got to debug this sorry for your time sir and they let me keep walking around they didn't make anything they were so puzzled because we'd also stolen a radio so rob was listening and they were so puzzled as to what happened that they didn't check whenever I touched in the room there just kind of got me out of the room and they didn't see that I had plugged a bunch of home plugs and things so that's offensive look that's like a mean story but I how we doing on time we've got how are you how are you tracking you having a good time here so now all right so we have a lot of stories from the field and we don't have time for every story but I didn't I what I thought is a little adventurer that you can select for yourselves so here's how this goes right we can by show of hands decide which you know we can probably get two or maybe even three stories in here so this is a pretty good Roberts story the problem-solver I enjoy it say again has to do with radio traffic if we have any RF people in the room if you ever see my elevator hacking talks there's an elevator story I got for you there's one involving armed guards that was Babacan Robert at a medical bio lab the cable technicians has to do with pretty good service like social engineering servicing the doors there's got to be one of my hilarious stories I really hope a few people like that detailed dossier is kind of long but also has a lot of good lessons in it bite by show of hands let's talk like who would like to see story one the problem saw some hands how about say again the radio story was like no elevators all right so we got some longer elevators armed guards so that's almost equal they're about cable technicians that's almost a few servicing the doors there's a lot of hands and detailed dossier that's all right this is have you been watching the graphic alright we're going to with servicing some doors all right so story six keeping the doors in good order so big part of what we do is be his surveillance but like it's the non glory as part of the job but before we ever try to make entry we're spending a lot of time just in our counties crawl through fields but nice on target Robert is like he went to Sniper school I do does a ghillie suit legit so he can just army crawl through through dirt for hours just just scoping out targets now a lot of critical facilities this was a critical infrastructure facility this was I'm not gonna say it was water power and nuclear you know a proper target a lot of big facilities are constantly like building new stuff they're expanding there's work crews around so instantly we start getting eyes on those cats like alright there's these are contractors these are not and by getting up close and personal again like army crawling through like through the fields he had drew come within 50 yards of their vehicle checkpoint and at the vcp is listening to chatter he's learning which contractor names are checking in and we were to tell okay on-site staff on-site staff has neon and only silver these guys okay so like orange with a vertical stripe that's like whatever contractor they're putting up the high steel like horizontal stripe okay that's Sullivan they're doing the the door installs so we're getting all this intelligence just by figuring out which contractors are coming down and then he and he and drew kind of shuffle their way back at dusk they get out of the field okay we've got kind of a plan we're gonna go in as certain contractors and we're going to be doing construction work like the other guys are doing construction work so Rob and I get all decked out we've got every you know kind of high bids and PPE to beat the band because you want to match do you have full brim or do you have like regular front brim helmet you've got a max s top right you got to get your story together and you also don't drive in with the nice looking office worker like that's weird so how did Robin I get in well we went in the trunk Sophie's at the wheel Sophie is a Devastator as a social engineer and as a physical security person I mean she had all these different chain and dependencies for her stories she's either pretending she says she knew I could tailgate here or if that person turns to lot B I'm going to K turn and will spoil the car we'll get a new car we had all these stories planned but Rob and I are in this trunk and we just feel like a stop at the guard house we hear some chatter and then we feel like we're rolling again we're really going well we are we're past the gate like that worked okay cool option one worked great good job Sophie and she's like snickering up front like yeah yeah we're good we're inside the fence line so she parks she gets out she's gonna go tailgating into some other buildings Rob and I could extricate ourselves from the backseat through the you know through the back of the trunk and now we kind of slip out of this car now we're on premises looking like we've along there oh yeah where the contractors from the Sullivan weird time to service those doors right so we're walking around with like power tools and we just start taking doors apart we just started like taking apart the door sill is we want to try to under door this you know thing and as we're drill we're like grief and all these doors and thing about loud tools in the sock like our contact actually noticed this happening this was way into the job we had done a lot of light probing for a while but this was the day we were gonna really burn it down and our contact is looking he's like those guys he's trying to keep silent and after like 15 minutes of this he's like hey um can you pull up monitor seven what's what's going on is that the north side of the building and then click click something he's like yeah what's uh is this do we have Sullivan on building six are we working on doors today he's really trying to give his team a win here and then the sock crew was like there's so much work going on the way I think I saw something about that early I think I think we're doing doors okay steps back east exit he's like hey good I don't think they're catching anything can you go louder well on that kickoff you said you could do like destructive attacks can you do that are you authorized reach into the bag we took out a hammer drill we just started drilling locks but again we're in full height this is 2:00 in the afternoon it's shiny Norma's facility and people are just walking by and they're like oh yeah those contractors they're doing something like SC and I'm like I'm making a ton of noise and Rob is filming me trying to not laugh and we're doing is we're actually destroying the lock we just rang the lugs so we can pull it out and just use that traveler hook to flick the tailpiece we didn't even care we just left the door like there's no log in it we're really trying to be obvious here we set up a screamer alarm as we went in this this fire control room and eventually like I'm trying 200 or the next door and it finally just got some attention because we're setting off alarms and you know they're looking on camera go like that's like drill so like eventually and they set up a mobile unit mobile unit comes down he's like hey alright can you stand up please what are you doing I'm like you know what excuse me I'm like under door told he's like I need you guys to did you just come in through the back P roof we're like yeah that was loud he's like yeah that was an alarm like what what do you doing here and Rob was I was like alright were roasted Rob was ready to give him the authorizing letter and just because let's Hail Mary this last buzzer I look because I might end I'm not gonna lie to produce a letter to but instead of but what are you to any Emily just to see what he would say look is great it looks like you're trying to get in that door way to clearly work here because I can see you have badges X&Y he's like you ever were a radio just call for a remote unlock if you ever need that you don't have to go there all this trouble like oh yeah well you know we didn't know if that would trouble you know we're just we're just working on some tours today and we like do we've got to be now those guards must be running back to the sock right now to report this and he's like hang on we check he sticks his head in and it's just all quiet on the western I just took it one of the guard security carts I just took it started drivin like in Donuts around the walk and just trying to make people notice that like why is the guy with Anaheim is construction why is he in a security car driving around the buildings eventually had bikes on campus so I just took I just stole some bike that was an extra million like certainly jumping off her little plans that finally got the guards attention because they were Linda again Roberts listening to radios and I'm getting signal messages like feels like dude some mobile units are coming your way like okay finally they notice something's up but the thing is most court like what are we gonna do spear me with a truck I think they would just drive up like hey can you sir you please get off the bike sir do you below who's like I don't know bikes are hard I might fall off Mike's right buddies can go where cars can't so there was a lot of stuff kind of like disco I'm watching like pickup trucks link back up and come around and now there's so many mobile units try to find that they thought it was a mental case his body is disturbed we saw their buildings now he's on a bike like they were trying to like loop all these trucks are on the parking lots and like box me in but at this time everyone was eyes on the nut so guy and the rest of my team was destroying this place they were in every building they were never really wanted to be it was incredible the guards became so distracted by nuts person on a bike that they forgot their main mission is like hey maybe people are not authorized inside this building book and eventually it took a supervisor coming back like to be like hey what are you gonna do it in the Sun Inc we heard the call go out he's like white guy maybe a distraction do your effing jobs we come cancelling our tours challenge anyone who doesn't belong challenge on none player so that's what it took that's the level of escalation it took to make them and make them understand what was going on I think there we go back to stories so we had a couple remind me what our hands alright like are you sure you're hanging right now you're even here alright we'll tell a couple more so the elevator repair story so we had a client we were able to get in most the way into the building we started by attacking a rec center again you know you've got a big magnetic lock here there's your can of air you can literally see the sensor up top got in now you're in a building elevator Tech is a great cover story because it's someone who like kind of belongs there but is never usually there there may be around for your semi oh the elevator guys are doing something I don't know and if you've got your metal contractor clipboard right you've got your attack tools inside the hood whatever you need so like we're in this building now this was a subcontracted job we were brought in as physical experts because the main company they were trying to drop a little drop box get on the network and as we get in the building the guy I'm with he's like oh shoot I didn't bring the drop box I was letting it I was updating it it's at the hotel I was like you know come back to the hotel I'll stick around I'll stay in the building now that we got in I'll just let you back in he's like you'll stay in the building hello I was like well dude if you've never seen my elevator talks like I can put an elevator on independent mode which you'll take it out of the bank of operation I can just sit in this elevator with the door shut and I'm fine like I was like dude I'm just gonna like catch up on Twitter you're subcontracting me so it's on your dime I don't care but like take all the time you need so Rho goes back to the hotel and it was going very slowly I'm like messaging him I'm like hey I'm I'm in this elevator thank goodness I have slim jims or something inside of my metal contractor clipboard like are you is everything all right this is the hotel's 15 minutes away did you have man he's like no it's not going well he's like tell you later tell you we get the power again hour and a half in I'm like what is all right you got to tell me is everything do you actually have an emergency - something go really wrong I'm not hearing from these like freaking USB keyboards not working what he's like well I showed testing this damn thing last night test your tools so his USB keyboard wasn't where he was using on-screen keyboard to like set up these scripts attached the hotel TV I'm like oh that sounds terrible good thing I got Twitter hours go by and then I nearly had a heart attack because I thought I heard someone like pounding on the hoistway doors I'm like oh god they they know I'm in here cameras in here I finally got caught like go and calm down calm down it's like when you're camping everything sounds it out in the woods at night but it's probably like a squirrel like okay no wait wait it's it's like now it's after 5:00 for Christ's sake that's got to be the cleaners they must be like wind xing hand prints off noise white noise it was not the cleaners it was a guard but not for the reason you might think guide message and he's like I already got anything working I'll come back I'm like dude it's like 5:30 now there's no one in this building hopefully they won't notice us he pulls up he's like I can you come let me in because all the doors are definitely lock now okay so I elevator back to automatic and as I go out of the elevator like go to the vestibule I just happen to notice as the door shut my admittedly a WoW okay that's that's an interesting day I let him in now we're the only ones in the building except for some guards and sure enough within five minutes that guard comes around down the hall and he's like looks at us looks looks at me looks at my like Otis badge and everything the guard is like oh wow you guys got your fast service so let me try to do thing and I'm just doing elevator key things that you know make noises and buzzer ISM all right so it looks like she's running again let's check take it up to a few different floors what's uh let's run it all the way up to the fourth floor shall we which is where all the cool stuff was so the guard is with us in this elevator he's like yeah people were calling our desk all day we're like really glad it's working again that was we're gonna listen to that all week like no problem sir I'm pretty sure it's okay but you know what there could be some error logging data whenever you have interruptions like that and you don't wanna have like an entrapment right so if do you have like a room that might say server room or something and yeah there's probably going to be a box in there that controls the elevators well you've used to let us in there we can probably dump that error data and look at the audit logs and try to make sure you don't get jammed up he's like oh that fantastic here it's right over here as the guard lets us in we didn't have to under door it or anything and yeah so like my buddy he runs and he's plugging things in I'm telling the guard I'm like so the elevator control there's always a bright neon green server you know he's looking he's like I'm not seeing any neon green yeah well yeah it might not be a let's look down the other aisle are you okay over there buddy all right so I'm just walking around with this guard like oh you move you might have that you want a cloud-based service for this elevator so we might just we'll pull the ticket from ODIs elite care you know don't don't worry about it we got you man no no sweat and you know my buddy is like TV and told you in like six places so yeah because who wouldn't want to keep their elevators working right you want it like that's a critical piece of the building you don't want to have people bitching all today the elevators are down the guard was so relieved to see us that he was like oh God I will let you anywhere you need to be I will badge you in I will unlock doors because I don't want to keep having people buzzing my extension saying I can't get up to the fourth floor so yeah that was a complete win all because you know I've got I've got a little bonus badge and I've gotta get on my clipboard and my high-vis and like there you go solemn right alright let's go back to you just want to do our cards all right yeah all right we'll do our guards and then we can maybe end it on detailed dossier armed guards wasn't to me story but I know the details because it was Bob and Robert and it's a good story so even I mean not every story has to involve me even though this photo does so a lot of times your basic guards are not very well trained there are third-party contracts here you have a guard desk that was just unoccupied and I walked by it on a kick and I was like here take a picture of me sitting there and what am I'm just holding if you notice the binder I'm like all the building keys and key cards I'm like hey go go hit that other part of the building I'm just gonna sit here and see how long it takes to get caught he's like really I'm like yeah it's the end of the week give the guards a win and I just sat there spinning around in this chair for like 15 minutes they got bored because no I don't know where the guards were they were doing something else fun I just left I'm like okay down maybe hire one worker but this is you know your average card armed guards are a little more frosty armed guards go through more training we hit this question all the time like are you worried about jobs of our guards the answer is no guards they're never going to draw down on you unless you're doing something egregious unless you're threatening someone's physical harm so armed guards in general the problem is they're just sharper right they're just more crisp they're they've gone through more awareness training so we had this hardened target it was essentially I will what I'm revealing too much they did advanced biomedical research they were doing prototyping and biomedical device creation in their lab so we're looking at this facility and it's not near most of the things it's way on the edge of the city and across the street we're like okay there's like a Chinese restaurant across the street we looked at the most street view like okay we're gonna we're gonna sit there because we're not going to get inside the fence line we're gonna get employee credentials we need electronic credentials to get in this building it turns out it wasn't it was like a Chinese herbal shop and Robert says it looked like the place where you got the Mogwai in the we Kremlin's no employees were going across the street they was catering on-site and no one went there was rainy and Babacan and rather like wow this is a kind of bus to the job what are we gonna do because this facility the perimeters have gate access around all the backsides you had a tiny front parking lot there was one major entrance this was the only real entrance to the building that had any kind of glass everything else was just brick facade so we're looking at that yeah there's no way we're getting in without cut we do have to do this credential thing the other doors they are tight as a drum we have our card reader right we have our long range reader in a bag that we thought we were going to pop employees but the only people that you can interact with and that vestibule regards armed guards we're like all right what does a lot of people are going to know like are see what are they trying to do as a career they want to either come out of the military or they want to go into law enforcement like there's a good chance some of those trying to be cops Rob go in there cop it up and talk like you are on the job so sure enough we send Robert E and now at this point it's lately we've burned a couple of days just trying to like all these different things that didn't work it's nighttime places make it there's only this one door so Rob is driving up he's got a badge reader you know in the bag babak's with them but kind of crouched just down the back seat and babak's like I just parked part right here and I'll stand there promise like it's true it's like it's late at night well I got a park in front like no one would Park in the middle of nowhere he's like alright well as long as the heaters running I'm fine Roberts like he was here no one leaves a car running in the middle of the night know what he's like put my coat on so Babak said they're like two coats did not he's not happy about this at all but he's remote - he's remotely connected to the badge reader he's got a message Rob if he gets any credentials Rob walks in this building and like instantly attenuation for the credential drops out like what Babak is blind well I was getting no messages and Rob's just starts doing this dance this dance with the guard she's getting close to guards and he's if you've ever known anyone who's done any kind of firearms work like your strong side if someone approaches you you just blade off you blade back you keep your strong side back not because you think they're a sketchy person it's just ingrained in you as like it just happens so Rob really wanted to pull security footage from the lobby because there was 45 minutes of this of this length go to sleep go to the dance getting near people and not and like other people are turning back and this one guard he had really good rapport with was behind a desk so he put the target on he put his bag on the desk he's okay is this a good is this restaurant still open at this hour it's getting really late and then he was hoping the guard with like leaned over because the badge was right here nothing nothing happening and Rob's like I got this is just weird at this point so he's like alright so yeah take it easy man it's nice meeting you yeah you know if you want to go down the fletc I can put it over with the instructors there get you some new up hey hey I'm gonna come around comes around the desk and as east like saying goodbye this one Marty had good rapport with he just swung his badge reader around and just like surprised the second Club he's like all right take it out take these guys nice and the guards like kind of probably love these that was weird Robert leaves gets back in the car and babak's in the back seat and he's like is it Bob I think I'm thinking on batch Obama is like oh so they drove to like a gas station dumped out all the credential they're looking at the logs and babak's like you were in there over an hour you got one breed but who do you have now I was a guard and at this facility every employee had their own batch they had their own like if you popped a badge Linnell access was like what like here's your face here's everything except guards they have so much turnover on the guard force they only had like a dozen badges and every shift they would just hand off badges and it just said like special so that was the only kind of badge the badge that did everything had no picture associated with nothing and the next day he and Bob came in destroyed the place and what we even have hidden camera footage of Rob like badging into a room and a guard is like excuse me hey what's up what's up then he's like what kind of badge is that it's not coming up with my reader he's like oh yeah you can only think on your feet I lied quickly lying is like lying fast is a good life skill we match we're from the San Francisco office they expire at 11:59 tonight he's like ah yeah it's weird and never saw one of those okay who keeps on walking yeah they got through all the prototype labs it was they have really cool photos of them with all this million-dollar IP and all of this because got like a number of things cascaded as failures right the guards were pretty sharp but not sharp enough and more than that the guards were issued these common credentials for like credentials cost like money but not that much money like five six bucks per card you could have bought a few more multi-million dollar mega Corp but that was just the thing and we promised with this big payday we got from kid Nana like hey Bobby we're gonna buy you a little so we said we wanted to try one more right all right there we go what was it gonna be all right all right all right so detailed dossier we have a client that again more secure than most there wasn't just an office building it was a building set back kind of away from the city it was on the edge of a populated metropolitan area and they had a lot of high-value people coming in come I won't exactly think like judges and DA's and such but it wasn't the courthouse it was that that tear of like hey we want to know if people can track who our people are our job is mostly a surveillance job and they said all right we want to know what information you can get about the people in our building and how vulnerable they would be detailing to finding out where they live to finding out they're ours we said okay so Camilla is this anything electronic you want Oh since you want like what's on the hanging on the web no no no just on the ground but you're not authorized to enter the building you're really tying our freakin hands here so we can get up to the belly is like well you can try so they they have this hole in no parking zone you weren't allowed to idle a vehicle up front because again like super high-value targets right when we delivered this report a week later everyone's jaws at the table because we said okay it looks like these are all your key executives these are all your visiting foreign people this is the car serve you all these different cars with these license plates and it looks like you're probably using this car service and it just rotates and we're laying down like hours of operation when they come when they go who works next to who and everyone lost their mind and they said did you like you didn't do anything without getting pop our data center and they wouldn't know we just did this all from the field so long-range surveillance is a thing right like this is expensive this is about a forty five thousand dollar camera rig right but if you rent an air B&B that's overlooking a property and you get about you know this is about a quarter-mile half-mile out this is on a moonless night with like an image booster and stuff right if you get this is you can do amazing things with camera gear and this is during the night during the day we run the whole surveillance and camera training classes where we'll just teach people to get the most out of their gear we were able to start tracking their hours of operation we said okay we'll remember open field surveillance we absolutely could do that why because this backed up to open land so again you start putting people in the dirt we crawl through the fields getting closer getting closer getting closer and if you just put all those in counties man like there's there's a photo of a person right here take put knives on target with a telephoto lens let's zoom in even further like sniper at your feet right here can anyone actually spot the person you can barely see their hands let me help ya this is Drew this is Drew's camera this is drew in the field and if you're right on top of true imagine trying to spot drew from 50 hundred I mean don't feel like they couldn't see us either this I love this photo the dress is like someone's putting eyes on us guess one of theirs like maybe there's like a future solution with a eye but it's hard it's hard to spot people like if anybody hunts in this room like stalking and putting yourself in the field as a thing but then we got really up-close and personal we told we showed them all this that were like but ultimately what we did is we did some surveillance from you know maybe about 50 feet away from your front door I know that you can't like there's 50 feet away from your front door that's in the parking loop you can't be there how long were you there we're like we weren't definitely 15 minutes at a time couple times a day well if you keep you what well yeah we put GoPros in in these cameras in the car and we drove cars up and we just kind of watched people coming together that's true right there spent five hours no one paid attention to him that's Esther she actually got a few people to come up and say hi almost invariably by the way when we do this routine it's almost always women and it's almost always women of color who come up and say hey how are you are you okay how you doing and Esther is like hoping they don't notice the mother back of her pizza boxes she's writing down the license plates and times of day but you know absolutely this is this is real world stuff and this is the kind of thing that our team does and that is how that is how we operate and this is the world that I see when I walk through it and maybe you'll start seeing the world as I do in some of these ways there's a really wonderful artist who I love Amanda Palmer if anyone knows AFP and Palmer like she's she was in the been co-president Ahnold she's Neil Gaiman his wife whatever her she's in town I'll try to catch her and the last time I saw her she was talking about the darkness she's like this is the show that she has out right now is incredible one-woman show and she's like I'm really glad that you came with me to this dark place because the artists job is to bring you into the darkness and she says she's like I wanted to bring you into the darkness today or as she said the darkness isn't scary because it's dark it's scary because you're alone and if you get to the dark place with other people and you know you're not alone the darkness isn't as scary anymore and I love that when she said it I love referencing it when I talk to you because you're not really alone in the dark place is a lot of scary things in the world there are other people out there and we're on your side and we love doing this and we love sharing this kind of knowledge and I hope you enjoyed it the hope you stay safe if you wanna check out deviance locks and lockpicks please stick around afterwards if you want to be notified of future events over in the back check out the pop-up gallery and thank you again

Info

Channel: DeviantOllam

Views: 177,914

Rating: 4.9605937 out of 5

Keywords:

Id: S9BxH8N9dqc

Channel Id: undefined

Length: 84min 29sec (5069 seconds)

Published: Mon Feb 08 2021