What You Do and Don't Need in a Physical Security Consulting Toolkit

  Рет қаралды 109,135

DeviantOllam

DeviantOllam

Күн бұрын

Пікірлер: 273
@sendtosurge
@sendtosurge 2 жыл бұрын
You’re improving an industry obsessed with kit and the mystique of cloak and dagger. A dose of reality does a lot for everyone willing to hear it and let it shape their perspective. Thank you Dev.
@DeviantOllam
@DeviantOllam 2 жыл бұрын
Happy to do my part 👍
@trioptimum9027
@trioptimum9027 2 жыл бұрын
In my (non-corporate) opinion, borrowing your tools is actually *more* impressive for this kind of demo. "Oh, okay, the Sneakers guy has some kind of tool that will open our access-control box" is not really that big a shocker for an executive. The fact that it's a tool you can get anywhere is not very visible /when it came out of your toolkit./ "The Sneakers guy borrowed a screwdriver from our janitor/IT dude and opened all our shit" is really more of a shock. It's kind of the inverse of the "common keys" situation, really: executives probably know, if they think about it for a second, that tools exist *somewhere* and that it is possible for someone with particular skills to pick or decode locks. The fact that you can glance at the box and already have the right key is more of a shock, as is the fact that the building maintenance guy has had de facto access to the server room all along.
@MichaelTilton
@MichaelTilton 2 жыл бұрын
Asking for tools also has a benefit of looking "less scary". It is the "I'm with xyz to fix your copier" type attack. It seems "safe".
@phyphor
@phyphor 2 жыл бұрын
I love a dude who is secure in their knowledge, skillset, and professionalism, that they are happy to share because they'd rather upskill a community to benefit everyone than hoard what they've got in their brain to benefit only themselves. Nice work, as always!
@DeviantOllam
@DeviantOllam 2 жыл бұрын
Thank you! 😁👍
@bowlsallbroken
@bowlsallbroken 2 жыл бұрын
This was a helpful reminder to occasionally ask yourself, "am I presenting in a way that's appropriate to this social situation?" or more bluntly "am I being a fucking weirdo?", something us geardos need to keep in mind can sometimes be more important than "am I maximally prepared for every contingency right now?"
@keithduthie
@keithduthie 2 жыл бұрын
For many of us, "am I being a fucking weirdo" is a foregone conclusion. More importantly "do I _look_ like a fucking weirdo, and if so how do I hide it better?"
@frogz
@frogz 2 жыл бұрын
@@keithduthie this, exactly this and then i shrug and continue on being a weirdo because i am good at what i do and people pay me to do it
@bowlsallbroken
@bowlsallbroken 2 жыл бұрын
@@frogz If people are paying you that's a good indication that you're properly calibrated.
@MorningDusk7734
@MorningDusk7734 2 жыл бұрын
Those big stationary leather folders are at literally every college, emblazed with their logo. Go to your current or former school's store, pick one up, and keep it for regular use in a bag until the logo wears off. You come in with a shiny new leather case, that looks suspicious (if they're looking for it). You bring a worn leather paper keeper? That's just for taking notes and keeping your stuff organized, of course.
@fruitshuit
@fruitshuit 2 жыл бұрын
One other thought about the kit looking professional, I guess it hammers home that point that thieves aren't wearing domino masks and striped sweaters, the guy you need to worry about is probably carrying a black attache case and a plain accessory pouch!
@carpespasm
@carpespasm 2 жыл бұрын
Or just as likely, has a guest badge, an internal point of contact they've worked up, and is asking which way the IDF room is with a clipboard in hand.
@wobblysauce
@wobblysauce 2 жыл бұрын
Plain sight.
@A2ne
@A2ne Жыл бұрын
@@carpespasm or the friendly looking elevator technician
@springbloom5940
@springbloom5940 Жыл бұрын
I always use improvised tools, to disabuse people of their perceptions of security. Wafer locks with a paperclip is always a crowd pleaser.
@KylejvT
@KylejvT 2 жыл бұрын
When we do inspections I tend to carry a small roll of high vis tape. If I come across a issue I can place a small square down with a number written on it then mark that number down on the checklist. It helps later when they send somebody to look into the problems to locate the exact issue because most of the time the issues were things they couldn't see themselves.
@3nertia
@3nertia Жыл бұрын
Top tier advice; thank you!
@x9x9x9x9x9
@x9x9x9x9x9 2 жыл бұрын
The fact the man is telling you "do not buy these tools from us" in this video just shows you the type of guy Dev is. Been watching him for years ever since I feel down the lockpicking rabbithole thanks to bosnianbill like 10 years ago and then getting one of his talk videos in my side bar like 8 years ago and I got a grasp as to the type of guy he was but this just solidifies it. The guy is genuine and just wants to help and isn't in this for greedy reasons.
@carolinafrog4365
@carolinafrog4365 2 жыл бұрын
not only a light in the dark, but a lighthouse to guide and improve the community, Thank you Dev!!!
@DeviantOllam
@DeviantOllam 2 жыл бұрын
My pleasure!
@Veptis
@Veptis 2 жыл бұрын
The 'you want to try it' approach seems to be the most honest approach I would like to see with more interactions. I am teaching a coding class at university and often I tell people to not just 'try it' and instead ask them predict what will happen. It's the opposite of 'hands on' but more 'heads on' I suppose.
@tiggalong227
@tiggalong227 2 жыл бұрын
So an odd thing I found working in utilities was that graph paper was better for explaining stuff with drawings than ordinary lined paper as it made it easier to scale and position thing relative to each other and is still easy to write neatly on.
@trioptimum9027
@trioptimum9027 2 жыл бұрын
Plus you look like a REEL ENJINEER when you do it, even if you're just handing over a list of, dunno, possible services or something.
@rveader
@rveader 2 жыл бұрын
If you must be fancy, you can also go for dot grid.
@pflasterstrips7254
@pflasterstrips7254 Жыл бұрын
graph paper is also nice as cheap evidence ruler, you have a grid and could adujust for any distortions of your lens to get a to scale image of things
@H3110NU
@H3110NU 2 жыл бұрын
This has only ever been a hobby in my life. If I ever have to change my profession and leave the acronym factory, security consulting is definitely on the short list of industries I’d pivot towards.
@xemon2165
@xemon2165 2 жыл бұрын
Your "sleek looking" mindset is what I have come to myself ... With exec you don't want to look too out of place or they don't listen to you ... I feel like the lishy are a bit extreme, and I took the tubing out of my set. But the evidence ruler is a great idea, I'll need to add it mo my bag 👍 For storage, I love hdd case, they are hard sided, usually have a strap on one side and a mesh on the other. Thanks for sharing with us, X
@RubberBanned
@RubberBanned 2 жыл бұрын
Having quick shows for PoC is one of the best ways to display potential impact. Getting managers to move dollars into the avenue of improvement almost always need physical proof. Good stuff.
@tissuepaper9962
@tissuepaper9962 2 жыл бұрын
Your parody of the Big Rock Candy Mountain that is "EDC" was hilarious, especially "have you tried blue apron?".
@MysticWanderer
@MysticWanderer 2 жыл бұрын
In a retail environment I have seen people come in with precut pieces of aluminum foil for wrapping small items so they don’t set off the sensor at the door. But I have also seen then just pick up a roll off the shelf and tear off whatever they need to accomplish the goal. The point is sometimes you know what you will find on-site.
@jsax01001010
@jsax01001010 Жыл бұрын
The worst part of trying to secure product in a hardware store is that all the tools you'd ever need to bypass security devices or break product out of locked cages are just sitting on the shelf. There is a rack of bolt cutters in view of the padlocked cages that hold the expensive battery power tools. There is an product you can grab off the shelf that will deactivate the security devices they use on the product. The real protection isn't all that physical stuff. It's the hundreds of hd cameras watching the entire store, and the fact that if you have any sort of criminal history, the police will easily identify you and come knocking at your door.
@jsax01001010
@jsax01001010 Жыл бұрын
All that aside, what would scare me the most if I were trying to rob a store is that, while you can get a pretty good idea of what each retailer trains their employees to do during a theft, you never know how random customers might respond. Once, after two thieves ran out the door with cart loads of product, a customer that witnessed it pulled out a gun, chased them down, and held them at gun point till the police arrived. I've also seen a thief have the misfortune of trying to run out right as a pair of off duty cops were walking in to do some shopping. That thief hit the ground hard.
@MysticWanderer
@MysticWanderer Жыл бұрын
@@jsax01001010 Your replies show that you are thankfully in the larger group of people not really trying to learn how to steal effectively. You have noted some obvious things but are not aware of the errors. It is good that most people are in this same camp with you and I'll explain why. First: locks keep honest people honest. ie those that don't know fully how to bypass them or feel that somehow doing so makes it more wrong. Second: those that can be easily deterred allow those that need to catch the thieves to focus on those that are more determined. Also as an aside, NEVER be that person that chases down a retail thief with a gun or you might find yourself taking the trip with them to jail. A lot of legal ramifications in doing what seems obvious to some but is actually a very sticky legal situation. Ignore this advise at serious chance of peril for multiple reasons that this post is already too long to explain all of.
@FrankStajanoExplains
@FrankStajanoExplains 2 жыл бұрын
This is really a top class video Dev---my hat off to you and thanks. Your competence and ability as a penetration tester is unmatched but this is about the rather orthogonal skill set of making the lightbulb go on in the head of the non-technical CEO. Not many people have both skills. Those who do are unbeatable. You have just shown you are a master at both. Brilliant stuff.
@DeviantOllam
@DeviantOllam 2 жыл бұрын
That's so very kind of you to say,... thank you!
@FrankStajanoExplains
@FrankStajanoExplains 2 жыл бұрын
@@DeviantOllam Well deserved! I wish I had an associate with your talents at Cambridge Cyber.
@thek3317
@thek3317 2 жыл бұрын
24:00 Jackhammer and Angle Grinder, after making my way from the reception to the backroom while making my own doors I never got invited back
@Christian-cz9bu
@Christian-cz9bu 2 жыл бұрын
I did guess the under-door tool was what missing. Interestingly, I had got one of those in an multi-tool entry kit when I was working at a auto-repair, ('93ish) where we were regularly locking 15+ cars a night. Inevitably keys would get locked in, and that was my go-to for GM cars without window frames, easy reach-in and pull the slider lock. Didn't know till your vid with LPL what they were designed for.
@DeviantOllam
@DeviantOllam 2 жыл бұрын
Yeah a number of auto kits have long tools like that, sometimes useful for grabbing interior door handles through a small crack
@artemmuchnik1956
@artemmuchnik1956 2 жыл бұрын
@@DeviantOllam when I was young my go to for getting through doors was funny similar to that. Tie floss to a sheet of paper and thread it through the top of the door frame catch underneath and tie on a cable with a loop and put it over the door handle using a mirror and boom.
@1121494
@1121494 Жыл бұрын
Wait, DO has a collab video with LPL? How did I miss it? Link?
@Matlock69
@Matlock69 Жыл бұрын
The “Blue Apron” not ad was amazing!!
@canoepick1140
@canoepick1140 2 жыл бұрын
That kit is clean! I carry a backpack most places without a second look so I got a bit more but you’ve inspired me to cut it even further!
@yoursafeplace8476
@yoursafeplace8476 2 жыл бұрын
The biggest takeaway I can tell you about this video is while I'm a beginner novice locksmith. I worked in or around corporate too much for my own liking. *Appearance. Always. Matters.* like he said carrying that molly kit will have you look like a jerk, especially if you're a civilian who never served in the military. You can find sleek and good looking bags that are black or leather and look professional/executive style, just go with those, get yourself even a cheap suit though I can recommend you skip the suit jacket and just go with pants, shirt, and vest. if you're going to be moving around a lot. Don't use curses like commas, appear professional, and maintain that even if it's a fake character you made up to play as a role for the executives it'll get you further than just showing up as johnny jerkoff the metalhead lock destroyer. If you want to do cool stuff like casting a key, gauge the audience you're working with, maybe the CEO would want to see you do that on the last day of your walk through or something as a bit of theatre but it shouldn't be standard carry stuff.
@JakHart
@JakHart 2 жыл бұрын
You are absolutely right, there definitely needs to be more videos like this across-the-board. It makes me think about the knife bag I usually bring into work, I'm a cook. I've got it down to a small selection of tools that work well in almost every kitchen I've brought it to. I've seen guys that bring in huge knife rolls, with a ton of specialized tools, to only ever use one knife from it.
@curtishoffmann6956
@curtishoffmann6956 2 жыл бұрын
Me: "I'm red team! I'm red team!" Coworker: "Dude, you clean toilets 8 hours a day." Me: "Yes, but I have an evidence ruler, too!"
@chasler1741
@chasler1741 2 жыл бұрын
I have a solid argument against not having magnification. Small magnifier with moderate power is a god send with people who need reading glasses. You can score a lot of brownie points with them by making it seem totally normal to use a magnifier to see the smaller stuff.
@KateGrayCode
@KateGrayCode Жыл бұрын
Just did a demo to suits at the building we are in, showing what’s wrong and how to fix it. Only needed two things in terms of tools: traveler hook and j-tool. The rest was demoing remediation and how access control works when done right.
@derekbroestler7687
@derekbroestler7687 2 жыл бұрын
AWESOME video.... I had to learn this the hard way when I first started doing consult jobs as a locksmith. You HAVE to know your audience. They're probably brilliant at what they do, but they don't know enough about THIS to even appreciate the high speed stuff. Keep it simple... It doesn't matter if its a residential, commercial, industrial job, you're NOT looking to show off YOUR skills. Zip raking their Kwikset residential lock in 3 seconds won't impress a homeowner because according to movies that's how long ALL locks take to pick for a very skilled person.... BUT if you can show them something that EVEN THEY can do, you make that sale... This goes double for business owners and corporate folks. Like I mentioned in one of the Q&A videos, one of my favorite stories is the time I got a job (and sold a LOAD of latch protectors) because I slipped their latch with the earpiece of my glasses during the walk through. I sold them a lot of other hardware as well, but the minute I saw them respond to THAT I knew the job was mine and that gave me a bit more wiggle room in my other recommendations. This kiss of death on a consult is "Well, but you're a professional, the average person can't do that" (You CAN recover from that, but it's gonna be a LOT harder) Inversely, if they call someone else (be it another manager in a business setting, or, their partner, spouse, roommate, etc in a residential setting) the job is pretty much yours.
@risingSisyphus
@risingSisyphus 2 жыл бұрын
Fucking love the snarky dig on the blue apron sponsorshup lol
@IanBPPK
@IanBPPK 2 жыл бұрын
Love your insights! You mentioned a time ago about maybe rehashing Packing the Friendly Skies with new laws and experiences and was curious if that was still in the works.
@DeviantOllam
@DeviantOllam 2 жыл бұрын
It's not a bad idea, honestly. I'll add it to the list. =)
@IanBPPK
@IanBPPK 2 жыл бұрын
@@DeviantOllam many thanks. I remember sending you links to TSA's semi-official "what's allowed on board" KB for a couple of items back when you initially floated the idea. Iirc unloaded flare pistols are no longer friendly :(
@Aragorn450
@Aragorn450 2 жыл бұрын
@@DeviantOllam lol, not that you have much else going on, right? 😉
@ivveG
@ivveG Жыл бұрын
Ollam is the man, he shares his knowledge with generosity and clarity. Thank you!
@JakeCraner
@JakeCraner 2 жыл бұрын
Awesome content as always. This is nearly 1:1 with a kit I just put together. Can you put together a magnetic pole/magnet set on redteamtools along with a "how-to" video? I want to add this to my kit. Another idea - I added a flipper zero to replace low level proxmark/hackrf attacks. Would love to see what Babak could come up with regarding the flipper zero.
@DeviantOllam
@DeviantOllam 2 жыл бұрын
Babak has one! We were one of the early backers. It's a cool device
@hhhsp951
@hhhsp951 Ай бұрын
Even the mundane parts of your job sound fulfillingly fun.
@andrews4321
@andrews4321 2 жыл бұрын
I love the idea of a discrete kit full of tools that can be acquired easily and used with minimal instruction to prove how unsecure something or somewhere is. Even better when you can do it without leaving a trace.
@nigozeroichi2501
@nigozeroichi2501 2 жыл бұрын
I wish I could've discovered your line of work years ago, watching your videos I find this stuff fascinating, I dabble in lock sport because I like puzzles, and what better puzzle than things that are designed to keep you out.👍
@TheSlugslinger
@TheSlugslinger 2 жыл бұрын
we had one security Consultant at the place i work in sweden and he did 60% of the work with a USB stick with videos of the most common faults company's make from his pov, and then when he walked past doors, windows and locks later in the day he would point them out and the once in charge could now see the problem for themselves and it was way easier to convince them to fix it since in the past their mentality was "noting bad has happened so for so nothing will in the future so why worry".
@spyderf16
@spyderf16 2 жыл бұрын
Thankfully that mentality is starting to change with insurance companies getting pretty tight fisted when it comes to tying new policies or payouts to passing audits. I'm more on the IT side of the world and it went from being easy to get a cyber insurance policy that practically always paid out claims when an incident happened to insurance companies either outright refusing to start a policy or denying payouts if you didn't demonstrate that you met their standards, especially if that was an entry point for the attacker. I've seen plenty of clients that were absolute misers on security change their tune real fast when the insurance company demands they up their standards to get coverage.
@Softbauch
@Softbauch 2 жыл бұрын
Always love your content, especially the relaxed pase of your videos. The time will come when I get drawn!
@bastelwastel8551
@bastelwastel8551 2 жыл бұрын
I think those advices of what you don't need and the why is very true not only for your profession. Keeping things low key, professinal and on point is always a good tip
@philthejet
@philthejet 2 жыл бұрын
Great content, what you actually do need is little stickers left behind after a job with "Dev was here" written on them. I will gladly make them for you. 🤣
@liam7342
@liam7342 2 жыл бұрын
I work in a hospital in the UK and the day I walked in I realised that they have spent a lot of money buying electric code lock for most storage rooms. But that the strike plates are all wrong so you can shim any of the dead latch locks and some of the rooms have things like horribly expensive portable medical kit.
@LockPickNic
@LockPickNic 2 жыл бұрын
I would love to do strictly physical security consulting. I did a tiny bit when I was a mobile locksmith, but I'm institutionalized now.
@BobWidlefish
@BobWidlefish 2 жыл бұрын
They sent you to prison for “security consulting”?
@jordangabrielle9261
@jordangabrielle9261 2 жыл бұрын
I'd love to as well but I don't know where to start even
@thisaccountisntreal107
@thisaccountisntreal107 2 жыл бұрын
@@BobWidlefish pen test from the way out !
@DeviantOllam
@DeviantOllam 2 жыл бұрын
That's like you're quoting Shawshank
@camronbay1
@camronbay1 2 жыл бұрын
I like a minimalist approach on the gear I carry in a urban environment plastic shim,picks,shove tool,variation pry bars that can fit in a pocket,flashlight.
@DanTheRVMan
@DanTheRVMan 2 жыл бұрын
Dude you mentioned that you give talks at West point as like a side note. That's freaking awesome!!!!
@BurningMonkey
@BurningMonkey 2 жыл бұрын
I love this video The idea of stuff that you really don't need is something that should be address more often
@k80theshade
@k80theshade 2 жыл бұрын
I think this is my favorite video of yours not on a stage. And I mean in ever. Good show!
@N0B0DY_SP3C14L
@N0B0DY_SP3C14L 2 жыл бұрын
As usual, solid advice on so many levels. Most importantly, solid advice about headspace, and creating convenience just follows naturally.
@jbwwins
@jbwwins 2 жыл бұрын
“If you can do more with less it looks better” good advice across the board
@bryantsmyth6510
@bryantsmyth6510 2 жыл бұрын
One ofy very favorite possetoins is a six inch 32nds and mm ruler with metric and imperial conversions to decimals on the back, down to 64ths
@Gracelyn637
@Gracelyn637 Жыл бұрын
Thank you so much for all the no nonsense info and for making it understandable, So many people make things way harder than they need to be so I can’t express enough gratitude to you and all the tidbits you share,sometimes it’s the most boring mundane things I use the most
@MichaelMaynard
@MichaelMaynard 2 жыл бұрын
That was a really great, no nonsense video. Thanks for the work and thought that went into that.
@DonzLockz
@DonzLockz 2 жыл бұрын
Hey Michael, long time no see. Hope you are well, good to see you are still around into security. Take care. :)
@krew11uvtoo23
@krew11uvtoo23 8 ай бұрын
Love this. I like to go minimalist. I don't even want a bag. On my keychain I have to bumps, shims, etc. I also have covert items like an NFC reader/writer hidden in a FOB, a pen that's a video recorder for later review like missed cameras or even a pin or password typed as I walk or stand by. A rooted phone with pen apps and Kali. A baseball cap with hidden compartments for other items. I never understood the whole backpack thing.
@LK-dz6pb
@LK-dz6pb Жыл бұрын
@DeviantOllam, regarding the underdoor tool made portable - 15:40, just thinking out loud - wouldn't a design similar to a tent's pole, or a telescopic tube (like a portable blackboard pointer or old-school FM radio antenna) with jointed connection between parts? This way, a long enough flexible pole could be easily flattened to a about a size of your organizer, or at least regular handbags...
@lelanddyke8386
@lelanddyke8386 Жыл бұрын
I don't even care about pen testing, this guy is just real as fuck
@Fightosaurus
@Fightosaurus 2 жыл бұрын
Just giving the wisdom away for free. You are the MAN, sir.
@RocRizzo
@RocRizzo 2 жыл бұрын
You really need your brain. Les Ismore is a longtime friend. He’s very handy, and uses very little, whatever the job. Thanks for the tips. They are, as always, quite useful.
@RickEmc2
@RickEmc2 2 жыл бұрын
Thanks for all these golden tid bits Mr Ollam
@DonzLockz
@DonzLockz 2 жыл бұрын
Great to see what you use. I was in Electronic Security and no one used methods against reed switches in all the years i was working. The high security places would have the biased SM3 large surface mount reed switches, designed to prevent magnet attacks, so much better than basic flush 20mm to 25mm door jamb Reed switches. I'd be curious to know if you have tried to bypass them.🤔👍 Edit: They were dear as poison. I think I paid AU$308 each back in 2006! We literally installed hundreds of them. 😮😮😮💰💰💰
@DeviantOllam
@DeviantOllam 2 жыл бұрын
Oh those surface mount ones are often balanced contacts, yeah. Specifically designed to make tampering a big challenge.
@MichaelMaynard
@MichaelMaynard 2 жыл бұрын
Good to see you bro.
@carpespasm
@carpespasm 2 жыл бұрын
Sounds like they're the answer to the other side of the equation when the folks in suits ask you "so what do we do to fix this vulnerability?" Risk assessment is a spectrum from "IDGAF, a lock in a cheapo keybox is enough" to "SHTU DOON EVERYTHING" If the client is taken aback at a magnet bypassing a reed switch you already have a number in your head for how much it'll be to provide a solution.
@libertarian1637
@libertarian1637 2 жыл бұрын
I carry a Leatherman tool with me, along with that I have a small flashlight, small space pen, and a flat Leatherman bit holder with Philips, flat, tors, and Allen bits in common sizes; these all stay in a small maybe 2”x4” case on my belt as such I don’t travel with screwdriver bits or a universal bit holder. I like the minimum approach and agree with the bypass over other tools; in law enforcement bypass is by far the go-to and in doing security consulting nothing seems to have as much impact as a small simple tool overcoming what people think are secure.
@Duladian
@Duladian 2 жыл бұрын
1:45 pets tail can be seen on the bottom right
@DarylBullard
@DarylBullard 2 жыл бұрын
Hi Deviant! The extended straw is probably the only thing I wouldn't keep in the case, because you aren't carrying the canned air to use it with. Seems like something to keep in the field bag. Great information as always!
@kofro39
@kofro39 2 жыл бұрын
Not to put words into anyone's mouth here. but after watching this video i feel like i might be able to clarify something that i felt was danced around but never outright said. i believe what dev was going for in explaining the less is more approach is the impact you will have on the clients. prepare for the conversation that takes place after you leave. suits never want to admit they were wrong or unprepared about anything, if you show up tricked out in a bunch of fancy gear, the first thing that will be said when you leave is "well we are not expecting to be attacked by someone with thousands of dollars in special gear and years of training like that guy." But if you show up looking underplayed, professional, and let the work speak for you, the conversation after will be much more like " this guy just walked through here and got into every door we have with a pencil case full of crap from homedepot and a dumpster, nothing is safe, hire this guy to save us and our data!".
@dpunlasmith
@dpunlasmith 2 жыл бұрын
Whenever I do a physical pen testing consultation I start with explosive destructive entry. It’s just a lot more exciting that way.
@carpespasm
@carpespasm 2 жыл бұрын
Shock and awe. Sure to make an impression.
@Ariccio123
@Ariccio123 2 жыл бұрын
My dad has given presentations at west point and brought me along. I'll say, not only is it a good example of physical security (being a fort and all), but it's a fucking amazing place to visit!!
@DeviantOllam
@DeviantOllam 2 жыл бұрын
yeah, getting to tour the Post with some of the Cadets and faculty has been amazing over the years
@Null--
@Null-- 2 жыл бұрын
Use a yellow highlighter to mark keypads with yellow ink. Its completely invisible on metal keys and shows up under UV.
@drumset09
@drumset09 2 жыл бұрын
"Do more with less" wise words from a wise man.
@sciguy98
@sciguy98 2 жыл бұрын
That evidence ruler looks just like the ones we got at the Forensic locksmithing class at ALOA, lol. I have exactly the same one.
@shadow.banned
@shadow.banned 2 жыл бұрын
That compressed air trick was cool.
@timkarvelis3523
@timkarvelis3523 Жыл бұрын
If you are ever thinking of adding some more to this get a sog power pint it has a 1/4 inch bit tool while being a midsize multi tool
@stevenemery4038
@stevenemery4038 2 жыл бұрын
What are your tips for someone that is getting out of an LEO/Military field and might be interested in moving into something more in line with covert entry and pen testing? Love your work and keep up influencing the newer generations.
@Teabagz4fun
@Teabagz4fun 2 жыл бұрын
Dunno if it's been mentioned in the comments, but that extend-o straw, could that also be used in place of weed-whacker line for slipping latches with plate covers?
@shadow.banned
@shadow.banned 2 жыл бұрын
Nice rug backdrop.
@SEKCobra
@SEKCobra 2 жыл бұрын
"Wait. I can do that?" is the best salespitch.
@lukecowlishaw
@lukecowlishaw 2 жыл бұрын
Would love to see how a walk through, and executive meeting goes, and any stories around that
@camronbay1
@camronbay1 2 жыл бұрын
Excellent video.
@BrooksMoses
@BrooksMoses 2 жыл бұрын
I figure one point about not carrying the giant selection of elevator keys and whatnot -- that "Hey, you know that's a common key, here I've got one right here" story sells a whole lot better if you are pulling out a set of five or ten keys rather than a set of fifty.
@lenbones7940
@lenbones7940 Жыл бұрын
im a commercial master carpenter and i can say that lishi keys work and ive used them to make keys for building owners who have "back doors" that they've never owned keys for....ive installed and changed commercial door hardware in everything from regular retail stores to high security labs and hospitals and colleges and i can count on one hand the amount of doors ive encountered that those 4 lishis cant open and key throw a average key box key a decent jiggler and a few combs and you have what will allow u to enter 99.9% of building's atleast in my experience of almost 20yrs in Ohio.. btw the few doors i was talking about were always antique type locks on churches or colleges that are like early 1900s... the doors on these building's are installed by dudes like me and im atleast competent most aren't.. you talking about high school drop out felons who do this cuz the place was the only one that would hire them... i almost feel bad for people who rent offices or places to open a boutique store or what not.. it would prolly blow there mind if they knew a security camera thats well placed and able to hopefully get enough info (plates and faces) is basically the best they can do... and even then if they dont recognize who came in its almost a waste of time getting the cops to come and giving them the footage... id say its a coin flip if itll even get watched let alone investigated..
@Mesatchornug
@Mesatchornug 2 жыл бұрын
I recently saw a clip of a plastic film attack on a door handle. Like an under-door tool, but more portable. I wish I could find it now, because that seems like a compromise to carrying the full UDT.
@Trickyni
@Trickyni 2 жыл бұрын
How does your kit change for European jobs? Further- do you change your approach/attitude for European jobs? Loved the video, your tool breakdowns are always incredible ^^
@carpespasm
@carpespasm 2 жыл бұрын
More broadly, what would be some changes and concerns for physical pen testing that change based on building norms and code in different regions of the world? For example, I know in the US that the ADA requires lever handle doors be able to open from a pull up or a pull down, which is apparently just not so in many other parts of the world. Chinese domestic market locks often use eurolock barrels and have an entire wild world of keyways all their own. I'd really like to hear from some physical pen testers that live and work in different regions to see what they commonly come across.
@miguelangelsimonfernandez5498
@miguelangelsimonfernandez5498 2 жыл бұрын
what a nice video! thanks a lot
@bunyipdan
@bunyipdan 2 жыл бұрын
Admin items ...... I thought you would use a covered clipboard (rather than an open one - seems rather exposed), a security id card fob necklace, 4 in 1 pen (all in one multi coloured pen with pencil for notes), thumb drive, otherwise other useful items might include.....carry a small amount of flattened duct tape wrapped around a card, and only because tubular locks are quite prevalent in my area, I might also consider either a tubular lock pick or at least a goat tension tool, maybe carry some replacement door hinge security screws for clients to reference an easy fix to pulling hinges.
@lucianolucas9885
@lucianolucas9885 Жыл бұрын
love your videos
@DarthNinjaCode
@DarthNinjaCode 2 жыл бұрын
*takes all the notes* always good to learn from you
@DeviantOllam
@DeviantOllam 2 жыл бұрын
I am happy to share!
@CtrlAltDft
@CtrlAltDft Жыл бұрын
you're a bro in the right way, thanks for the information
@yeetyboii
@yeetyboii 2 жыл бұрын
Wanted to see how easy it is to find bitting charts for common german keys (as it happens I live there) and it turns out its much much harder to the point, that i havent found any yet. Im gonma admit my research wasnt that deep, but its not like putting "key bitting chart" into google and boom you have a ton of pictures and a few websites for finding those. Your talks have piqued my interest very much and I for sure will look into the whole topic a bit more, as pen testing and lock picking seems like a fun hobby to pick. Cheers to your great videos and have a great day!
@seanrutter3470
@seanrutter3470 2 жыл бұрын
I locksmithed for a cpl years in days past and have dabbled forever since. It fascinates me how many people don't realize, and don't even check on common keys with codes on them. I work maintenance these days for a franchisee of a MAJOR quick service restaurant. There were no extra keys for a high pressure water access and a toilet paper dispenser (of all things.) A MINIMUM of online research and a bit of my own $ and I have the keys I need now.
@richardthomas7756
@richardthomas7756 Ай бұрын
Deviant. It is a pleasure to be able to watch your videos. I find them highly educational and informative. Could you please tell me something- where did you purchase your handheld magnetic field sensor from? I have been trying to get hold of one for a long time. Thank you
@robmobz
@robmobz 2 жыл бұрын
The thing I would consider missing from that kit is a Gen 2 Magic MiFare Classic card. I don't know about in the US but here in the UK you can probably open around 1/3 offices with just that and 10 seconds with access to a badge with your phone.
@McSnarf
@McSnarf 2 жыл бұрын
Umm. Might be an Euro thing, but if you want to avoid physical damage, carry some PZ (Pozidriv) bits. Size 2, like Philipps, but also maybe a size 1. It DOES make a difference.
@carpespasm
@carpespasm 2 жыл бұрын
There's not much pozidriv in the US, pretty much all phillips. Using a phillips on a pozidriv or verse visa really does suck. I only know because the only pozidriv screws i've ever found in the wild came from Lidl as "particleboard screws". Same goes for working on motorcycles when you think it's a PH2 but it's a Japanese Industrial Standard 2 screw head. They're not pointy on the end.
@McSnarf
@McSnarf 2 жыл бұрын
@@carpespasm that's funny - because we use Philips mostly in stuff like particleboard construction, because the but head will cam out of the screw head when a certain torque is reached. There is a number of these cross pattern screw types - you will find JIS on a lot of electronics, to name just one, but PZ is probably the most common head here.
@PrivateUsername
@PrivateUsername 2 жыл бұрын
Have the rescue Jim laser-etched with the evidence ruler markings, and use a pull-off-able plastidip handle. The paracord looks tacticool, TBH.
@jamcdonald120
@jamcdonald120 6 ай бұрын
17:40 tubular pick? I thought everything around America uses tubular picks... or do those just fall under the master key thing.
@Epinardscaramel
@Epinardscaramel 2 жыл бұрын
Those bags seem pretty nice as well
@LuminousWatcher
@LuminousWatcher 2 жыл бұрын
I guess the impact is bigger with a piece of plastic foil as opposed to a bespoke tool.
@plasmaburndeath
@plasmaburndeath 2 жыл бұрын
So my idea for you is to try and get this to an (accessory worn jewelry size kit), necklace/stopwatch, few basic looking rings, wrist-watch, maybe fake-cell phone case, and maybe even fake glasses (that have a few of the tools in arms for example) all to be even more covert.
@Greg-jy6ke
@Greg-jy6ke 2 жыл бұрын
Hey the keybar titanium hook insert is absolutely replacing all my traveler hooks, fits in my wallet and no longer do I get stabbed. It fits on thinner gap doors too
@flibodoor123
@flibodoor123 2 жыл бұрын
I was taken away by your openness with regards to industry education from WWHF and other such event panels on YT, thank you for demystifying these methods and tools.
@TarahWheeler
@TarahWheeler 2 жыл бұрын
I love it!
@DeviantOllam
@DeviantOllam 2 жыл бұрын
💚
@phyphor
@phyphor 2 жыл бұрын
A completely unbiased view from once security expert to another 😋
@ptrckstllr
@ptrckstllr Жыл бұрын
I dont know how I'm just now seeing this video. Anyway, I'm trying to imagine actually using the tools as they're carried like that and it seems super awkward in my head. Unzip black case, take out blue case, set black case on floor, unzip blue case, take out tool, set blue case on floor, demonstrate use of tool, reverse order to put tool away and continue walkthrough. Or tuck cases under arm and try not to drop them while demonstrating tool 😂 Is that basically how it goes and it's just not as awkward as I'm making it sound or is there another way that I'm completely overlooking? I totally agree with the tacticool pouches looking out of place and unprofessional especially if worn in an actual chest rig configuration but there are less tacticool chest packs on the market and I feel like the hands-free capability would be more comfortable than the situation I'm visualizing. You're the pro; you know me, just a long time hobbyist follower over here. Hope to catch up at another con again sometime soon!
@kevenquinlan
@kevenquinlan Жыл бұрын
Ahh, I mentioned in a comment about UV powder like 4 years ago as I hadn't seen you or anyone mention using it for keypads. A slightly better technique and less conspicuous is to put duct tape over the pad, then remove it. You can use a less adhesive tape too. Then you can just use fingerprint powder and you will be able to see which buttons are getting pushed. Plus, you won't have UV shit anywhere on the pad/ and, since the U has tons of labs, a technician inadvertently seeing your UV on his fingers, gloves when he's looking at shit under light or through a microscope. Of course, that's not applicable to most situations.
@SkunkCity_RC
@SkunkCity_RC 2 жыл бұрын
Thanks for the kit ideas
@DeviantOllam
@DeviantOllam 2 жыл бұрын
Any time!
@imark7777777
@imark7777777 2 жыл бұрын
I would love to say that you should have a MasterLock bypass tool. you know a master lock #3 that can open itself. Or the other much beefier lock.
@xseph
@xseph 2 жыл бұрын
Good talk. Thanks!
Deviant's Travel Bag Breakdown
32:29
DeviantOllam
Рет қаралды 55 М.
The ULTIMATE Physical Penetration Test (from Better Call Saul)
8:00
coco在求救? #小丑 #天使 #shorts
00:29
好人小丑
Рет қаралды 120 МЛН
Support each other🤝
00:31
ISSEI / いっせい
Рет қаралды 81 МЛН
REAL or FAKE? #beatbox #tiktok
01:03
BeatboxJCOP
Рет қаралды 18 МЛН
BAYGUYSTAN | 1 СЕРИЯ | bayGUYS
36:55
bayGUYS
Рет қаралды 1,9 МЛН
How to Bypass RFID Badge Readers (w/ Deviant Ollam and Babak Javadi)
16:45
The Modern Rogue
Рет қаралды 1,1 МЛН
[1570] My Viewer Broke The Law… Please Don’t.
3:03
LockPickingLawyer
Рет қаралды 7 МЛН
Why VPNs are a WASTE of Your Money (usually…)
14:40
Cyberspatial
Рет қаралды 1,5 МЛН
A Peek Inside the Pelicans  (a.k.a. "Deviant's Pelican Brief")  😉
54:43
Liberty Safe Backdoor Breakdown
32:18
DeviantOllam
Рет қаралды 64 М.
Why Does My Credit Card Have a Hole in It?
9:53
DeviantOllam
Рет қаралды 194 М.
Non Destructive Entry for Firefighters, Police Officers & EMS  by Deviant Ollam
1:54:22
Fort Washington Fire Company No.1 Station 88
Рет қаралды 424 М.
My "Handle Most Things" Tool Bag
12:27
DeviantOllam
Рет қаралды 446 М.
Penetration tester Jayson E. Street helps banks by hacking them
5:38
Tomorrow Unlocked
Рет қаралды 2,1 МЛН
coco在求救? #小丑 #天使 #shorts
00:29
好人小丑
Рет қаралды 120 МЛН