Im a Electronic security tech. They messed up the codes and lost access. I got a ladder, lifted a ceiling tile, and used a umbrella to lift the free access handle inside. The bank manager was horrified.
Retired Marine. Secured server room, guy with the key was literally on the other side of the world. Grabbed a bucket and dropped a mop vaguely at the handle and open sesame. Got a counseling to never do that again.
I had an assignment to assess IT security at potential vendors for a Fortune 50 company. I visited server rooms, and asked for a broom. "What?!?" Pushed up ceiling tiles to show that the server room walls ended at the ceiling, and the opening above was easily accessible.
Up and overs are another easy, low-cost thing you can do to gain access. This is why walls that go up to the ceiling are required in secure places in the gov't sector.
@@taunteratwill1787 We are both 4 months late😂 But are you sure this guy is exaggerating? He is not, I work in IT and if you ever listened to IT and OpSec professionals - IT security is universally bad.
Back in my university days, I used to go around and help people break into their dorms when they were locked out. Front desk would give you your first lockout for free, and $50 per incident after that. I’d go around for $15. Bent dry cleaning hanger, paracord and my phone camera on selfie mode and I could get in in seconds from underneath. Always blew people away how fast and easy it was
Wait, locking the dorms? Where you live and keep your personal belongings? Why would anybody do that? Is that some united states specific thing that no one else does again?
The "look/act like you're supposed to be there" thing is so very effective. I used to do fire performance at big festivals, and I lost my credentials once (they're supposed to be on your wrist, but costuming doesn't always allow that) and when they stopped me at the gate, I was in costume and just told them I was a performer and I'd lost my credentials. They balked at first, but when I asked if they wanted to explain to the performance director why their performer wasn't showing up to his scheduled sets, they let me in. Okay, costuming seems like a pretty clear indication someone's supposed to be there, even amongst festival goers, full body paint is generally farther than most people would go dressing up.. so I tried it in just black cargo shorts, a black tee shirt, and a disinterested, busy look on my face, found a case of water to put on my shoulder, and walked through security checkpoints without anyone saying one word to me and I was backstage. The specific clothes to wear in order to look like you're supposed to be working there might be different, but the facial expression and body language are pretty universal. Purposeful walk, busy facial expression, don't avoid eye contact just ignore everyone else and focus on where you're going. Unless security is particularly strict, places like loading docks, backstage, service areas.. usually nobody will even say anything.
There’s a guy that snuck into an NFL practice doing that. They realized he wasn’t supposed to be there about halfway through the practice. The guy was doing drills, running routes and everything
High vis + name tag + hard hat + clipboard is essentially an invisibility cloak in any office building, construction site, warehouse, or performance venue.
Many automatic sliding doors have the same issue. My company has RC2 and RC3 automatic doors. Reinforced glass, multi-point locking device that drives steel pins into the floor, Optical locking feedback (blinking LED) etc etc. Customer? Puts it on one way so the exterior sensor gets ignored (the machine doesn't even lock in that mode by default lol).
Got locked out of my retail employer at closing and the security guard could see me trying to get back in. I grabbed whatever was in the top of the trashcan and tripped the sensor from outside. The guard wasn't quite as smug after that.
Used to do this in New York when I was in EMS there. Hospitals want us to park in certain spots and walk all the way around the hospital, but fuck that, we would swing the patient slide board past the sensors to open them or just shimmy the latch with our ID cards.
I think I need to get into this business because I knew 90% of this just from goofing around trying to see what kinds of stuff/places I can get into. Was looking for a bathroom one time while riding my bike on a really long trail (urban area) and ended up inside the production floor of a facility that was supposed to be sterile and inaccessible. The workers had a habit of going outside for smoke breaks through an unsecured door on the side of the building so I just pretended to be a new employee, chatted with one for a minute, and followed them inside. They didn't even ask me what I did or who my supervisor was, etc. Used the bathroom and left without anyone ever knowing I was there and felt like I had discovered a superpower.
One big problem is when the law says "you have to do x" when x is something that lowers security (in many places you are required by law to have a lock-box on the wall that can be opened by emergency services so that they can get in if they need to and in many cases those lock-boxes have been shown to be flawed)
It's kinda crazy when he mentions in another of his talks about how many of those lockbox keys get lost. Not only do keys to a whole city really exist, folks are losing over them at a faster rate than 1 a day.
@@Rachel_M_ Why no-one makes a combination lock-box that isn't a piece of junk capable of being opened in 20 seconds is beyond me (surely there is a market for such a thing that can't be easily accessed)
@Blayne Bradley See the problem there is you see workers as fellow people. So it's unlikely you or someone like you would end up in the position to make those decisions. Security benefits the company so they will happily choose to do it. Safety benefits employees, and is usually only done if it's legally required.
Best “act like I belong” moment of my life was as a punk teenager. I was skipping class at school. The teacher who’s class I was skipping knew exactly where he would find me. He sent one of our school administrators to the vocations building. I had lied to my vocations teacher that I was allowed to be there. The administrator went to the vocations teacher and asked if I was there. My V-teacher was like, “Yup. He’s in such-and-such a room.” Now, there was a whole huge group of us skipping together from a variety of classes all in the same place. We had the youngest Freshman just outside, door open so he could still be social, on lookout duty. He runs in and says, “Mr so-and-so (the administrator) is on his way!” It was like fucking cockroaches. No one else had the foresight to lie to our V-teacher to be there. So, they all hide behind the cubbies in back, in stand-up closets for coveralls and brooms and such, one even stood behind a large American flag because it was behind the cubbies, so you really couldn’t see his feet. It was hilarious. I sat there cool as a cucumber. I didn’t suspect the admin was on his way for me. I had permission from the V-teacher to be there. I wasn’t worried. Admin walks in and sees me all by myself reading a book or some such thing, just chillin’. “Hey, Mr. So-and-so the V-teacher told me that Doug Moore is in here. I was sent by *insert name of teacher who’s class I was skipping at the time* to get him. Have you seen him?” Me, “Nope. I know him, but I haven’t seen him all day.” Admin, “Alright. Well, if you see him, tell him to report to Mr. so-and-so. He’s going to get written up and have detention,” and he left. A gaggle of fellow teenagers burst out of their hiding spots utterly amazed! LOL! I wasn’t a cool kid. I wasn’t Mr. Always-play-it-smooth. It was just this moment in my life where I realized that people in charge don’t care and don’t pay attention. The Admin didn’t know me from any other kid in the school. If I lied and pretended to belong, he would just move on with his day.
The "don't care and don't pay attention" thing is a wonder for getting in to places. Back in high school we used to sneak into the computer rooms at lunchtime to play games (and access the server to give ourselves unlimited internet access), and we'd get in by finding a teacher we didn't have for any classes, and saying "oh I left my calculator in the maths room, can you unlock it so I can get it?" and when they did (and stood outside waiting), you could just walk through an access door into the computer room, unlock the door, then exit through the maths room. Teacher didn't know who you were and didn't care what you were doing, as long as you came out of the room a few moments later carrying a calculator. And when you got caught in the room by another teacher, you could just say "oh Mr. [IT teacher] let us be in here to work on an assignment" and the teacher wouldn't bother to follow that up because they were off to have lunch or get ready for the next period or whatever. If you weren't being loud or destructive, teachers really couldn't be fucked.
In 1970 a UK department store chain used men in brown uniform coats to deliver and set up displays. One day men in Brown coats cleared 1/3 of a floor put it in their van and drove off totally unchecked. They did not work for the company
Can't begin to count how many deeply layered secured locations would let in a copier repair tech in w/o even checking the bonafides as to whether a service tech had actually been called out. Security would issue me an all access guest wave badge after signing in at the front desk, toolbag in tow. Places I had no buisness having that ease of access. Casino counting room floors, police impound areas, military armories, judges quarters, even a governors office once. If i'd had ill intent when I ran my buisness I could have walked out with weapons, hundreds of thousands of dollars, Jewelry, drugs, you name it.
I used to deliver sandwiches. I didn't generally get into *very high* security places, but I definitely got into some places by just saying "Hi Jimmy Johns I've got a delivery" where I should not have been able to enter easily and unsupervised. Like I actually was just there to deliver sandwiches, but it'd be plenty easy to just order a delivery, put it in your backpack, and then try the call box somewhere and worst case you show them the bag and read off the name and they go "there's nobody here by that name, I think you've got the wrong address" and oh well failure, but you're not in trouble at that point or anything.
oh yeah working at anywhere with secure entry/exit for a long period of time, i don't know how anyone resists thinking about how to circumvent that security even if they're not intending to do anything. every time my building updates its secure entry/exit i find a way to reliably get around it within a couple days lol
I remember once on a school trip at a hotel our room's card was at one of my roommates who was supposed to arrive a couple hours later than me. Since I was very tired and didn't want to wait it out in the lobby I noticed there was a noticeable gap between the door and the frame, big enough for me to slide in my credit card and get in. Thanks to this video I now know, four years later, that this is a pentesting technique.
After I had been in the Army for about 6 months my unit went to JRTC Fort Polk, LA. I think I was a PFC (E-3) as was my buddy (what's up Mike if you see this). The Army flew the soldeirs to Ft Polk but our gear (vehicles, howitzers, etc) went by rail. We got ther about a week before our gear. When the time came for our gear to show up we were supposed to have a driver and TC standing by to drive the vehicle off the train and take it to the motorpool. Myself (the TC) and Mike (my driver) went to the designated spot at the designated time. We were just standing around waiting (our gear was late). While there a guy asked us to hand off his radio (handheld walkie talkie type) and clip board to the guy that was supposed to releive him because he had to use the restroom and couldn't wait any longer). I discoverd, you can run the US Army if you have a radio, a clip board, and balls. I had complete control of the rail yard and had a line of people waiting to take instructions from me (including a Major and severa other officers). One thing I found squashed all discent and questioning instantly was pointing with the radio antenna. No idea why, but when you do that people cannot disobey. Since shortly after that day I've always carried a clipboad and radio in my truck. I recently added a generic hard hat and reflective vest.
My last job was working in a bank and we had HORRIBLE physical security. "Hey man I'm here to work on the ATM" Pretty much any employee would give them their own personal key fob and they would be let inside. It's also funny to note that each key fob worked on EVERY door. I was a teller at my branch and I could literally use my key to get inside any other branch, their secure rooms, hell I could even just walk into the CEOs office with it. Granted it was a small credit union but still I look back at it with amazement
Hey maybe let the sound guy know you intend to have sound playback in your presentation beforehand. Sound techs aren't going to just have an input source cranked up if it isn't going to be used, otherwise it introduces speaker buzz distracting from the live, spoken word sound. If you're going to have sound coming from, say, your laptop, make sure your laptop is properly outputting audio so it can be piped out to the speaker setup in the room. Don't just demand it work out of nowhere beforehand.
Yup. If someone acts like that much of a twat about something minor in a presi, is actually given the solution (theres a fucking remote right next to you) and then whines and "oh well i cant be fucked ill just go on", imagine how much of a massive cunt they are in private.
@@williammartin9751 Yeah, he was a real douche about it. Probably insecurity on his part, but I'm guessing he is insufferable to be around in general if that is his default reaction. I'm so happy I am out of that industry now. It's always some guy with a powerpoint that never responds to any pre-production emails about their technical needs, and then shows up last minute with either a ton of ridiculous requests, or you have to chase them down to even get a microphone on them, and they don't know how to use it. And this is always after days of dealing with back-to-back powerpoints presenters who all think their presentation is the only presentation of the day.
Do you guys not understand that this isn’t a “serious” conference..? Everyone is joking around with one another. It’s literally called “Wild West Hackin’ Fest.”
With the tips from this video I managed to break into three different IT rooms and music instrument locker rooms at my school. I let a higher up teacher know about it and he used the footage to get the school to finally replace all the old IT systems and band room which they’d been holding off for a few years at that point. Awesome stuff.
Scolding the people in control of sound is like being rude to your servers, valets, janitors, etc... While you have that one 45 minute presentation that is all you are thinking about, they have been there days before and will be there cleaning up the day after, and you probably ignored the emails they sent you asking about your presentation. So while you know what's on your presentation, they likely have no idea... and there is a full day of presenters that also didn't do anything but think about yourself.
As an Audio guy he really rubbed me the wrong way this video. Immediately scolding him and calling him useless when it might not of even been his fault..
I'm a Software Engineer, and it's crazy that you can just clone a keycard by being near it. There are all sorts of methods in cryptography, using asymmetric keys and encryption, which would completely prevent cloning of a keycard. Keycards can power a small processor using the energy from the door key reader. It's baffling to me that these security companies who design these systems don't do this
I find it baffling car manufacturers dont use those same techniques to ensure cars cant be started without the key . Its not like its huge extra cost .
I found a vulnerability on a hotel door lock where I can brute force the password used for every lock and set the master card bits. Two local hotels I know of have these locks.
I should also note that the same thing happens to physical security as computer/device security: If you make it hard to use, people will find a way around it. When you make people have to choose complicated passwords that you mandate must be changed every 2 weeks? You get a lot of Post-It notes with passwords. You also have a rise in internal customer service tech calls for people who forget/lose passwords. None of this is very secure. Good security, physical or computer/electronic, should be as easy to use as possible, so that people follow the correct procedure rather than finding a work-around. Great examples of what not to do leaves the security open to "key issues," which Ollam's team often takes advantage of......
I met a guy who worked for cybersecurity pen-testing company that also had physical pen-testing people. He seemed to LOVE his job. I was telling him abt accidentally leaving my computer on overnight years ago at a bank and getting in trouble (one time warning) the next morning. He said if employees at companies he was pen testing didn’t have their computers secured, he would put something on it to go off like an alarm during working hours that took over the screen w a message like “I’m the idiot who left my computer on!!🎉” Seemed like it paid well too.
If he's leaving messages on computers, he's not doing the job right, the break in, is just as important as the clean up. We aren't supposed to leave traces of activities.
If you have physical access to the PC, in a lot of cases it doesn't matter. The only exception to this is if there's stuff on there like Bitlocker that encrypts the hard disk. If it's an unencrypted drive it's game on.
That's funny. Most office jobs I've worked we had the unspoken rule if you left your computer and it was unlocked it was fair game to mess with you. My favorite thing to do was hide all their desktop icons and taskbar, open a ton of windows, take a screenshot. Close them and set that screenshot as their background. See how long it took them to figure it out.
Acting like you belong always works. Be confident and don’t hesitate. As a locksmith of nearly 16 years I’ve seen some of these tricks but there were a ton I hadn’t. Love this video for my own professionalism. Kinda also hate it exists for everyone to see too. A major eye opener at some of the things you can do though. Wow!!!
As a software developer, this is very interesting. Also I feel like no one in the audience has any idea of what he's talking about when he gets too specific and makes jokes. Which is also funny
Awesome 💯, I do vegetation maintenance on cell towers mainly, but also do a lot of other construction, electric/jobs. I'm constantly having to access cell towers on private property or Forest service Land so I taught myself to bypass pick and decode locks. My boss doesn't even have a clue how much time I save him from people changing codes locks and other stuff. Instead of getting on the phone and calling a tech or a landowner, I just let myself in. Sometimes I get into trouble and just say that the Lock was open😅😅😅
@@mattd6085 life is what you make of it! If you plant good seed and plant you shall receive a good & plentiful crop multiply. If you plant bad seed then you shall received a diminished & inadequate crop...If you neglect to be discipline the weeds will overtake the garden. Life is a garden & we are all gardeners do not neglect to do what you can do,the best you can, as soon as you can, be discipline!
I was a burglar as a child. I've used a lot of these tricks. The outer hinge was always a great sight to see. I once spent multiple days unscrewing bolts to remove siding just to find my access point blocked by a pallet of concrete bags which I then painstakingly removed and relocated one by one. I believe I was 12 at the time. I'm glad I got all the trouble behind me as a kid. It's all expunged now. :)
Hahaha...when I was around 12 or so, I had a few friends who removed the screws from the back of the steel building that housed the local beer distributor. They removed a few screws, pulled back on the siding...and success. Pretty bad design, really.
Whatever you've never been on stage with shit not working before it's a very shitty feeling. Especially when you're speaking about being an expert at something
@@baddawgie0well I have and while I agree is a shitty feeling and takes a lot of control, you shouldnt be mean to the people running the show. I agree though you could tell by his intonation that he waa getting nervous and probably was just compensating by changing it to frustration
I was just coming here to say the same thing. This guy may be an awesome pen-tester but he's a colossal a$$hole. I would never work for him and I wouldn't hire him to pen-test my company. The way you treat people when you don't HAVE to treat them well says more about your character than anything else in your life.
Back in the 90's I did this with our executive protection clients with a get out of jail free letter from the client. Once we had security acceccing all the head hp'sboffices. It was one of my favorite job I ever had.
loving that this comments section is 60% "be nice to the sound guy >:c" and 45% "here's my smoothest security break moment" & 5% "don't know why I'm here but good video" lol
i love pen testers looking at a door and saying "i could get in" My High school like 10 years ago got a new engineering lab. the doors are the glass frameless doors (altho it does have a deadbolt) It also has the locks on the bottom but uh oh who ever installed those parts on the floors didnt install it right. The deadbolt dosent work either. If you just pull really hard there is enough clearance in that lock that lets you just open the door. I totally didnt abuse this system.
My proudest moment was at a 24/7 gym. My buddy had a membership, i just went in with him to work out. No staff at night, so it wasn't a problem. One night, his card didnt work on the slide scanner on the outside. He thought we were SOL, and for a moment I did as well. I remembered that on the inside of the door, it had a motion sensor. The gym used to be a physical rehabilitation center for a hospital; motion sensor was for disabled people who might have a hard time with a door handle. I grabbed a piece of notebook paper, folded it a few times, slipped it between the top of the door and the frame, and just swung it left and right while i pushed on the door. We never paid for a membership again.
Doesn't hear sound "Yell at the guy in the back, he's not doing anything" when he find out there is sound "turn the sound the fuck up please" when he find out he has a remote "this is like dad's living room remote" possibly when he realises how obtuse he was just being even though the problem is fixed homie goes dismissive of the situation "whatever I'm gonna continue" -damn, I don't know if you were just crazy nervous or smth but you sounded like a jerk. Good content though aside from the manners.
@@taunteratwill1787 I mean, with that logic wouldn't you be doing the same without any source, stats or citation? Granted you didn't make a whole seminar out of it, you're still shitting up the pot eh.
@@Varsonin Due to my work I get to stay in hotels almost all over the English speaking world for 12 years now. I know this is NOT an issue. Happy genius? 😎
@@Varsonin still doesn't mean anything to me though, i'd sooner trust the guy who made an entire seminar than the guy on the comment section who's stayed in a bunch of hotels
Geez, him bitching at the guy in the back over the sound was so cringe. Then when he realized he had the remote, he still had to cry about just to be difficult. That just summarized this guy’s whole personality in 30 seconds.
Been doing IT for years and knew a few of the tricks but not all of these. I would LOVE to do work like this, wow.. What a blast. I know this is 2 years ago but I wanted to watch this more and more! lol
Same boat bro. Stumbled across this and stayed for the whole thing. Not only is this intriguing but they speaker caught and kept my attention. Been doing IT as well, and just recently bought a FlipperZero and $400 worth of bypass tools. It’s scary how fast I can pick almost every lock in my house… the illusion of security is enough for most people. I guess.
Look as though you belong is one of the most powerful anti-security tools in existence. I spent about 4 years working as a stage crewman, and that meant I was often issued a AAA pass so that I could get anywhere I needed to to set up the show (or the reverse), however a lot of shows wouldn't bother with passes. In almost all cases, a pair of steel toed boots, a high-vis tucked into my back pocket so that it mostly hanged out by my leg, and black clothing like a tech/hand would wear got me basically anywhere I wanted, even places I had no right to go. Backstage? Never questioned. Audience seating? Never more than a glance. I could walk straight into the security room or behind the bar or wherever I wanted, as could basically anyone else on the crew. And I never needed more than £30 worth of clothing that looked about right, and the confidence of someone who actually was supposed to be there and in-fact was a little bit pissed off at having to go through security to do my job. It's amazing what a little bit of insider knowledge will do for you there too. As mentioned with the elevator test routine, just a few simple things you could pick up on any forum are enough to convince most people who don't know the trade that you do.
I was working security for M&T Bank Stadium for one of their music shows. But being a former stagehand I had some inside knowledge of what they should know. I had the kids of the project manager tell me they were stagehands and needed to drop off something. They were just there to get into the show for free. I made them coil an extension cord to get in. When they could not do it I refused to let them in and told them to pound sand. They called their dad who came down to give me crap. I had them coil the extension cord again to prove that they were not stagehands and to prove why I denied them access. I looked at the Project manager correctly coiled the extension cord and then threw it out in a straight line. I flipped back and said, "Now are you going to tell me this group is anything resembling a stagehand?".
I worked a few years doing subcontract IT maintenance and field service. It's incredible how easily you can access things like network rooms in office blocks and department stores just by carrying a toolbag and a random work order. I'd say only 10-15% of the time did anyone ever call someone to confirm my authority to be there. Stupid simple. They will literally show you where to go and open the doors for you.
Ive used a office folder to set off one of a request to exit sensor that my boss installed in a warehouse that held very expensive stage gear for a well known artist, safe to say it was reinstalled correctly😂
All kinds of pick tools around an office. Those metal strips glued inside filing cabinet folders at the top(like the part that allows the file to hang), make great Jimmy's for opening car doors that have the lock/unlock knob at the top of the door. Put a proper bed in the wire strip, and it can pop open those vehicle doors in seconds.
Everyone romanticizes nearly every job when they're on the other side of the fence. Once they learn the reality of those jobs, most people change their tune. I used to romanticize the military, mostly due to movies. Then I became a rifleman in wartime... How quickly I changed my tune. Anyways, it's already cool to learn how these guys operate.
My favorite quote from an infantryman. "You go in thinking you are Luke Skywalker, you come out realizing you were just a storm trooper" Now being a PMC you at least get to be a Mando lol
The craziest thing about the military is how clueless everyone actually is. No one knows what the fuck they're doing and yet leadership remains convinced that they do. Not to mention how slow it is to get anything done officially.
True, too much of a good thing, can be a bad thing. When I see pilots flying in the clouds I wonder how much they actually enjoy it after several thousand hours spent in the air? Some of them have tens of thousands of flight hours. But it seems that flying can be one of these jobs that are rewarding no matter how long it is done, especially when delivering cargo to some remote locations in the Arctic where people are waiting, etc.
Alright fair enough. I was ready to watch 45 minutes of someone talking about an industry where they test writing pens, like on paper and stuff but i guess not. sounds interesting even if it's not what I was thinking. I'll stick around :)
A light up Uber sign and the Uber sticker on your car can pretty much get you in any restricted parking area which is step one to getting into any restricted building
bizarre.. a few years ago i saw this same video from a different channel think it just showed up in my recommended videos one day and in the title mentioned it was a Deadwood hacking conference, as a black hills local thought that was interesting and watched the video which I found deeply intriguing. Now a few years later I am a computer science student, and I was watching coding and white hat hacking videos and came across the term physical pen testing. Upon hearing it i immediately thought of the deadwood conference where they were doing physical hacking. Then i typed in physical pen testing and this was the first video i clicked without knowing it was from that same deadwood hacking conference held a few years ago
So i was working at a big place 20 years ago, and we all had key cards that gave us access to some doors in the building, the doors had a card reader which you inserted the card into which turned the door unlocked if you had clearance. but we were working with magnetic shit, strong magnets (not neodynium) but strong ferrite magnets so often our key cards got demagnetized or corrupted. So people got stuck and had to call someone to come and open a door for them. New easy solution by the company, they installed new key card readers on every door, and they just told us "if you get stuck just place the key card in the card reader for 10 seconds and it will unlock" and the doors did unlock after 10 seconds. It was just a physical sensor that saw that something had been placed into the key card reader for 10 seconds and it unlocked the door, cardboard worked perfectly fine, so all of a sudden with a piece of cardboard you had access to everything in the building. Its a wonder no one noticed and stole the company blind. But i can see how a Pen Tester might have seen that, someone tries to get in, slides the key card in and nothing happens, so he does it again and counts down to 10 and the door unlocks, they would think "hmmm do you actually need a card or not?"
The look like you know what you’re doing is real asf I had friends that would steal hundreds of dollars of spray paint from various hardware stores by just loading a cart up with them and walking out
I can absolutely attest at how a metal clipboard can get you into places. Had a job not too many years back serving subpoenas for a living - not to individuals, but to big companies for various records related to litigations they were involved in. So I'd hit the front desk of these huge building(s) and get directions to the specific department I needed to visit. It was somewhat common to get a bit lost and end up somewhere, thinking "Oh, this isn't where I'm supposed to go", and then "OH, this isn't a place I should even BE" because I'd passed through numerous doorways with signs of the "Authorized Personnel Only" variety. Sometimes there'd be no security beyond such doors, but often times there'd be a desk and security right behind them. I'd just hold up the clipboard and give a wave and a "How's it going?" and march right on through. And I wasn't wearing any kind of uniform, just "business casual" attire...
Lol. @20:00 We stayed at a hotel in Phoenix. The bag greeters had like 5 or so golf carts to take people to their rooms. The hotel was a campus of haciendas, so to speak. But 11pm or 12 comes around and four of us were drunk and wanted a ride back. Well, no one was there to take us, but they had like 20* keys that all worked stashed in the bottom of the Podium right there next to the parked golf carts. I just had to look and give it a whirl. We had a good time getting back to our rooms.
I remember in high school I forgot my coat in a classroom and my teacher had locked the door and gone home. Forty-five seconds and one pencil later I had my coat in hand. I can't even pick locks that was just a simple matter of slipping the latch back. Keep in mind my high school was a school that had multiple gun related incidences in and next to the school so this was kind of inexcusable in my opinion to have doors that could be opened so easily.
Huh. Thanks algorithm; I don’t think I’ll ever need to use any of this and I’m not sure why you fed me this, but golly if it wasn’t entertaining and informative. Very nice public speaking from this gentleman.
This guy would have loved my complaints when I worked security. "This door has a 3/4 inch gap between door and frame at the latch. Literally nothing but 1/100th of an inch of latch is in the hole... anyone can get in this "secure" door." 3 months later and 10 complaints "here is a video of me using a BRANCH to get into the building guys, come on!"
Actually, the thumbturn deadbolt IS a code violation (IBC 1010.2.1 & 101.2.2) as this requires more than one motion to exit. The deadbolt shown on the aluminum pair of doors in this video is in violation of the building code. (T.J. Gottwalt, AHC, CDC, DHT, FDAI, FCSI, CDT, CCPR)
My frandfather was a locksmith his entire life. He did the OG Electronic Entry Locks at DisneyWorld. Used to have a van filled with key-machines and millionkeys and locks. Now I am a Home Inspector and Building Inspector plus contractor. But I still change all my own locks
This technique of sliding a door open, I used that when I was about six years old... this is over 30 years ago and over those decades we still have not learned a thing!
And back in highschool, I used the 1-26 keys to get around the building... nobody realized but I knew every number on every door! So keeping the door locked to shortcut to the cafeteria? No problem!
I had to bring my car to a garage at the airport some years ago. We live in a cold area and there was a gate where we forgot the code. We just chucked a piece of ice on the other side and it opened right up!
Imagine leaving the office, coming back to it having been ransacked, checking the security cameras, and seeing some dumbass open your door with a vape cloud xD
deviant ollam is one of my favorites simply just bc his attitude and how he acts lol very relatable..a lot of people try to be too professional like.....this is my dream job too really ive spent the last 2 years learning the cyber security/pentesting/redteam part of it and really hope i can eventually find a job in it somewhere its like perfect for my knowledge and prior lifestyle too and just everything
Ill tell you from experience this guy is so right about security being undertrained... I've been caught using an underdoor tool by a building security guard and got away with it because he didnt have a clue what it was.
Oh, another interesting point on the egress sensors. A square plate of steel will cause a vehicle gate in many places that use them. You could probably just tie a chunk to a rope and throw/slide it until you found the correct spot.
I've been in the commercial door, frame and hardware industry for 23 years. I tend to use a a vertically steel stiffened door with Von Duprin 9875 3 point (top and bottom rod and rim latch), latching threshold with security stud hinges and a Frontline interlocking astragal. Sex bolt the exit device. If it needs acces control add latch retraction and RX switch if needed. Will work reliably, meet life safety, not allow use of pry bars, under door tools, etc. It's an expensive opening but worth it if you really need a secure, compliant and reliable opening.
That was great. One thing I always thought too is I bet you can get in to places that have door codes by simply calling and ask for them. Lot of companies just give them out because they always have contractors going into these places. The common keys is frightening though, I would have just assumed that when you buy one of these panels you get a at least semi unique key, like when buying a pad lock. Now I kinda want to buy those keys just so I can test them out lol. I imagine fire panel keys are all the same too. There is stuff in there you could do to basically open every single door in the building.
I thought the physical security industry was screwed up enough from LockPickingLawyer's presentation at SaintCon...this is just on a whole other level. Ever wondered what good "security by obscurity" does you? Well, this is it LOL
I was a Phisical security specialist in the Navy. I still keep a small L pick in my pocket. I freak my friends out all the time when they go to open their front door and I just say "I got it" and swipe the latch. Then I show them why I was able to and reinstall the latchplate correctly.
Definitely have used some of these basic techniques to access stuff just for funsies. If I can do it anyone can do it. My highschool classmates and I used coat hangers to slip the unprotected jams at school. We never told a soul we had easy access, we just had fun with it. Roof access. Access to administrative offices. It was easy. Physical security is only as good as the weakest link. You gotta start from the easiest thing to attack first and then move up from there. Nobody cares about a high-tech access scheme if you can just blow a balloon through the door.
What i have done in the past is add more than one type of access on a card with a completely different format and a separate encryption key for a Secure area only for Authorised personal. They were not security guards or cleaners. Most users only had the main credentials. Also using a unusual format is a hindrance for most, many formats are just not practical anymore.
That universal key thing applies to a lot more than just telephony boxes: traffic light controls, electric meters, transformers, commercial irrigation timers, etc.. He mentions the CH751, for example...
18:12 it seems to depend on the particular handle - the ones in my house (although they dont have locks) only go down I have also seen one with a really tiny thumbturn on the inside that would also inhibit the handle from the inside (thumbturn would be impossible to grab you basically have to pinch it to actuate it) that does go up. I remember discovering the ability to pull handles up to open them ages ago - it was pretty interesting to young me
Can't believe I watched all of this. I have no business with the info, but the speaker did a great job of keeping me engaged. Good video, if not a bit scary. I hope the water treatment plants paid attention
Our company's main office is about 300 miles from me. But my office has a backup server in a locked closet. One day the building manager showed up at our office and needed access to something. Can't remember what specifically he was looking for. Maybe the circuit panel or something. I don't know. Doesn't matter. Whatever it was he couldn't find it anywhere in the office so he assumed it was in the only remaining room in the office which was of course locked. And only the IT guys 300 miles away had the key. Someone did call IT to let them know like hey some dude is here claiming to need access to the server room. But anyway he first tried the under door rod thing. It didn't work because there was not enough space behind the door to get it far enough under the door to lift it up to the handle. So next he went from the top. The office has a drop ceiling with ceiling tiles. And turns out the wall for that closet only goes up to the drop ceiling. So all he had to do was pop out a ceiling tile, then reach over the wall and pop out a tile on the other side. He shined a flashlight into the server room for a minute. Didn't find what he was looking for and left at that point.
Might grab one of those thumb turn tools... pretty neat. Our standard industry keys are different in NZ, but they're the same story. Cool presentation!
I grew up in downtown minneapolis and spent a lot of my time in the skyway just wandering around and ending up places on accident, then when I got older, on purpose, it never occurred to me that it could be a job lol
Duuuude. Deviant ollam! Breh, this video is like, five, six years old. But shit, this takes me back. Started my career in NDT entries after this conference
Im a Electronic security tech. They messed up the codes and lost access. I got a ladder, lifted a ceiling tile, and used a umbrella to lift the free access handle inside. The bank manager was horrified.
That’s actually what I fantasize about every time I walk into a Chase bank. They all seem to have those hanging ceiling tiles.
Retired Marine. Secured server room, guy with the key was literally on the other side of the world. Grabbed a bucket and dropped a mop vaguely at the handle and open sesame. Got a counseling to never do that again.
I had an assignment to assess IT security at potential vendors for a Fortune 50 company. I visited server rooms, and asked for a broom. "What?!?" Pushed up ceiling tiles to show that the server room walls ended at the ceiling, and the opening above was easily accessible.
Up and overs are another easy, low-cost thing you can do to gain access. This is why walls that go up to the ceiling are required in secure places in the gov't sector.
I'm a carpenter with a hobby interest in this stuff. We did a refurb on a bank in Chicago and the security flaws were amazing and obvious!!!
I was not expecting to watch a 45 minute video about an unrelated field, yet here I am... both transfixed and deeply worried.
Deviant does that to you
Yup love this
Don't be worried. Ever heard of exaggeration? This guy just reached a whole new level in it! 😂
I thought 'pen' tester was a stationary thing
@@taunteratwill1787 We are both 4 months late😂
But are you sure this guy is exaggerating?
He is not, I work in IT and if you ever listened to IT and OpSec professionals - IT security is universally bad.
Back in my university days, I used to go around and help people break into their dorms when they were locked out. Front desk would give you your first lockout for free, and $50 per incident after that. I’d go around for $15. Bent dry cleaning hanger, paracord and my phone camera on selfie mode and I could get in in seconds from underneath. Always blew people away how fast and easy it was
Now that's a way to undercut the dorms! Lockpicking lawyer vibes xd
Wait, locking the dorms? Where you live and keep your personal belongings? Why would anybody do that? Is that some united states specific thing that no one else does again?
Ok, maybe you meant locked out like when you forget your keys were inside, that makes sense. But paying for this? That's absurd
@@czarnyakafrancuz5192 Calling a lock company to get you into your flat after having locked yourself out is way more expensive.
@@Time4Technology Lock company? Shouldn't the dorms have backup keys for every room? They do in most places in poland.
The "look/act like you're supposed to be there" thing is so very effective. I used to do fire performance at big festivals, and I lost my credentials once (they're supposed to be on your wrist, but costuming doesn't always allow that) and when they stopped me at the gate, I was in costume and just told them I was a performer and I'd lost my credentials. They balked at first, but when I asked if they wanted to explain to the performance director why their performer wasn't showing up to his scheduled sets, they let me in.
Okay, costuming seems like a pretty clear indication someone's supposed to be there, even amongst festival goers, full body paint is generally farther than most people would go dressing up.. so I tried it in just black cargo shorts, a black tee shirt, and a disinterested, busy look on my face, found a case of water to put on my shoulder, and walked through security checkpoints without anyone saying one word to me and I was backstage. The specific clothes to wear in order to look like you're supposed to be working there might be different, but the facial expression and body language are pretty universal. Purposeful walk, busy facial expression, don't avoid eye contact just ignore everyone else and focus on where you're going. Unless security is particularly strict, places like loading docks, backstage, service areas.. usually nobody will even say anything.
Combine this with a high vis yellow west and you're unstoppable
There’s a guy that snuck into an NFL practice doing that. They realized he wasn’t supposed to be there about halfway through the practice. The guy was doing drills, running routes and everything
There’s always the “worried, I’m looking for someone”, most people are kind by nature and will let you go almost anywhere.
High vis + name tag + hard hat + clipboard is essentially an invisibility cloak in any office building, construction site, warehouse, or performance venue.
Imagine going to jail dressed like a fire performer though
Timestamps for self:
8:05 - Hiting crash bar with bent coat hanger
30:15 - Common keys
41:35 - Going over quickly all types of keys
What you planning, buddy 😆
@Thomas B🏳️🌈⃠ I like you’re name. It’s cool that you’re gay and proud of it.
@@shaan702 whats wrong with people named Thomas?
@@shaan702 thomas really b gay
@@shaan702how do you make the denier
You can trip many "request to exit" sensors by just slipping a piece of paper thought he top of the door, so it becomes a "request to enter".
Many automatic sliding doors have the same issue. My company has RC2 and RC3 automatic doors. Reinforced glass, multi-point locking device that drives steel pins into the floor, Optical locking feedback (blinking LED) etc etc. Customer? Puts it on one way so the exterior sensor gets ignored (the machine doesn't even lock in that mode by default lol).
Got locked out of my retail employer at closing and the security guard could see me trying to get back in. I grabbed whatever was in the top of the trashcan and tripped the sensor from outside. The guard wasn't quite as smug after that.
correct terminology is "Request to Exit".
make sure to write "please let me in :-)" on the paper though so it's official
Used to do this in New York when I was in EMS there. Hospitals want us to park in certain spots and walk all the way around the hospital, but fuck that, we would swing the patient slide board past the sensors to open them or just shimmy the latch with our ID cards.
I think I need to get into this business because I knew 90% of this just from goofing around trying to see what kinds of stuff/places I can get into. Was looking for a bathroom one time while riding my bike on a really long trail (urban area) and ended up inside the production floor of a facility that was supposed to be sterile and inaccessible. The workers had a habit of going outside for smoke breaks through an unsecured door on the side of the building so I just pretended to be a new employee, chatted with one for a minute, and followed them inside. They didn't even ask me what I did or who my supervisor was, etc. Used the bathroom and left without anyone ever knowing I was there and felt like I had discovered a superpower.
There's ALWAYS a "smoking door" at most places. I worked at convention centers all around the country...never went in the front door.
One big problem is when the law says "you have to do x" when x is something that lowers security (in many places you are required by law to have a lock-box on the wall that can be opened by emergency services so that they can get in if they need to and in many cases those lock-boxes have been shown to be flawed)
It's kinda crazy when he mentions in another of his talks about how many of those lockbox keys get lost. Not only do keys to a whole city really exist, folks are losing over them at a faster rate than 1 a day.
5 minutes on the Lock picking lawyer's channel will show people how to defeat key boxes
@@Rachel_M_ Why no-one makes a combination lock-box that isn't a piece of junk capable of being opened in 20 seconds is beyond me (surely there is a market for such a thing that can't be easily accessed)
@Blayne Bradley See the problem there is you see workers as fellow people. So it's unlikely you or someone like you would end up in the position to make those decisions. Security benefits the company so they will happily choose to do it. Safety benefits employees, and is usually only done if it's legally required.
@@JayJonahJaymeson "" losing ""
Best “act like I belong” moment of my life was as a punk teenager.
I was skipping class at school. The teacher who’s class I was skipping knew exactly where he would find me. He sent one of our school administrators to the vocations building. I had lied to my vocations teacher that I was allowed to be there. The administrator went to the vocations teacher and asked if I was there. My V-teacher was like, “Yup. He’s in such-and-such a room.”
Now, there was a whole huge group of us skipping together from a variety of classes all in the same place. We had the youngest Freshman just outside, door open so he could still be social, on lookout duty. He runs in and says, “Mr so-and-so (the administrator) is on his way!”
It was like fucking cockroaches. No one else had the foresight to lie to our V-teacher to be there. So, they all hide behind the cubbies in back, in stand-up closets for coveralls and brooms and such, one even stood behind a large American flag because it was behind the cubbies, so you really couldn’t see his feet. It was hilarious.
I sat there cool as a cucumber. I didn’t suspect the admin was on his way for me. I had permission from the V-teacher to be there. I wasn’t worried.
Admin walks in and sees me all by myself reading a book or some such thing, just chillin’. “Hey, Mr. So-and-so the V-teacher told me that Doug Moore is in here. I was sent by *insert name of teacher who’s class I was skipping at the time* to get him. Have you seen him?”
Me, “Nope. I know him, but I haven’t seen him all day.”
Admin, “Alright. Well, if you see him, tell him to report to Mr. so-and-so. He’s going to get written up and have detention,” and he left.
A gaggle of fellow teenagers burst out of their hiding spots utterly amazed! LOL! I wasn’t a cool kid. I wasn’t Mr. Always-play-it-smooth. It was just this moment in my life where I realized that people in charge don’t care and don’t pay attention. The Admin didn’t know me from any other kid in the school. If I lied and pretended to belong, he would just move on with his day.
As stupid teenagers we used to rig door handles in high school with a solenoid and a 9v battery. Needless to say the fun was replaced by suspensions.
@@Qwijebodid those doors with the suspension rooms not have solenoids or why could you nkt6get out of there? xD
The "don't care and don't pay attention" thing is a wonder for getting in to places. Back in high school we used to sneak into the computer rooms at lunchtime to play games (and access the server to give ourselves unlimited internet access), and we'd get in by finding a teacher we didn't have for any classes, and saying "oh I left my calculator in the maths room, can you unlock it so I can get it?" and when they did (and stood outside waiting), you could just walk through an access door into the computer room, unlock the door, then exit through the maths room. Teacher didn't know who you were and didn't care what you were doing, as long as you came out of the room a few moments later carrying a calculator.
And when you got caught in the room by another teacher, you could just say "oh Mr. [IT teacher] let us be in here to work on an assignment" and the teacher wouldn't bother to follow that up because they were off to have lunch or get ready for the next period or whatever. If you weren't being loud or destructive, teachers really couldn't be fucked.
In 1970 a UK department store chain used men in brown uniform coats to deliver and set up displays. One day men in Brown coats cleared 1/3 of a floor put it in their van and drove off totally unchecked. They did not work for the company
🤣🤣
Can't begin to count how many deeply layered secured locations would let in a copier repair tech in w/o even checking the bonafides as to whether a service tech had actually been called out. Security would issue me an all access guest wave badge after signing in at the front desk, toolbag in tow. Places I had no buisness having that ease of access. Casino counting room floors, police impound areas, military armories, judges quarters, even a governors office once. If i'd had ill intent when I ran my buisness I could have walked out with weapons, hundreds of thousands of dollars, Jewelry, drugs, you name it.
I used to deliver sandwiches. I didn't generally get into *very high* security places, but I definitely got into some places by just saying "Hi Jimmy Johns I've got a delivery" where I should not have been able to enter easily and unsupervised. Like I actually was just there to deliver sandwiches, but it'd be plenty easy to just order a delivery, put it in your backpack, and then try the call box somewhere and worst case you show them the bag and read off the name and they go "there's nobody here by that name, I think you've got the wrong address" and oh well failure, but you're not in trouble at that point or anything.
Why didn't you , I would have and a simple denial if later asked prove it if confronted
What military armory has a copier in it? Ours was in the office.
@@milewesler9592 What, you didnt have a fax machine or printers anywhere else at yours? I find that unlikely. Copier techs work on all three of those.
@@brianhirt5027 the armory was its own separate lockup. The printer and fax where over by 1sg office.
I’ve always wanted to try pen testing.
I’ve been a facilities engineer for about 5 years now, spent a lot of time playing with door control systems.
Trust me that real world experience goes a lot further than graduates who learnt how to SQL inject web pages during a 3 year degree.
oh yeah working at anywhere with secure entry/exit for a long period of time, i don't know how anyone resists thinking about how to circumvent that security even if they're not intending to do anything. every time my building updates its secure entry/exit i find a way to reliably get around it within a couple days lol
I remember once on a school trip at a hotel our room's card was at one of my roommates who was supposed to arrive a couple hours later than me. Since I was very tired and didn't want to wait it out in the lobby I noticed there was a noticeable gap between the door and the frame, big enough for me to slide in my credit card and get in. Thanks to this video I now know, four years later, that this is a pentesting technique.
After I had been in the Army for about 6 months my unit went to JRTC Fort Polk, LA. I think I was a PFC (E-3) as was my buddy (what's up Mike if you see this). The Army flew the soldeirs to Ft Polk but our gear (vehicles, howitzers, etc) went by rail. We got ther about a week before our gear. When the time came for our gear to show up we were supposed to have a driver and TC standing by to drive the vehicle off the train and take it to the motorpool. Myself (the TC) and Mike (my driver) went to the designated spot at the designated time. We were just standing around waiting (our gear was late). While there a guy asked us to hand off his radio (handheld walkie talkie type) and clip board to the guy that was supposed to releive him because he had to use the restroom and couldn't wait any longer). I discoverd, you can run the US Army if you have a radio, a clip board, and balls. I had complete control of the rail yard and had a line of people waiting to take instructions from me (including a Major and severa other officers).
One thing I found squashed all discent and questioning instantly was pointing with the radio antenna. No idea why, but when you do that people cannot disobey.
Since shortly after that day I've always carried a clipboad and radio in my truck. I recently added a generic hard hat and reflective vest.
My last job was working in a bank and we had HORRIBLE physical security. "Hey man I'm here to work on the ATM" Pretty much any employee would give them their own personal key fob and they would be let inside. It's also funny to note that each key fob worked on EVERY door. I was a teller at my branch and I could literally use my key to get inside any other branch, their secure rooms, hell I could even just walk into the CEOs office with it. Granted it was a small credit union but still I look back at it with amazement
nice profile pic
As fun as this is the law thinks differently especially concerning banks.
I work in the Access control industry, I've always called it the illusion of security
This !!! 100%
Yep. It’s enough for most people. I guess lol.
Hey maybe let the sound guy know you intend to have sound playback in your presentation beforehand. Sound techs aren't going to just have an input source cranked up if it isn't going to be used, otherwise it introduces speaker buzz distracting from the live, spoken word sound. If you're going to have sound coming from, say, your laptop, make sure your laptop is properly outputting audio so it can be piped out to the speaker setup in the room. Don't just demand it work out of nowhere beforehand.
Came looking for this comment. He was a complete tool to the sound guy in this video
Yup. If someone acts like that much of a twat about something minor in a presi, is actually given the solution (theres a fucking remote right next to you) and then whines and "oh well i cant be fucked ill just go on", imagine how much of a massive cunt they are in private.
@@williammartin9751 Yeah, he was a real douche about it. Probably insecurity on his part, but I'm guessing he is insufferable to be around in general if that is his default reaction. I'm so happy I am out of that industry now. It's always some guy with a powerpoint that never responds to any pre-production emails about their technical needs, and then shows up last minute with either a ton of ridiculous requests, or you have to chase them down to even get a microphone on them, and they don't know how to use it. And this is always after days of dealing with back-to-back powerpoints presenters who all think their presentation is the only presentation of the day.
Do you guys not understand that this isn’t a “serious” conference..? Everyone is joking around with one another. It’s literally called “Wild West Hackin’ Fest.”
i love you
With the tips from this video I managed to break into three different IT rooms and music instrument locker rooms at my school. I let a higher up teacher know about it and he used the footage to get the school to finally replace all the old IT systems and band room which they’d been holding off for a few years at that point. Awesome stuff.
Scolding the people in control of sound is like being rude to your servers, valets, janitors, etc... While you have that one 45 minute presentation that is all you are thinking about, they have been there days before and will be there cleaning up the day after, and you probably ignored the emails they sent you asking about your presentation. So while you know what's on your presentation, they likely have no idea... and there is a full day of presenters that also didn't do anything but think about yourself.
As an Audio guy he really rubbed me the wrong way this video. Immediately scolding him and calling him useless when it might not of even been his fault..
@@doom2508fr
Yeah that was horrible to listen to
You guys are really a bunch of pansies lmao (also he didn't even call him useless)@@doom2508
Yeah; sound was on and up, but he had the remote, which he then didn't even use, and gave up after 5 seconds
I'm a Software Engineer, and it's crazy that you can just clone a keycard by being near it. There are all sorts of methods in cryptography, using asymmetric keys and encryption, which would completely prevent cloning of a keycard. Keycards can power a small processor using the energy from the door key reader. It's baffling to me that these security companies who design these systems don't do this
I find it baffling car manufacturers dont use those same techniques to ensure cars cant be started without the key . Its not like its huge extra cost .
@@tubewatcher97 car manufacturers use rolling codes though so, not that easy.
The cards that just put out one number are cheaper to make is why they do that & no one is still keeping what he talks about to heart.
I found a vulnerability on a hotel door lock where I can brute force the password used for every lock and set the master card bits. Two local hotels I know of have these locks.
@@Sool101 i think you have to jam the car key signal and record it. Basically some sort of man in the middle attack
I should also note that the same thing happens to physical security as computer/device security: If you make it hard to use, people will find a way around it. When you make people have to choose complicated passwords that you mandate must be changed every 2 weeks? You get a lot of Post-It notes with passwords. You also have a rise in internal customer service tech calls for people who forget/lose passwords. None of this is very secure. Good security, physical or computer/electronic, should be as easy to use as possible, so that people follow the correct procedure rather than finding a work-around. Great examples of what not to do leaves the security open to "key issues," which Ollam's team often takes advantage of......
I met a guy who worked for cybersecurity pen-testing company that also had physical pen-testing people. He seemed to LOVE his job. I was telling him abt accidentally leaving my computer on overnight years ago at a bank and getting in trouble (one time warning) the next morning. He said if employees at companies he was pen testing didn’t have their computers secured, he would put something on it to go off like an alarm during working hours that took over the screen w a message like “I’m the idiot who left my computer on!!🎉” Seemed like it paid well too.
If he's leaving messages on computers, he's not doing the job right, the break in, is just as important as the clean up. We aren't supposed to leave traces of activities.
If you have physical access to the PC, in a lot of cases it doesn't matter. The only exception to this is if there's stuff on there like Bitlocker that encrypts the hard disk. If it's an unencrypted drive it's game on.
That's funny. Most office jobs I've worked we had the unspoken rule if you left your computer and it was unlocked it was fair game to mess with you. My favorite thing to do was hide all their desktop icons and taskbar, open a ton of windows, take a screenshot. Close them and set that screenshot as their background. See how long it took them to figure it out.
Acting like you belong always works. Be confident and don’t hesitate. As a locksmith of nearly 16 years I’ve seen some of these tricks but there were a ton I hadn’t. Love this video for my own professionalism. Kinda also hate it exists for everyone to see too. A major eye opener at some of the things you can do though. Wow!!!
I had a huge grin through the whole video. Great stuff!
I'm slightly creeped out imagining that
@@Corn0nTheCobb i have the same feeling, i dont even know if this is a niche or a real field people enjoy or what
As a software developer, this is very interesting.
Also I feel like no one in the audience has any idea of what he's talking about when he gets too specific and makes jokes.
Which is also funny
Awesome 💯, I do vegetation maintenance on cell towers mainly, but also do a lot of other construction, electric/jobs. I'm constantly having to access cell towers on private property or Forest service Land so I taught myself to bypass pick and decode locks. My boss doesn't even have a clue how much time I save him from people changing codes locks and other stuff. Instead of getting on the phone and calling a tech or a landowner, I just let myself in. Sometimes I get into trouble and just say that the Lock was open😅😅😅
lol that's wild.
couldn't you jeopardize someone's job if you say that a lock was left open though?
Could you recomed a YT videos on how to learn it,,, just in case I ever need it
"vegetation maintenance", so you're a gardener?
@@mattd6085 life is what you make of it!
If you plant good seed and plant you shall receive a good & plentiful crop multiply.
If you plant bad seed then you shall received a diminished & inadequate crop...If you neglect to be discipline the weeds will overtake the garden.
Life is a garden & we are all gardeners do not neglect to do what you can do,the best you can, as soon as you can, be discipline!
@@vikingored7469 lol
I was a burglar as a child. I've used a lot of these tricks. The outer hinge was always a great sight to see. I once spent multiple days unscrewing bolts to remove siding just to find my access point blocked by a pallet of concrete bags which I then painstakingly removed and relocated one by one. I believe I was 12 at the time. I'm glad I got all the trouble behind me as a kid. It's all expunged now. :)
Hahaha...when I was around 12 or so, I had a few friends who removed the screws from the back of the steel building that housed the local beer distributor. They removed a few screws, pulled back on the siding...and success. Pretty bad design, really.
@@mtnvortex lol in high school we learned about keys from our shop teacher. I can't think of all the phone boxes and vending machines we opened.
this talk was so captivating i didnt feel the 44min flying by
“Turn the sound the fuck up please”
“There’s a remote oh wow”
Glad I don’t work for him lmao
Dude you and me both
You guys are too hard on him. You have to remember that nowadays he employs enough sjw dribble that it offsets his true sense of entitlement.
Whatever you've never been on stage with shit not working before it's a very shitty feeling. Especially when you're speaking about being an expert at something
@@baddawgie0well I have and while I agree is a shitty feeling and takes a lot of control, you shouldnt be mean to the people running the show. I agree though you could tell by his intonation that he waa getting nervous and probably was just compensating by changing it to frustration
I was just coming here to say the same thing. This guy may be an awesome pen-tester but he's a colossal a$$hole. I would never work for him and I wouldn't hire him to pen-test my company. The way you treat people when you don't HAVE to treat them well says more about your character than anything else in your life.
Back in the 90's I did this with our executive protection clients with a get out of jail free letter from the client. Once we had security acceccing all the head hp'sboffices. It was one of my favorite job I ever had.
Deviant Ollams content is always great
Except for when he is arrogant and pompous.
@@74KU which is always
@@74KU that must serve him for the "look confident" part when testing security...
@@74KU The talk is interesting but man he seems like a dick lmao
It's fun to find an SQL injection bug. It's a lot more fun to find a witty message from a dev saying "thought you were clever huh?"
loving that this comments section is 60% "be nice to the sound guy >:c" and 45% "here's my smoothest security break moment" & 5% "don't know why I'm here but good video" lol
i love pen testers looking at a door and saying "i could get in"
My High school like 10 years ago got a new engineering lab. the doors are the glass frameless doors (altho it does have a deadbolt) It also has the locks on the bottom but uh oh who ever installed those parts on the floors didnt install it right. The deadbolt dosent work either. If you just pull really hard there is enough clearance in that lock that lets you just open the door.
I totally didnt abuse this system.
My proudest moment was at a 24/7 gym. My buddy had a membership, i just went in with him to work out. No staff at night, so it wasn't a problem. One night, his card didnt work on the slide scanner on the outside. He thought we were SOL, and for a moment I did as well. I remembered that on the inside of the door, it had a motion sensor. The gym used to be a physical rehabilitation center for a hospital; motion sensor was for disabled people who might have a hard time with a door handle.
I grabbed a piece of notebook paper, folded it a few times, slipped it between the top of the door and the frame, and just swung it left and right while i pushed on the door.
We never paid for a membership again.
Doesn't hear sound "Yell at the guy in the back, he's not doing anything" when he find out there is sound "turn the sound the fuck up please" when he find out he has a remote "this is like dad's living room remote" possibly when he realises how obtuse he was just being even though the problem is fixed homie goes dismissive of the situation "whatever I'm gonna continue" -damn, I don't know if you were just crazy nervous or smth but you sounded like a jerk. Good content though aside from the manners.
I used to print t-shirts for a dance club and printed my own with security on the back of it so I never had to pay getting into the club. LOL
This is such a cool video. It's really interesting but also extremely educational. I didn't know there were this many issues at so many places.
There aren't, he just likes to make it look like a global issue. 😂
@@taunteratwill1787 I mean, with that logic wouldn't you be doing the same without any source, stats or citation? Granted you didn't make a whole seminar out of it, you're still shitting up the pot eh.
@@Varsonin Due to my work I get to stay in hotels almost all over the English speaking world for 12 years now. I know this is NOT an issue. Happy genius? 😎
@@taunteratwill1787 Just happy to see you take accountability for your last comment. Cheers.
@@Varsonin still doesn't mean anything to me though, i'd sooner trust the guy who made an entire seminar than the guy on the comment section who's stayed in a bunch of hotels
That was one of the most incredible things that I have ever watched on Utube in my life!
fascinating 44 minutes, ...probably on a gov list now, for watching that.
Geez, him bitching at the guy in the back over the sound was so cringe. Then when he realized he had the remote, he still had to cry about just to be difficult. That just summarized this guy’s whole personality in 30 seconds.
Old but gold
Been doing IT for years and knew a few of the tricks but not all of these. I would LOVE to do work like this, wow.. What a blast. I know this is 2 years ago but I wanted to watch this more and more! lol
Same boat bro. Stumbled across this and stayed for the whole thing. Not only is this intriguing but they speaker caught and kept my attention. Been doing IT as well, and just recently bought a FlipperZero and $400 worth of bypass tools. It’s scary how fast I can pick almost every lock in my house… the illusion of security is enough for most people. I guess.
Look as though you belong is one of the most powerful anti-security tools in existence.
I spent about 4 years working as a stage crewman, and that meant I was often issued a AAA pass so that I could get anywhere I needed to to set up the show (or the reverse), however a lot of shows wouldn't bother with passes. In almost all cases, a pair of steel toed boots, a high-vis tucked into my back pocket so that it mostly hanged out by my leg, and black clothing like a tech/hand would wear got me basically anywhere I wanted, even places I had no right to go. Backstage? Never questioned. Audience seating? Never more than a glance. I could walk straight into the security room or behind the bar or wherever I wanted, as could basically anyone else on the crew. And I never needed more than £30 worth of clothing that looked about right, and the confidence of someone who actually was supposed to be there and in-fact was a little bit pissed off at having to go through security to do my job.
It's amazing what a little bit of insider knowledge will do for you there too. As mentioned with the elevator test routine, just a few simple things you could pick up on any forum are enough to convince most people who don't know the trade that you do.
I was working security for M&T Bank Stadium for one of their music shows. But being a former stagehand I had some inside knowledge of what they should know. I had the kids of the project manager tell me they were stagehands and needed to drop off something. They were just there to get into the show for free. I made them coil an extension cord to get in. When they could not do it I refused to let them in and told them to pound sand. They called their dad who came down to give me crap. I had them coil the extension cord again to prove that they were not stagehands and to prove why I denied them access. I looked at the Project manager correctly coiled the extension cord and then threw it out in a straight line. I flipped back and said, "Now are you going to tell me this group is anything resembling a stagehand?".
I worked a few years doing subcontract IT maintenance and field service. It's incredible how easily you can access things like network rooms in office blocks and department stores just by carrying a toolbag and a random work order. I'd say only 10-15% of the time did anyone ever call someone to confirm my authority to be there. Stupid simple. They will literally show you where to go and open the doors for you.
Because the things that they do in this video are so incredibly rare in the real world that it doesn't really matter.
@@moe47988 burglars are rare too.... So it does not matter??
Ive used a office folder to set off one of a request to exit sensor that my boss installed in a warehouse that held very expensive stage gear for a well known artist, safe to say it was reinstalled correctly😂
All kinds of pick tools around an office. Those metal strips glued inside filing cabinet folders at the top(like the part that allows the file to hang), make great Jimmy's for opening car doors that have the lock/unlock knob at the top of the door. Put a proper bed in the wire strip, and it can pop open those vehicle doors in seconds.
Everyone romanticizes nearly every job when they're on the other side of the fence. Once they learn the reality of those jobs, most people change their tune.
I used to romanticize the military, mostly due to movies. Then I became a rifleman in wartime... How quickly I changed my tune.
Anyways, it's already cool to learn how these guys operate.
My favorite quote from an infantryman. "You go in thinking you are Luke Skywalker, you come out realizing you were just a storm trooper" Now being a PMC you at least get to be a Mando lol
The craziest thing about the military is how clueless everyone actually is. No one knows what the fuck they're doing and yet leadership remains convinced that they do. Not to mention how slow it is to get anything done officially.
@@niksatt4843 PMC: "you go in thinking you're Mando, you come out realizing you were just Greedo."
True, too much of a good thing, can be a bad thing. When I see pilots flying in the clouds I wonder how much they actually enjoy it after several thousand hours spent in the air? Some of them have tens of thousands of flight hours. But it seems that flying can be one of these jobs that are rewarding no matter how long it is done, especially when delivering cargo to some remote locations in the Arctic where people are waiting, etc.
Miliary is pretty cool if you don't go in as an infantryman and instead go in for SOF.
the weight vest guy is why we aren't even allowed to talk to the cash collectors or vendors unless we were assigned to
Alright fair enough. I was ready to watch 45 minutes of someone talking about an industry where they test writing pens, like on paper and stuff but i guess not. sounds interesting even if it's not what I was thinking. I'll stick around :)
lmao
INB4 "Pen island"
I thought the same thing.
Lol me too. 😂
That story about pretending to be an elevator tech was amazing 😂
A light up Uber sign and the Uber sticker on your car can pretty much get you in any restricted parking area which is step one to getting into any restricted building
The computer duster trick blew my mind
This feels like a presentation you would see in a "Minions Villain-Con".
These must be my people! I love finding new ways around security. My friends all say I need to work in loss and prevention.
sagenhaft! Do what You do to make it more secure for us all. Great speach and keep smiling. Cheers, BM
bizarre.. a few years ago i saw this same video from a different channel think it just showed up in my recommended videos one day and in the title mentioned it was a Deadwood hacking conference, as a black hills local thought that was interesting and watched the video which I found deeply intriguing. Now a few years later I am a computer science student, and I was watching coding and white hat hacking videos and came across the term physical pen testing. Upon hearing it i immediately thought of the deadwood conference where they were doing physical hacking. Then i typed in physical pen testing and this was the first video i clicked without knowing it was from that same deadwood hacking conference held a few years ago
THEY KNOW
I am glad I found this. Some type of Pen Tester is a dream job I am working to.
So i was working at a big place 20 years ago, and we all had key cards that gave us access to some doors in the building, the doors had a card reader which you inserted the card into which turned the door unlocked if you had clearance.
but we were working with magnetic shit, strong magnets (not neodynium) but strong ferrite magnets so often our key cards got demagnetized or corrupted. So people got stuck and had to call someone to come and open a door for them.
New easy solution by the company, they installed new key card readers on every door, and they just told us "if you get stuck just place the key card in the card reader for 10 seconds and it will unlock" and the doors did unlock after 10 seconds.
It was just a physical sensor that saw that something had been placed into the key card reader for 10 seconds and it unlocked the door, cardboard worked perfectly fine, so all of a sudden with a piece of cardboard you had access to everything in the building. Its a wonder no one noticed and stole the company blind.
But i can see how a Pen Tester might have seen that, someone tries to get in, slides the key card in and nothing happens, so he does it again and counts down to 10 and the door unlocks, they would think "hmmm do you actually need a card or not?"
The look like you know what you’re doing is real asf I had friends that would steal hundreds of dollars of spray paint from various hardware stores by just loading a cart up with them and walking out
I can absolutely attest at how a metal clipboard can get you into places. Had a job not too many years back serving subpoenas for a living - not to individuals, but to big companies for various records related to litigations they were involved in. So I'd hit the front desk of these huge building(s) and get directions to the specific department I needed to visit. It was somewhat common to get a bit lost and end up somewhere, thinking "Oh, this isn't where I'm supposed to go", and then "OH, this isn't a place I should even BE" because I'd passed through numerous doorways with signs of the "Authorized Personnel Only" variety. Sometimes there'd be no security beyond such doors, but often times there'd be a desk and security right behind them. I'd just hold up the clipboard and give a wave and a "How's it going?" and march right on through. And I wasn't wearing any kind of uniform, just "business casual" attire...
Lol. @20:00 We stayed at a hotel in Phoenix. The bag greeters had like 5 or so golf carts to take people to their rooms. The hotel was a campus of haciendas, so to speak. But 11pm or 12 comes around and four of us were drunk and wanted a ride back. Well, no one was there to take us, but they had like 20* keys that all worked stashed in the bottom of the Podium right there next to the parked golf carts. I just had to look and give it a whirl. We had a good time getting back to our rooms.
I have nothing to do with this field of work, yet still watched the whole video because it was presented in an interesting way.
I remember in high school I forgot my coat in a classroom and my teacher had locked the door and gone home. Forty-five seconds and one pencil later I had my coat in hand. I can't even pick locks that was just a simple matter of slipping the latch back. Keep in mind my high school was a school that had multiple gun related incidences in and next to the school so this was kind of inexcusable in my opinion to have doors that could be opened so easily.
Thanks UA-cam algorithm. Fascinating and very entertaining
Huh. Thanks algorithm; I don’t think I’ll ever need to use any of this and I’m not sure why you fed me this, but golly if it wasn’t entertaining and informative. Very nice public speaking from this gentleman.
This guy would have loved my complaints when I worked security. "This door has a 3/4 inch gap between door and frame at the latch. Literally nothing but 1/100th of an inch of latch is in the hole... anyone can get in this "secure" door." 3 months later and 10 complaints "here is a video of me using a BRANCH to get into the building guys, come on!"
This is a job I'm built for. Thanks to the speaker and uploader!
Actually, the thumbturn deadbolt IS a code violation (IBC 1010.2.1 & 101.2.2) as this requires more than one motion to exit. The deadbolt shown on the aluminum pair of doors in this video is in violation of the building code. (T.J. Gottwalt, AHC, CDC, DHT, FDAI, FCSI, CDT, CCPR)
if the building were occupied, sure, but after hours, why would you not lock up your sole income generator?
incredible, thank you very much for this.
My frandfather was a locksmith his entire life. He did the OG Electronic Entry Locks at DisneyWorld. Used to have a van filled with key-machines and millionkeys and locks. Now I am a Home Inspector and Building Inspector plus contractor. But I still change all my own locks
This technique of sliding a door open, I used that when I was about six years old... this is over 30 years ago and over those decades we still have not learned a thing!
And back in highschool, I used the 1-26 keys to get around the building... nobody realized but I knew every number on every door! So keeping the door locked to shortcut to the cafeteria? No problem!
I had to bring my car to a garage at the airport some years ago.
We live in a cold area and there was a gate where we forgot the code.
We just chucked a piece of ice on the other side and it opened right up!
Adding convivence usually lowers security. The more crap you have (lock boxes, Intercom, Rex/Fob, postal lock, etc) the more options I have to get in.
Imagine leaving the office, coming back to it having been ransacked, checking the security cameras, and seeing some dumbass open your door with a vape cloud xD
deviant ollam is one of my favorites simply just bc his attitude and how he acts lol very relatable..a lot of people try to be too professional like.....this is my dream job too really ive spent the last 2 years learning the cyber security/pentesting/redteam part of it and really hope i can eventually find a job in it somewhere its like perfect for my knowledge and prior lifestyle too and just everything
14:57 that was a great balloon noise, and a hilarious way to trip a sensor!
Ill tell you from experience this guy is so right about security being undertrained...
I've been caught using an underdoor tool by a building security guard and got away with it because he didnt have a clue what it was.
Don't blame the techs. Showmanship 101. Epic fail. Shame. Shame.
Oh, another interesting point on the egress sensors. A square plate of steel will cause a vehicle gate in many places that use them. You could probably just tie a chunk to a rope and throw/slide it until you found the correct spot.
This is just insane. At this point can it even be said that humanity has advanced?
I've been in the commercial door, frame and hardware industry for 23 years.
I tend to use a a vertically steel stiffened door with Von Duprin 9875 3 point (top and bottom rod and rim latch), latching threshold with security stud hinges and a Frontline interlocking astragal.
Sex bolt the exit device.
If it needs acces control add latch retraction and RX switch if needed.
Will work reliably, meet life safety, not allow use of pry bars, under door tools, etc.
It's an expensive opening but worth it if you really need a secure, compliant and reliable opening.
That was great. One thing I always thought too is I bet you can get in to places that have door codes by simply calling and ask for them. Lot of companies just give them out because they always have contractors going into these places. The common keys is frightening though, I would have just assumed that when you buy one of these panels you get a at least semi unique key, like when buying a pad lock. Now I kinda want to buy those keys just so I can test them out lol. I imagine fire panel keys are all the same too. There is stuff in there you could do to basically open every single door in the building.
I literally enjoyed EVERY minute of this and only got this in my YT because I watch the lockpickinglawyer lol
I thought the physical security industry was screwed up enough from LockPickingLawyer's presentation at SaintCon...this is just on a whole other level.
Ever wondered what good "security by obscurity" does you? Well, this is it LOL
I was a Phisical security specialist in the Navy. I still keep a small L pick in my pocket. I freak my friends out all the time when they go to open their front door and I just say "I got it" and swipe the latch. Then I show them why I was able to and reinstall the latchplate correctly.
Definitely have used some of these basic techniques to access stuff just for funsies. If I can do it anyone can do it. My highschool classmates and I used coat hangers to slip the unprotected jams at school. We never told a soul we had easy access, we just had fun with it. Roof access. Access to administrative offices. It was easy. Physical security is only as good as the weakest link. You gotta start from the easiest thing to attack first and then move up from there. Nobody cares about a high-tech access scheme if you can just blow a balloon through the door.
this is lit!!!!
enjoyed it all the way thoroughly!!!
I listen to this once every 6 months or so
i’ve watched this 45 minute video several times over the years
What i have done in the past is add more than one type of access on a card with a completely different format and a separate encryption key for a Secure area only for Authorised personal. They were not security guards or cleaners. Most users only had the main credentials. Also using a unusual format is a hindrance for most, many formats are just not practical anymore.
That universal key thing applies to a lot more than just telephony boxes: traffic light controls, electric meters, transformers, commercial irrigation timers, etc.. He mentions the CH751, for example...
The host is like a grown up morty voice
18:12 it seems to depend on the particular handle - the ones in my house (although they dont have locks) only go down
I have also seen one with a really tiny thumbturn on the inside that would also inhibit the handle from the inside (thumbturn would be impossible to grab you basically have to pinch it to actuate it) that does go up. I remember discovering the ability to pull handles up to open them ages ago - it was pretty interesting to young me
Can't believe I watched all of this. I have no business with the info, but the speaker did a great job of keeping me engaged. Good video, if not a bit scary. I hope the water treatment plants paid attention
imagine some erroristtays get in and dump fentanyl into the supply.
Our company's main office is about 300 miles from me. But my office has a backup server in a locked closet. One day the building manager showed up at our office and needed access to something. Can't remember what specifically he was looking for. Maybe the circuit panel or something. I don't know. Doesn't matter. Whatever it was he couldn't find it anywhere in the office so he assumed it was in the only remaining room in the office which was of course locked. And only the IT guys 300 miles away had the key. Someone did call IT to let them know like hey some dude is here claiming to need access to the server room. But anyway he first tried the under door rod thing. It didn't work because there was not enough space behind the door to get it far enough under the door to lift it up to the handle. So next he went from the top. The office has a drop ceiling with ceiling tiles. And turns out the wall for that closet only goes up to the drop ceiling. So all he had to do was pop out a ceiling tile, then reach over the wall and pop out a tile on the other side. He shined a flashlight into the server room for a minute. Didn't find what he was looking for and left at that point.
My living room door is more secure than most of the given security measures he mentions.
this is literally a course dropped from the heaven for thieves
Trust me we already knew all of these tricks. I make my own underdoors. We can figure it out by ourselves you people just assume crooks are all stupid
Might grab one of those thumb turn tools... pretty neat. Our standard industry keys are different in NZ, but they're the same story. Cool presentation!
I grew up in downtown minneapolis and spent a lot of my time in the skyway just wandering around and ending up places on accident, then when I got older, on purpose, it never occurred to me that it could be a job lol
Duuuude. Deviant ollam! Breh, this video is like, five, six years old. But shit, this takes me back. Started my career in NDT entries after this conference