What You Do and Don't Need in a Physical Security Consulting Toolkit

Поділитися
Вставка
  • Опубліковано 27 лис 2024

КОМЕНТАРІ • 273

  • @trioptimum9027
    @trioptimum9027 2 роки тому +292

    In my (non-corporate) opinion, borrowing your tools is actually *more* impressive for this kind of demo. "Oh, okay, the Sneakers guy has some kind of tool that will open our access-control box" is not really that big a shocker for an executive. The fact that it's a tool you can get anywhere is not very visible /when it came out of your toolkit./ "The Sneakers guy borrowed a screwdriver from our janitor/IT dude and opened all our shit" is really more of a shock.
    It's kind of the inverse of the "common keys" situation, really: executives probably know, if they think about it for a second, that tools exist *somewhere* and that it is possible for someone with particular skills to pick or decode locks. The fact that you can glance at the box and already have the right key is more of a shock, as is the fact that the building maintenance guy has had de facto access to the server room all along.

    • @MichaelTilton
      @MichaelTilton 2 роки тому +15

      Asking for tools also has a benefit of looking "less scary". It is the "I'm with xyz to fix your copier" type attack. It seems "safe".

  • @sendtosurge
    @sendtosurge 2 роки тому +536

    You’re improving an industry obsessed with kit and the mystique of cloak and dagger. A dose of reality does a lot for everyone willing to hear it and let it shape their perspective. Thank you Dev.

  • @bowlsallbroken
    @bowlsallbroken 2 роки тому +183

    This was a helpful reminder to occasionally ask yourself, "am I presenting in a way that's appropriate to this social situation?" or more bluntly "am I being a fucking weirdo?", something us geardos need to keep in mind can sometimes be more important than "am I maximally prepared for every contingency right now?"

    • @keithduthie
      @keithduthie 2 роки тому +39

      For many of us, "am I being a fucking weirdo" is a foregone conclusion. More importantly "do I _look_ like a fucking weirdo, and if so how do I hide it better?"

    • @frogz
      @frogz 2 роки тому +6

      @@keithduthie this, exactly this
      and then i shrug and continue on being a weirdo because i am good at what i do and people pay me to do it

    • @bowlsallbroken
      @bowlsallbroken 2 роки тому +11

      @@frogz If people are paying you that's a good indication that you're properly calibrated.

  • @phyphor
    @phyphor 2 роки тому +345

    I love a dude who is secure in their knowledge, skillset, and professionalism, that they are happy to share because they'd rather upskill a community to benefit everyone than hoard what they've got in their brain to benefit only themselves.
    Nice work, as always!

  • @fruitshuit
    @fruitshuit 2 роки тому +183

    One other thought about the kit looking professional, I guess it hammers home that point that thieves aren't wearing domino masks and striped sweaters, the guy you need to worry about is probably carrying a black attache case and a plain accessory pouch!

    • @carpespasm
      @carpespasm 2 роки тому +31

      Or just as likely, has a guest badge, an internal point of contact they've worked up, and is asking which way the IDF room is with a clipboard in hand.

    • @wobblysauce
      @wobblysauce 2 роки тому +8

      Plain sight.

    • @A2ne
      @A2ne Рік тому +7

      @@carpespasm or the friendly looking elevator technician

    • @springbloom5940
      @springbloom5940 Рік тому +2

      I always use improvised tools, to disabuse people of their perceptions of security. Wafer locks with a paperclip is always a crowd pleaser.

  • @MorningDusk7734
    @MorningDusk7734 2 роки тому +67

    Those big stationary leather folders are at literally every college, emblazed with their logo. Go to your current or former school's store, pick one up, and keep it for regular use in a bag until the logo wears off. You come in with a shiny new leather case, that looks suspicious (if they're looking for it). You bring a worn leather paper keeper? That's just for taking notes and keeping your stuff organized, of course.

  • @KylejvT
    @KylejvT 2 роки тому +95

    When we do inspections I tend to carry a small roll of high vis tape. If I come across a issue I can place a small square down with a number written on it then mark that number down on the checklist.
    It helps later when they send somebody to look into the problems to locate the exact issue because most of the time the issues were things they couldn't see themselves.

    • @3nertia
      @3nertia Рік тому

      Top tier advice; thank you!

  • @x9x9x9x9x9
    @x9x9x9x9x9 2 роки тому +28

    The fact the man is telling you "do not buy these tools from us" in this video just shows you the type of guy Dev is. Been watching him for years ever since I feel down the lockpicking rabbithole thanks to bosnianbill like 10 years ago and then getting one of his talk videos in my side bar like 8 years ago and I got a grasp as to the type of guy he was but this just solidifies it. The guy is genuine and just wants to help and isn't in this for greedy reasons.

  • @carolinafrog4365
    @carolinafrog4365 2 роки тому +22

    not only a light in the dark, but a lighthouse to guide and improve the community, Thank you Dev!!!

  • @Veptis
    @Veptis 2 роки тому +14

    The 'you want to try it' approach seems to be the most honest approach I would like to see with more interactions.
    I am teaching a coding class at university and often I tell people to not just 'try it' and instead ask them predict what will happen. It's the opposite of 'hands on' but more 'heads on' I suppose.

  • @H3110NU
    @H3110NU 2 роки тому +32

    This has only ever been a hobby in my life. If I ever have to change my profession and leave the acronym factory, security consulting is definitely on the short list of industries I’d pivot towards.

  • @RubberBanned
    @RubberBanned 2 роки тому +17

    Having quick shows for PoC is one of the best ways to display potential impact. Getting managers to move dollars into the avenue of improvement almost always need physical proof. Good stuff.

  • @xemon2165
    @xemon2165 2 роки тому +14

    Your "sleek looking" mindset is what I have come to myself ... With exec you don't want to look too out of place or they don't listen to you ...
    I feel like the lishy are a bit extreme, and I took the tubing out of my set. But the evidence ruler is a great idea, I'll need to add it mo my bag 👍
    For storage, I love hdd case, they are hard sided, usually have a strap on one side and a mesh on the other.
    Thanks for sharing with us,
    X

  • @tiggalong227
    @tiggalong227 2 роки тому +97

    So an odd thing I found working in utilities was that graph paper was better for explaining stuff with drawings than ordinary lined paper as it made it easier to scale and position thing relative to each other and is still easy to write neatly on.

    • @trioptimum9027
      @trioptimum9027 2 роки тому +11

      Plus you look like a REEL ENJINEER when you do it, even if you're just handing over a list of, dunno, possible services or something.

    • @rveader
      @rveader 2 роки тому +7

      If you must be fancy, you can also go for dot grid.

    • @pflasterstrips7254
      @pflasterstrips7254 Рік тому +5

      graph paper is also nice as cheap evidence ruler, you have a grid and could adujust for any distortions of your lens to get a to scale image of things

  • @chasler1741
    @chasler1741 2 роки тому +26

    I have a solid argument against not having magnification. Small magnifier with moderate power is a god send with people who need reading glasses.
    You can score a lot of brownie points with them by making it seem totally normal to use a magnifier to see the smaller stuff.

  • @FrankStajanoExplains
    @FrankStajanoExplains 2 роки тому +20

    This is really a top class video Dev---my hat off to you and thanks. Your competence and ability as a penetration tester is unmatched but this is about the rather orthogonal skill set of making the lightbulb go on in the head of the non-technical CEO. Not many people have both skills. Those who do are unbeatable. You have just shown you are a master at both. Brilliant stuff.

    • @DeviantOllam
      @DeviantOllam  2 роки тому +5

      That's so very kind of you to say,... thank you!

    • @FrankStajanoExplains
      @FrankStajanoExplains 2 роки тому +1

      @@DeviantOllam Well deserved! I wish I had an associate with your talents at Cambridge Cyber.

  • @tissuepaper9962
    @tissuepaper9962 2 роки тому +5

    Your parody of the Big Rock Candy Mountain that is "EDC" was hilarious, especially "have you tried blue apron?".

  • @canoepick1140
    @canoepick1140 2 роки тому +11

    That kit is clean! I carry a backpack most places without a second look so I got a bit more but you’ve inspired me to cut it even further!

  • @JakHart
    @JakHart 2 роки тому +4

    You are absolutely right, there definitely needs to be more videos like this across-the-board.
    It makes me think about the knife bag I usually bring into work, I'm a cook.
    I've got it down to a small selection of tools that work well in almost every kitchen I've brought it to.
    I've seen guys that bring in huge knife rolls, with a ton of specialized tools, to only ever use one knife from it.

  • @curtishoffmann6956
    @curtishoffmann6956 2 роки тому +34

    Me: "I'm red team! I'm red team!"
    Coworker: "Dude, you clean toilets 8 hours a day."
    Me: "Yes, but I have an evidence ruler, too!"

  • @yoursafeplace8476
    @yoursafeplace8476 2 роки тому +9

    The biggest takeaway I can tell you about this video is while I'm a beginner novice locksmith. I worked in or around corporate too much for my own liking. *Appearance. Always. Matters.* like he said carrying that molly kit will have you look like a jerk, especially if you're a civilian who never served in the military. You can find sleek and good looking bags that are black or leather and look professional/executive style, just go with those, get yourself even a cheap suit though I can recommend you skip the suit jacket and just go with pants, shirt, and vest. if you're going to be moving around a lot.
    Don't use curses like commas, appear professional, and maintain that even if it's a fake character you made up to play as a role for the executives it'll get you further than just showing up as johnny jerkoff the metalhead lock destroyer. If you want to do cool stuff like casting a key, gauge the audience you're working with, maybe the CEO would want to see you do that on the last day of your walk through or something as a bit of theatre but it shouldn't be standard carry stuff.

  • @MysticWanderer
    @MysticWanderer 2 роки тому +21

    In a retail environment I have seen people come in with precut pieces of aluminum foil for wrapping small items so they don’t set off the sensor at the door. But I have also seen then just pick up a roll off the shelf and tear off whatever they need to accomplish the goal.
    The point is sometimes you know what you will find on-site.

    • @jsax01001010
      @jsax01001010 Рік тому

      The worst part of trying to secure product in a hardware store is that all the tools you'd ever need to bypass security devices or break product out of locked cages are just sitting on the shelf. There is a rack of bolt cutters in view of the padlocked cages that hold the expensive battery power tools. There is an product you can grab off the shelf that will deactivate the security devices they use on the product. The real protection isn't all that physical stuff. It's the hundreds of hd cameras watching the entire store, and the fact that if you have any sort of criminal history, the police will easily identify you and come knocking at your door.

    • @jsax01001010
      @jsax01001010 Рік тому

      All that aside, what would scare me the most if I were trying to rob a store is that, while you can get a pretty good idea of what each retailer trains their employees to do during a theft, you never know how random customers might respond. Once, after two thieves ran out the door with cart loads of product, a customer that witnessed it pulled out a gun, chased them down, and held them at gun point till the police arrived. I've also seen a thief have the misfortune of trying to run out right as a pair of off duty cops were walking in to do some shopping. That thief hit the ground hard.

    • @MysticWanderer
      @MysticWanderer Рік тому +1

      @@jsax01001010 Your replies show that you are thankfully in the larger group of people not really trying to learn how to steal effectively. You have noted some obvious things but are not aware of the errors. It is good that most people are in this same camp with you and I'll explain why.
      First: locks keep honest people honest. ie those that don't know fully how to bypass them or feel that somehow doing so makes it more wrong.
      Second: those that can be easily deterred allow those that need to catch the thieves to focus on those that are more determined.
      Also as an aside, NEVER be that person that chases down a retail thief with a gun or you might find yourself taking the trip with them to jail. A lot of legal ramifications in doing what seems obvious to some but is actually a very sticky legal situation. Ignore this advise at serious chance of peril for multiple reasons that this post is already too long to explain all of.

  • @derekbroestler7687
    @derekbroestler7687 2 роки тому +3

    AWESOME video.... I had to learn this the hard way when I first started doing consult jobs as a locksmith. You HAVE to know your audience. They're probably brilliant at what they do, but they don't know enough about THIS to even appreciate the high speed stuff. Keep it simple...
    It doesn't matter if its a residential, commercial, industrial job, you're NOT looking to show off YOUR skills. Zip raking their Kwikset residential lock in 3 seconds won't impress a homeowner because according to movies that's how long ALL locks take to pick for a very skilled person.... BUT if you can show them something that EVEN THEY can do, you make that sale... This goes double for business owners and corporate folks.
    Like I mentioned in one of the Q&A videos, one of my favorite stories is the time I got a job (and sold a LOAD of latch protectors) because I slipped their latch with the earpiece of my glasses during the walk through. I sold them a lot of other hardware as well, but the minute I saw them respond to THAT I knew the job was mine and that gave me a bit more wiggle room in my other recommendations.
    This kiss of death on a consult is "Well, but you're a professional, the average person can't do that" (You CAN recover from that, but it's gonna be a LOT harder)
    Inversely, if they call someone else (be it another manager in a business setting, or, their partner, spouse, roommate, etc in a residential setting) the job is pretty much yours.

  • @andrews4321
    @andrews4321 2 роки тому +2

    I love the idea of a discrete kit full of tools that can be acquired easily and used with minimal instruction to prove how unsecure something or somewhere is. Even better when you can do it without leaving a trace.

  • @ivveG
    @ivveG Рік тому

    Ollam is the man, he shares his knowledge with generosity and clarity. Thank you!

  • @Matlock69
    @Matlock69 Рік тому +1

    The “Blue Apron” not ad was amazing!!

  • @KateGrayCode
    @KateGrayCode Рік тому +1

    Just did a demo to suits at the building we are in, showing what’s wrong and how to fix it. Only needed two things in terms of tools: traveler hook and j-tool. The rest was demoing remediation and how access control works when done right.

  • @hhhsp951
    @hhhsp951 День тому

    Even the mundane parts of your job sound fulfillingly fun.

  • @Christian-cz9bu
    @Christian-cz9bu 2 роки тому +29

    I did guess the under-door tool was what missing. Interestingly, I had got one of those in an multi-tool entry kit when I was working at a auto-repair, ('93ish) where we were regularly locking 15+ cars a night. Inevitably keys would get locked in, and that was my go-to for GM cars without window frames, easy reach-in and pull the slider lock. Didn't know till your vid with LPL what they were designed for.

    • @DeviantOllam
      @DeviantOllam  2 роки тому +12

      Yeah a number of auto kits have long tools like that, sometimes useful for grabbing interior door handles through a small crack

    • @artemmuchnik1956
      @artemmuchnik1956 2 роки тому

      @@DeviantOllam when I was young my go to for getting through doors was funny similar to that. Tie floss to a sheet of paper and thread it through the top of the door frame catch underneath and tie on a cable with a loop and put it over the door handle using a mirror and boom.

    • @1121494
      @1121494 Рік тому

      Wait, DO has a collab video with LPL? How did I miss it? Link?

  • @lelanddyke8386
    @lelanddyke8386 Рік тому +1

    I don't even care about pen testing, this guy is just real as fuck

  • @jbwwins
    @jbwwins 2 роки тому

    “If you can do more with less it looks better” good advice across the board

  • @TheSlugslinger
    @TheSlugslinger 2 роки тому +22

    we had one security Consultant at the place i work in sweden and he did 60% of the work with a USB stick with videos of the most common faults company's make from his pov, and then when he walked past doors, windows and locks later in the day he would point them out and the once in charge could now see the problem for themselves and it was way easier to convince them to fix it since in the past their mentality was "noting bad has happened so for so nothing will in the future so why worry".

    • @spyderf16
      @spyderf16 2 роки тому +5

      Thankfully that mentality is starting to change with insurance companies getting pretty tight fisted when it comes to tying new policies or payouts to passing audits. I'm more on the IT side of the world and it went from being easy to get a cyber insurance policy that practically always paid out claims when an incident happened to insurance companies either outright refusing to start a policy or denying payouts if you didn't demonstrate that you met their standards, especially if that was an entry point for the attacker. I've seen plenty of clients that were absolute misers on security change their tune real fast when the insurance company demands they up their standards to get coverage.

  • @bastelwastel8551
    @bastelwastel8551 2 роки тому +1

    I think those advices of what you don't need and the why is very true not only for your profession.
    Keeping things low key, professinal and on point is always a good tip

  • @camronbay1
    @camronbay1 2 роки тому +2

    I like a minimalist approach on the gear I carry in a urban environment plastic shim,picks,shove tool,variation pry bars that can fit in a pocket,flashlight.

  • @nigozeroichi2501
    @nigozeroichi2501 2 роки тому +1

    I wish I could've discovered your line of work years ago, watching your videos I find this stuff fascinating, I dabble in lock sport because I like puzzles, and what better puzzle than things that are designed to keep you out.👍

  • @drumset09
    @drumset09 2 роки тому +1

    "Do more with less" wise words from a wise man.

  • @kofro39
    @kofro39 2 роки тому +5

    Not to put words into anyone's mouth here. but after watching this video i feel like i might be able to clarify something that i felt was danced around but never outright said. i believe what dev was going for in explaining the less is more approach is the impact you will have on the clients. prepare for the conversation that takes place after you leave. suits never want to admit they were wrong or unprepared about anything, if you show up tricked out in a bunch of fancy gear, the first thing that will be said when you leave is "well we are not expecting to be attacked by someone with thousands of dollars in special gear and years of training like that guy." But if you show up looking underplayed, professional, and let the work speak for you, the conversation after will be much more like " this guy just walked through here and got into every door we have with a pencil case full of crap from homedepot and a dumpster, nothing is safe, hire this guy to save us and our data!".

  • @JakeCraner
    @JakeCraner 2 роки тому +33

    Awesome content as always. This is nearly 1:1 with a kit I just put together. Can you put together a magnetic pole/magnet set on redteamtools along with a "how-to" video? I want to add this to my kit. Another idea - I added a flipper zero to replace low level proxmark/hackrf attacks. Would love to see what Babak could come up with regarding the flipper zero.

    • @DeviantOllam
      @DeviantOllam  2 роки тому +19

      Babak has one! We were one of the early backers. It's a cool device

  • @Gracelyn637
    @Gracelyn637 Рік тому

    Thank you so much for all the no nonsense info and for making it understandable, So many people make things way harder than they need to be so I can’t express enough gratitude to you and all the tidbits you share,sometimes it’s the most boring mundane things I use the most

  • @BurningMonkey
    @BurningMonkey 2 роки тому +1

    I love this video
    The idea of stuff that you really don't need is something that should be address more often

  • @philthejet
    @philthejet 2 роки тому +5

    Great content, what you actually do need is little stickers left behind after a job with "Dev was here" written on them. I will gladly make them for you. 🤣

  • @IanBPPK
    @IanBPPK 2 роки тому +19

    Love your insights! You mentioned a time ago about maybe rehashing Packing the Friendly Skies with new laws and experiences and was curious if that was still in the works.

    • @DeviantOllam
      @DeviantOllam  2 роки тому +21

      It's not a bad idea, honestly. I'll add it to the list. =)

    • @IanBPPK
      @IanBPPK 2 роки тому +4

      @@DeviantOllam many thanks. I remember sending you links to TSA's semi-official "what's allowed on board" KB for a couple of items back when you initially floated the idea. Iirc unloaded flare pistols are no longer friendly :(

    • @Aragorn450
      @Aragorn450 2 роки тому

      @@DeviantOllam lol, not that you have much else going on, right? 😉

  • @Softbauch
    @Softbauch 2 роки тому +2

    Always love your content, especially the relaxed pase of your videos. The time will come when I get drawn!

  • @risingSisyphus
    @risingSisyphus 2 роки тому +7

    Fucking love the snarky dig on the blue apron sponsorshup lol

  • @N0B0DY_SP3C14L
    @N0B0DY_SP3C14L 2 роки тому

    As usual, solid advice on so many levels. Most importantly, solid advice about headspace, and creating convenience just follows naturally.

  • @DonzLockz
    @DonzLockz 2 роки тому +24

    Great to see what you use. I was in Electronic Security and no one used methods against reed switches in all the years i was working. The high security places would have the biased SM3 large surface mount reed switches, designed to prevent magnet attacks, so much better than basic flush 20mm to 25mm door jamb Reed switches. I'd be curious to know if you have tried to bypass them.🤔👍
    Edit: They were dear as poison. I think I paid AU$308 each back in 2006! We literally installed hundreds of them. 😮😮😮💰💰💰

    • @DeviantOllam
      @DeviantOllam  2 роки тому +9

      Oh those surface mount ones are often balanced contacts, yeah. Specifically designed to make tampering a big challenge.

    • @MichaelMaynard
      @MichaelMaynard 2 роки тому +3

      Good to see you bro.

    • @carpespasm
      @carpespasm 2 роки тому +3

      Sounds like they're the answer to the other side of the equation when the folks in suits ask you "so what do we do to fix this vulnerability?" Risk assessment is a spectrum from "IDGAF, a lock in a cheapo keybox is enough" to "SHTU DOON EVERYTHING" If the client is taken aback at a magnet bypassing a reed switch you already have a number in your head for how much it'll be to provide a solution.

  • @LockPickNic
    @LockPickNic 2 роки тому +25

    I would love to do strictly physical security consulting.
    I did a tiny bit when I was a mobile locksmith, but I'm institutionalized now.

    • @BobWidlefish
      @BobWidlefish 2 роки тому +9

      They sent you to prison for “security consulting”?

    • @jordangabrielle9261
      @jordangabrielle9261 2 роки тому

      I'd love to as well but I don't know where to start even

    • @thisaccountisntreal107
      @thisaccountisntreal107 2 роки тому +2

      @@BobWidlefish pen test from the way out !

    • @DeviantOllam
      @DeviantOllam  2 роки тому +4

      That's like you're quoting Shawshank

  • @SEKCobra
    @SEKCobra 2 роки тому +1

    "Wait. I can do that?" is the best salespitch.

  • @k80theshade
    @k80theshade 2 роки тому

    I think this is my favorite video of yours not on a stage. And I mean in ever. Good show!

  • @DanTheRVMan
    @DanTheRVMan 2 роки тому

    Dude you mentioned that you give talks at West point as like a side note. That's freaking awesome!!!!

  • @Fightosaurus
    @Fightosaurus 2 роки тому

    Just giving the wisdom away for free. You are the MAN, sir.

  • @libertarian1637
    @libertarian1637 2 роки тому +1

    I carry a Leatherman tool with me, along with that I have a small flashlight, small space pen, and a flat Leatherman bit holder with Philips, flat, tors, and Allen bits in common sizes; these all stay in a small maybe 2”x4” case on my belt as such I don’t travel with screwdriver bits or a universal bit holder. I like the minimum approach and agree with the bypass over other tools; in law enforcement bypass is by far the go-to and in doing security consulting nothing seems to have as much impact as a small simple tool overcoming what people think are secure.

  • @MichaelMaynard
    @MichaelMaynard 2 роки тому +2

    That was a really great, no nonsense video. Thanks for the work and thought that went into that.

    • @DonzLockz
      @DonzLockz 2 роки тому +1

      Hey Michael, long time no see. Hope you are well, good to see you are still around into security. Take care. :)

  • @dpunlasmith
    @dpunlasmith 2 роки тому +7

    Whenever I do a physical pen testing consultation I start with explosive destructive entry. It’s just a lot more exciting that way.

    • @carpespasm
      @carpespasm 2 роки тому +2

      Shock and awe. Sure to make an impression.

  • @liam7342
    @liam7342 2 роки тому +3

    I work in a hospital in the UK and the day I walked in I realised that they have spent a lot of money buying electric code lock for most storage rooms. But that the strike plates are all wrong so you can shim any of the dead latch locks and some of the rooms have things like horribly expensive portable medical kit.

  • @RocRizzo
    @RocRizzo 2 роки тому

    You really need your brain. Les Ismore is a longtime friend. He’s very handy, and uses very little, whatever the job. Thanks for the tips. They are, as always, quite useful.

  • @thek3317
    @thek3317 2 роки тому +2

    24:00 Jackhammer and Angle Grinder, after making my way from the reception to the backroom while making my own doors I never got invited back

  • @Ariccio123
    @Ariccio123 2 роки тому +1

    My dad has given presentations at west point and brought me along. I'll say, not only is it a good example of physical security (being a fort and all), but it's a fucking amazing place to visit!!

    • @DeviantOllam
      @DeviantOllam  2 роки тому

      yeah, getting to tour the Post with some of the Cadets and faculty has been amazing over the years

  • @DarylBullard
    @DarylBullard 2 роки тому +1

    Hi Deviant! The extended straw is probably the only thing I wouldn't keep in the case, because you aren't carrying the canned air to use it with. Seems like something to keep in the field bag. Great information as always!

  • @RickEmc2
    @RickEmc2 2 роки тому

    Thanks for all these golden tid bits Mr Ollam

  • @krew11uvtoo23
    @krew11uvtoo23 7 місяців тому

    Love this. I like to go minimalist. I don't even want a bag. On my keychain I have to bumps, shims, etc. I also have covert items like an NFC reader/writer hidden in a FOB, a pen that's a video recorder for later review like missed cameras or even a pin or password typed as I walk or stand by. A rooted phone with pen apps and Kali. A baseball cap with hidden compartments for other items. I never understood the whole backpack thing.

  • @shadow.banned
    @shadow.banned 2 роки тому +1

    Nice rug backdrop.

  • @seanrutter3470
    @seanrutter3470 2 роки тому

    I locksmithed for a cpl years in days past and have dabbled forever since.
    It fascinates me how many people don't realize, and don't even check on common keys with codes on them.
    I work maintenance these days for a franchisee of a MAJOR quick service restaurant. There were no extra keys for a high pressure water access and a toilet paper dispenser (of all things.)
    A MINIMUM of online research and a bit of my own $ and I have the keys I need now.

  • @flibodoor123
    @flibodoor123 2 роки тому

    I was taken away by your openness with regards to industry education from WWHF and other such event panels on YT, thank you for demystifying these methods and tools.

  • @stevenemery4038
    @stevenemery4038 2 роки тому +3

    What are your tips for someone that is getting out of an LEO/Military field and might be interested in moving into something more in line with covert entry and pen testing?
    Love your work and keep up influencing the newer generations.

  • @shadow.banned
    @shadow.banned 2 роки тому

    That compressed air trick was cool.

  • @bryantsmyth6510
    @bryantsmyth6510 2 роки тому

    One ofy very favorite possetoins is a six inch 32nds and mm ruler with metric and imperial conversions to decimals on the back, down to 64ths

  • @lenbones7940
    @lenbones7940 Рік тому

    im a commercial master carpenter and i can say that lishi keys work and ive used them to make keys for building owners who have "back doors" that they've never owned keys for....ive installed and changed commercial door hardware in everything from regular retail stores to high security labs and hospitals and colleges and i can count on one hand the amount of doors ive encountered that those 4 lishis cant open and key throw a average key box key a decent jiggler and a few combs and you have what will allow u to enter 99.9% of building's atleast in my experience of almost 20yrs in Ohio.. btw the few doors i was talking about were always antique type locks on churches or colleges that are like early 1900s... the doors on these building's are installed by dudes like me and im atleast competent most aren't.. you talking about high school drop out felons who do this cuz the place was the only one that would hire them... i almost feel bad for people who rent offices or places to open a boutique store or what not.. it would prolly blow there mind if they knew a security camera thats well placed and able to hopefully get enough info (plates and faces) is basically the best they can do... and even then if they dont recognize who came in its almost a waste of time getting the cops to come and giving them the footage... id say its a coin flip if itll even get watched let alone investigated..

  • @Null--
    @Null-- 2 роки тому +2

    Use a yellow highlighter to mark keypads with yellow ink. Its completely invisible on metal keys and shows up under UV.

  • @BrooksMoses
    @BrooksMoses 2 роки тому +1

    I figure one point about not carrying the giant selection of elevator keys and whatnot -- that "Hey, you know that's a common key, here I've got one right here" story sells a whole lot better if you are pulling out a set of five or ten keys rather than a set of fifty.

  • @Trickyni
    @Trickyni 2 роки тому +34

    How does your kit change for European jobs? Further- do you change your approach/attitude for European jobs?
    Loved the video, your tool breakdowns are always incredible ^^

    • @carpespasm
      @carpespasm 2 роки тому +7

      More broadly, what would be some changes and concerns for physical pen testing that change based on building norms and code in different regions of the world?
      For example, I know in the US that the ADA requires lever handle doors be able to open from a pull up or a pull down, which is apparently just not so in many other parts of the world. Chinese domestic market locks often use eurolock barrels and have an entire wild world of keyways all their own. I'd really like to hear from some physical pen testers that live and work in different regions to see what they commonly come across.

  • @Epinardscaramel
    @Epinardscaramel 2 роки тому +1

    Those bags seem pretty nice as well

  • @katelights
    @katelights 2 роки тому

    what you don't need is just as important of a question as what you do need. scope creep is an easy trap to fall into.

  • @connorfoxton6167
    @connorfoxton6167 2 роки тому +5

    The only thing I could think of that'd be easy to add would be some rewritable RFID cards paired with the appropriate app(s) on your phone. It'd still be a niche use item, but being able to demonstrate "Here's this app that you can just download, and here's some cheap plastic I got for 50 cents per card on amazon, I now have your badge" would be a big wow moment for the client.
    I feel the point of this video isn't that you're doing a live break in when you're doing a consult, you're basically showing "Hey here's this small tool that does a thing easily, and if I had like 2 more things on me then that's this entire security measure defeated". It's not about breaking in, it's showing that if you wanted to, you could break in.

  • @lukecowlishaw
    @lukecowlishaw 2 роки тому +1

    Would love to see how a walk through, and executive meeting goes, and any stories around that

  • @bunyipdan
    @bunyipdan 2 роки тому +1

    Admin items ...... I thought you would use a covered clipboard (rather than an open one - seems rather exposed), a security id card fob necklace, 4 in 1 pen (all in one multi coloured pen with pencil for notes), thumb drive, otherwise other useful items might include.....carry a small amount of flattened duct tape wrapped around a card, and only because tubular locks are quite prevalent in my area, I might also consider either a tubular lock pick or at least a goat tension tool, maybe carry some replacement door hinge security screws for clients to reference an easy fix to pulling hinges.

  • @yeetyboii
    @yeetyboii 2 роки тому +1

    Wanted to see how easy it is to find bitting charts for common german keys (as it happens I live there) and it turns out its much much harder to the point, that i havent found any yet. Im gonma admit my research wasnt that deep, but its not like putting "key bitting chart" into google and boom you have a ton of pictures and a few websites for finding those.
    Your talks have piqued my interest very much and I for sure will look into the whole topic a bit more, as pen testing and lock picking seems like a fun hobby to pick.
    Cheers to your great videos and have a great day!

  • @dafoex
    @dafoex 2 роки тому

    I do agree with that last part, strongly. Tacticool and camouflage stuff might be cool, but you stand out like a sore thumb with it because no one else has it - especially suits and bureaucrats

  • @sciguy98
    @sciguy98 2 роки тому

    That evidence ruler looks just like the ones we got at the Forensic locksmithing class at ALOA, lol. I have exactly the same one.

  • @jayerjavec
    @jayerjavec 2 роки тому

    ... also, most importantly, bring yourself both physically and mentally.

  • @plasmaburndeath
    @plasmaburndeath 2 роки тому

    So my idea for you is to try and get this to an (accessory worn jewelry size kit), necklace/stopwatch, few basic looking rings, wrist-watch, maybe fake-cell phone case, and maybe even fake glasses (that have a few of the tools in arms for example) all to be even more covert.

  • @Teabagz4fun
    @Teabagz4fun 2 роки тому +4

    Dunno if it's been mentioned in the comments, but that extend-o straw, could that also be used in place of weed-whacker line for slipping latches with plate covers?

  • @McSnarf
    @McSnarf 2 роки тому +4

    Umm. Might be an Euro thing, but if you want to avoid physical damage, carry some PZ (Pozidriv) bits. Size 2, like Philipps, but also maybe a size 1. It DOES make a difference.

    • @carpespasm
      @carpespasm 2 роки тому +1

      There's not much pozidriv in the US, pretty much all phillips. Using a phillips on a pozidriv or verse visa really does suck. I only know because the only pozidriv screws i've ever found in the wild came from Lidl as "particleboard screws". Same goes for working on motorcycles when you think it's a PH2 but it's a Japanese Industrial Standard 2 screw head. They're not pointy on the end.

    • @McSnarf
      @McSnarf 2 роки тому

      @@carpespasm that's funny - because we use Philips mostly in stuff like particleboard construction, because the but head will cam out of the screw head when a certain torque is reached. There is a number of these cross pattern screw types - you will find JIS on a lot of electronics, to name just one, but PZ is probably the most common head here.

  • @timkarvelis3523
    @timkarvelis3523 Рік тому

    If you are ever thinking of adding some more to this get a sog power pint it has a 1/4 inch bit tool while being a midsize multi tool

  • @Minionz
    @Minionz 2 роки тому

    Perception is everything.

  • @Coffeemancer
    @Coffeemancer 2 роки тому +5

    Why isn't this standard knowledge for emergency services? I was locked out of my apartment and car once and neither police or fire department could help without damaging property.

  • @DirkFedermann
    @DirkFedermann 2 роки тому +3

    It's kind of funny how overlapping this mentality is.
    I do websites for a living. All the fancy programming languages are super and do a lot of cool stuff, but at the end of the day it is still only HTML, CSS and maybe a little Javascript.
    And when a small client comes and just "wants to be on the internet", there is no need for a big Content Management Systems or Frameworks that have to be updates all the time. And "Oh, no. Your website has been hacked and sends Spam E-Mails".
    Less is in most situations more.
    You can always stock up if the job needs it.

  • @richardthomas7756
    @richardthomas7756 21 день тому

    Deviant. It is a pleasure to be able to watch your videos. I find them highly educational and informative. Could you please tell me something- where did you purchase your handheld magnetic field sensor from? I have been trying to get hold of one for a long time. Thank you

  • @camronbay1
    @camronbay1 2 роки тому

    Excellent video.

  • @PrivateUsername
    @PrivateUsername 2 роки тому

    Have the rescue Jim laser-etched with the evidence ruler markings, and use a pull-off-able plastidip handle. The paracord looks tacticool, TBH.

  • @TarahWheeler
    @TarahWheeler 2 роки тому +10

    I love it!

    • @DeviantOllam
      @DeviantOllam  2 роки тому +1

      💚

    • @phyphor
      @phyphor 2 роки тому +3

      A completely unbiased view from once security expert to another 😋

  • @MarvinCZ
    @MarvinCZ 2 роки тому

    Damn, I started the video and it's awesome but I've got to run to a training. This is gonna bug me until I get back :-)
    Edit: Finished it now. Great, down-to-earth presentation.
    By the way, I recently bought a Wera screwdriver and bits set on your recommendation. A full sized one for home use.

  • @DarthNinjaCode
    @DarthNinjaCode 2 роки тому

    *takes all the notes* always good to learn from you

  • @LaskyLabs
    @LaskyLabs Рік тому

    What you *do* need is snacks in one of those clipboards with storage space inside them.

  • @CtrlAltDft
    @CtrlAltDft Рік тому

    you're a bro in the right way, thanks for the information

  • @rdxdt
    @rdxdt 2 роки тому

    I have had this conversation but on the software side, usually is with someone who watched Mr Robot and need Kali Linux, or any type of security/forensic linux distro, and sure they have it’s use but on those kinds of consulting jobs you will not crack any passwords, you will not use beef, for the most part all you need is pretty much aircrack, wireshark, nmap, ettercap,netcat, having a whole distro for these is just not practical for these walkthrough consulting jobs.
    In the past i just wow’d a client just by a quick deauth attack(relatively small business operating over wifi for anything)

  • @Greg-jy6ke
    @Greg-jy6ke 2 роки тому

    Hey the keybar titanium hook insert is absolutely replacing all my traveler hooks, fits in my wallet and no longer do I get stabbed. It fits on thinner gap doors too

  • @spencerpalmer2918
    @spencerpalmer2918 Рік тому

    Creativity loves constraints

  • @ptrckstllr
    @ptrckstllr Рік тому

    I dont know how I'm just now seeing this video. Anyway, I'm trying to imagine actually using the tools as they're carried like that and it seems super awkward in my head. Unzip black case, take out blue case, set black case on floor, unzip blue case, take out tool, set blue case on floor, demonstrate use of tool, reverse order to put tool away and continue walkthrough. Or tuck cases under arm and try not to drop them while demonstrating tool 😂 Is that basically how it goes and it's just not as awkward as I'm making it sound or is there another way that I'm completely overlooking? I totally agree with the tacticool pouches looking out of place and unprofessional especially if worn in an actual chest rig configuration but there are less tacticool chest packs on the market and I feel like the hands-free capability would be more comfortable than the situation I'm visualizing. You're the pro; you know me, just a long time hobbyist follower over here. Hope to catch up at another con again sometime soon!

  • @Laugh1ngboy
    @Laugh1ngboy 2 роки тому

    If only I learned of this job 30 years ago.