You’re Probably Not Red Teaming... And Usually I’m Not, Either [SANS ICS 2018]

Поділитися
Вставка
  • Опубліковано 19 гру 2024

КОМЕНТАРІ • 505

  • @maracachucho8701
    @maracachucho8701 5 років тому +609

    I really hope all this comes up in the zoology exam I'm taking tomorrow.

    • @DeviantOllam
      @DeviantOllam  5 років тому +181

      If it doesn't, that exam is lacking. :-)

    • @maracachucho8701
      @maracachucho8701 5 років тому +39

      Piece of cake! Didn't even have to "red team" my teacher, if you know what I mean.

    • @HK-sw3vi
      @HK-sw3vi 4 роки тому +9

      I usually expect crime, law to show up on my physics exams

    • @anthonybracuti6898
      @anthonybracuti6898 3 роки тому

      what was in the exam in the end I wonder?

    • @jon...5324
      @jon...5324 3 роки тому +1

      haha i have a pharmacology exam tomorrow

  • @xer0334
    @xer0334 5 років тому +737

    So i am an actual technician, but the number of times ive turned up at a business and said i'm here to work in the comms room and they just let me in is astonishing.

    • @Delzra
      @Delzra 4 роки тому +52

      same. i work in fire protection and have to check every smoke detector tied to the central in building. so i usually get to go places i probably shouldnt be unsupervised, even as a 'technician'. now what could i do in an elevator control room? a server room? people these days.

    • @eriklindbergs5017
      @eriklindbergs5017 4 роки тому +50

      I'm a volunteer for (public safety organisation) and we do building safety compliance checks from time to time. Half the time I just show up in the service t-shirt, which anyone that volunteers has at least 2 of, and they give me a master key and let me wander around no questions asked. There's like 5 of us in the area who have the qualification to do these inspections out of over 2000 volunteers. And it's not like those t-shirts are a secure item, I'm sure dozens have been misplaced.
      But here's the kicker: Those of us who are qualified inspectors have an ID card that is separate to the normal one issued to volunteers and the paperwork the building manager needs to sign states they must check the inspector's ID BEFORE providing access. It's also in the service agreement and plastered everywhere on the panels we inspect. These people don't understand opsec at all.

    • @phimuskapsi
      @phimuskapsi 4 роки тому +22

      A couple years ago I was a tech on a job to refresh routers/switches in banks for a few different companies. They gave us a piece of paper from an email that basically explained who we were and what we were doing. 99% of the time there was no discussion, they just immediately took me to the server room, then locked up and left me alone in the building.
      One bank the manager asked if I needed to be in the vault, even offered to open it and leave it open for me.

    • @KoreanMeatball
      @KoreanMeatball 4 роки тому +14

      Used to deliver laundry.
      Show up in a white van with a hi-vis vest on and 99% of the time we'd get free run of anywhere, sure we'd have to sign in and maybe do a site induction for some of the big sites but yeah not once asked to actually prove I had laundry with me.

    • @scottcol23
      @scottcol23 4 роки тому +9

      @@phimuskapsi the vault is a secure room, it doesn't just have money and gold laying out in the open. At my bank there are 3 rooms. One is safety deposit boxes, one is storage of documents and the smallest of them all is the strong room with cash. Weirdly there is another floor vault in that room of which I don't know what is in it.

  • @christophergronhagen
    @christophergronhagen 5 років тому +496

    I use the "look like you belong there" when I get into the VIP area in clubs with just a GA ticket. I've used the back side of water bottle labels and napkins, folded into the right size around my wrist as a fake VIP band and followed a group into the VIP area. My favorite time was buying the same wrist bands on Amazon that the club uses, and looked at Instagram to see what color VIP was using that night. I have more fun figuring out how to get into the VIP area in different ways, than dancing or partying with friends in the club.

    • @DeviantOllam
      @DeviantOllam  5 років тому +131

      Those are some solid plans... Love the water bottle label. :-)

    • @infy33
      @infy33 4 роки тому +49

      When I was 18 I became a bouncer (6'4" 280ish college athlete) after being shot at, slashed at and burned I quickly realized that no one else had issues like me. Slept on it, realized quickly that your intellect and knowledge are much more powerful and versatile than physical.
      I'll cut to it. Owner says "People are getting in VIP filling it up and we only sold 2 VIP bracelets, must be security letting them in for a tip" it was $100 to get in for males, $50 for females (I never charged females, stupidest thing ever) found my buddy outside selling those bracelets for $20 so I quit and joined him :D

    • @famousamoso7
      @famousamoso7 4 роки тому +27

      I know super low key and bland.... but there was a fair next door to my house when I was younger. They sold wrist bands they gave you unlimited access to all the rides. Well I walked over 1 day and saw everyone walking out had hot pink wristbands on so I figured that was the color choice for the day (each day they changed it). As I was walking back home to find a suitable fake band I walked past a trash can in the parking lot that had a poster in it. And wouldn't ya know it was hot pink. I ripped off a piece of it and folded it to look like a nice wrist band and at the time I wore themed rubber bands (all had different colors and quotes). So I tucked the hot pink wrist band in with all the rest and never was questioned. A quick flash of the wrist and I had free access to all the rides.

    • @surveyingfleaproductions
      @surveyingfleaproductions 3 роки тому +6

      We used send one guy in to get the stamp, then use sharpies and highlighters to mimic it. worked every time. Once had a group of 20 get in that way. Shout out to the Castle Crashers.

  • @I0NE007
    @I0NE007 3 роки тому +214

    "A good pen tester isn't meant to show how much of a badass they are. It's to help the person prepare for the next badass that doesn't share the same goals."

  • @johnmcleodvii
    @johnmcleodvii 5 років тому +313

    I caught a pen tester once pretending to inspect fire extinguishers. Except he wasn't in the right uniform and he wasn't quite doing it right. Called security, and got an attaboy, and told to let him continue on to see if anyone else caught him (no one did).

    • @baylinkdashyt
      @baylinkdashyt 4 роки тому +33

      So the actual goal was to *see if employees caught him*?
      #ImLovinIt

    • @johnmcleodvii
      @johnmcleodvii 4 роки тому +22

      @@baylinkdashyt correct

    • @insertcolorherehawk3761
      @insertcolorherehawk3761 4 роки тому +33

      @David Harmon It's pen testing, the point is to make sure security isn't being lazy, the building is able to slow or even stop them, and they can't hack in

    • @ThinkFreely2012
      @ThinkFreely2012 4 роки тому +20

      @Addict that's not true. They have dated inspection tags. They get regularly inspected per code, and have an expiration date. At such date they must be replaced.

    • @heirofaniu
      @heirofaniu 3 роки тому +4

      @@ThinkFreely2012 But yet never once has anyone actually seen it happening.

  • @xquizate8777
    @xquizate8777 5 років тому +163

    "cannon based assailants are not in our risk model" is now my favorite sentence of all time.

    • @DeviantOllam
      @DeviantOllam  5 років тому +30

      Thank you... I enjoyed that one, too. :-)

  • @Jet-Pack
    @Jet-Pack 5 років тому +516

    That last sentence was the key difference between an actual attacker and someone just pen testing...
    "Getting in is fun but getting caught is the goal."

    • @pentestingkeysdotcom375
      @pentestingkeysdotcom375 5 років тому +4

      Indeed.

    • @thatdudnum67potatoe45
      @thatdudnum67potatoe45 4 роки тому

      But stealing can set you for life

    • @ChoChan776
      @ChoChan776 3 роки тому +4

      getting caught can never be the goal with pen testing. otherwise you're not pen testing, you're just having fun.

    • @SheepInACart
      @SheepInACart 3 роки тому +3

      @@ChoChan776 Getting caught MUST be the goal in pen testing, else you've not discovered the limits, merely proven you are awesome enough to exceed them... its fun to break into places that never even know you where there, but to pen test you need to work with a client to keep THEM improving till THEIR needs are met, which is FAR below what you could theoretically demonstrate is possible, as referenced in the 40mm speel (I've shown using a battery powered electromagnetic pulse device can be manufactured in a couple of hours to overpower door snarks, it was not a reasonable attack vector, instead recommending window bars so idiots couldn't smash their way in WAS). That means getting caught.. besides where and how your busted can add LOTS of weight to statements you make that middle managers ignored in previous reports. See waiting in a chair for 20mins, if the guard doesn't see a stranger sitting at a PC in an empty office in that time, its a PROBLEM, if they didn't wait with expectation to get caught, they'd have not tested that, and client wouldn't gotten that value, which cost them literally one third of a billable hour total to find out.

    • @512TheWolf512
      @512TheWolf512 2 роки тому +1

      @@thatdudnum67potatoe45 yep. Life in prison that is. Especially if you steal from other thieves

  • @jfan4reva
    @jfan4reva 6 років тому +321

    For half of his adult life, my Dad carried around key rings with about 3 pounds of brass on them. Gotta wonder if he could have gotten by with just a half dozen keys.
    He would have loved this kind of stuff. Subtly deflating over-inflated egos was a hobby of his. Once on a fire alarm install, he was going around the building with the client and the security alarm vendor, who was bragging up his system. My Dad asked the security alarm guy if his sensors worked when they're installed upside down. The security alarm guy goes "What do you mean upside down?" My Dad goes "Well these have this part pointing up, but those have it pointing down." The security alarm calls the electrician over and growls at him to reinstall the upside down sensors. My dad cracked up when he told us the story.

  • @agsystems8220
    @agsystems8220 5 років тому +315

    I think it is important to emphasise the difference between a secure lock and a signalling or token lock. The stock keys are great when you want to stop stupidity, rather than malice. We keep the key to the medicine cabinet at work in the lock, but it still does an important job. Junior staff are aware that they do not have permission to open that lock. We are more worried about a horse being disqualified from an event for being medicated than losing the medicine. I would imagine the cabinet locks are designed mostly to avoid the servers being handled routinely or by mistake, rather than stopping an attacker that has already breached the server room.
    I've seen a padlock on a chain that could be lifted off, and it still sort of did it's job. The field wasn't secure anyway, and if somebody wanted to break in they easily could. The chain was there to signal that going in there was not allowed (it is at some times of the year), rather than secure the field.
    It only becomes a problem when people use signalling locks as part of a perimeter.

    • @DeviantOllam
      @DeviantOllam  5 років тому +104

      This is exceptionally well put!

    • @woswasdenni1914
      @woswasdenni1914 5 років тому +9

      yea specially server rooms main reason is to protect from your own employees without malicous intent.
      but in most networks you can do anything from the cable closet what you can do in the server room, except maybe steeling harddrives.
      but who needs to steel harddrives when your employees walk around with unencrypted laptops, having offline sync on the "secure" network folders :) shure certain things might be more secured, but the overall dataleakage everywhere is not even funny anymore.
      you can put all your intrusion detection, encrypt your local lan, send a marine sqad to protect cable closets and server rooms,
      i will simply go in and service the printer, and change hardrives, to get those highly confidental documents you try to secure
      specially for the digital side, i would always assume that you can get in. if its not encrypted its not important, and it never leaves its container

    • @woswasdenni1914
      @woswasdenni1914 5 років тому +2

      or the goverment agencys forget terrabyte of sensitive data on an open amazon ftp :)

    • @dangerszewski9816
      @dangerszewski9816 4 роки тому +4

      @Cassandra They actually cover those in the training for some security certs. Courts and legal recourses are absolutely a viable part of an overall comprehensive damage mitigation strategy. Now, there are huge limits here, many criminals are in countries that won't prosecute people attacking businesses in other states whatsoever, and even if they're not in those nations there are legal obstacles to crossing jurisdictions-- but all mitigation strategies have gaps and holes that's why you use them in concert. Having that disclaimer there gives your lawyers more attack surface, including the potential threat of criminal, not merely civil, action because the federal law uses a terrifyingly vague "without authorization" standard rather than anything objective (technically something as easy as browsing to someone else's /user partition in Windows Explorer could be illegal by federal law). It's a very cheap and easy way to extend your mitigation a little, in concert with your HR and legal teams.

  • @---cr8nw
    @---cr8nw 5 років тому +74

    I love that your daily carry key ring is full of real keys (and only two jigglers). Most people wouldn't even notice the jigglers and no one is going to call it a lock picking kit. It isn't. It's just a bunch of inconspicuous keys.

    • @DeviantOllam
      @DeviantOllam  5 років тому +18

      Yep yep!

    • @isabellam1936
      @isabellam1936 Місяць тому

      He should have on some bump keys as well but he’s not that good.

  • @chronicawareness9986
    @chronicawareness9986 5 років тому +166

    weird style of stand up comedy but i liked it

    • @ThraseaGlow
      @ThraseaGlow 5 років тому +7

      whatever, best TEDx talk yet

  • @TechnologistAtWork
    @TechnologistAtWork 4 роки тому +17

    It's so easy to sink hours watching your lectures. You're an entertainer.

  • @Moto421
    @Moto421 6 років тому +209

    I did the security guard thing for a while. It was an open secret that we were just eye-candy for the insurance company.

    • @stevej279
      @stevej279 6 років тому +30

      i own a security company and totally capitalize on that very thing :-)

    • @travcollier
      @travcollier 6 років тому +59

      Yep, like most locks, a security guard basically functions as a sign saying "please don't enter". Though security guards can be damn useful for monitoring for fire, broken pipes, and all sorts of other random "this can't be right" stuff. Of course, going 3rd party and/or not paying them well is a great way to encourage a "not my problem/job" approach instead.

    • @Dracolith1
      @Dracolith1 6 років тому +10

      You need a monetary reward for the guard that stops an incident with sufficient evidence that its happening and couldn't have been caused by the guard.

    • @travcollier
      @travcollier 6 років тому +22

      @@Dracolith1 Purely monetary incentives are probably not sufficient. Facing any sort of perceived danger, especially danger coming from other individuals, strongly triggers parts of our brains quite different from the self-interested cost-benefit sort of thing. It is a huge topic and I'm not an expert, but I'd guess that security having a sense that they are "part of the team/family" with the enterprise they are guarding is pretty important. Of course, paying someone crap is a great way to ensure you don't get that sort of loyalty.
      Anyways... I'm getting way off topic

    • @hannahranga
      @hannahranga 5 років тому +9

      @@travcollier You've also got to deal with both equipping that guard to function to the level you want (both training and equipment wise) and what happens after a use of force incident. You can get a guard that injures someone (with varying degrees of excess and injury) or gets themselves hurt or worse killed. If you've got a lone guard with a baton that's been instructed to stop everyone that then gets killed trying to do that you're in a position where you can be liable for their deaths.
      It's not an impossible one but it tends to be an expensive one and it's hard to do halfway.

  • @coy512
    @coy512 5 років тому +66

    Thank you for emphasizing that a test team must work with the blue team in the end to deliver the most value to the client. It's not just good it's good business - a test team that takes the time to work with the blue team and further ask "can we help you fix those things?" can rake in up to 10x what the test cost in terms of follow on business as long as they continue to show value in helping fix the problems found.

  • @CrimsonStrider
    @CrimsonStrider 6 років тому +167

    I've watched a few of your presentations over the last few days. Even though they're very similar and not really relevant to me, they're entertaining, informative, and easy to watch. Keep up the great work.

    • @DeviantOllam
      @DeviantOllam  6 років тому +35

      Thanks! I'll keep on presenting, for sure. :-)

    • @thatdudnum67potatoe45
      @thatdudnum67potatoe45 4 роки тому +1

      As a impresinable kid should I pursue this as a career

  • @TesserId
    @TesserId 3 роки тому +8

    Hands down my favorite security lecturer. And, I don't even do this kind of work. But, if you have any role in security--any, you're going to benefit from this stuff, and I'm always sharing this stuff with our team.

  • @Kamel419
    @Kamel419 5 років тому +23

    great talk! it's critical to not forget the entire reason companies want a pen test in the first place. this definitely keeps that in perspective

  • @littlegrabbiZZ9PZA
    @littlegrabbiZZ9PZA 6 років тому +353

    This was an interesting one, I always enjoy physical pentesting. What I'd really like to hear is a talk about how to fail at it, though. Sort of a "Pentesting dont's" type of deal.

    • @FreeStuffPlease
      @FreeStuffPlease 5 років тому +1

      Sounds like it would get boring pretty quick.

    • @stephenconnell
      @stephenconnell 5 років тому +2

      Why would he do that? He is selling his services to a wider audience so good idea to appear competent at what our demonstrating.and selling.

    • @GeorgeNoory42069
      @GeorgeNoory42069 5 років тому +3

      @B B it seems like everyone has grown up in this extremely online mindset that they don't process the real world ramifications for what they are doing.

    • @filmNFX1
      @filmNFX1 5 років тому +9

      @B B Pen testers are hired to do stuff that would normally be illegal. If they are good professionals they'll make sure their contract allows them to do everything they need.

    • @swine13
      @swine13 4 роки тому +5

      @@FreeStuffPlease I pity the person that doesn't see any value in observing the mistakes of others.

  • @SkashTheKitsune
    @SkashTheKitsune 6 років тому +87

    once found an RFID dongle outside a government building and the dongle worked, tested it and immediately returned it... the person was neutral even when I asked "what if I wanted to gain illicit entry?" she replied "oh, we have a security alarm"
    As this person points out, all I needed was a shirt, a box of RJ45 and a ladder and I have myself a cover story between 9-5 so yes... when someone doesn't know your alarm code, doesn't mean they don't need it to start robbing you or worse, compromising your security to the point where you might as well leave the passwords on the screen, don't bother locking the doors because they are mine... I can basically have an all access season pass to your building.
    An alarm is for when people are not there not as a first response, contractors don't mind being questioned "hey, should you be here? can you provide proof?" because it's 2 minutes of their job and they will know not to rob the place

  • @svampebob007
    @svampebob007 6 років тому +377

    I remember watching your elevator video, and it got me really thinking about who's pretending to be who.
    and it got me talking with the boss, now I've put up a sign at work where it says "show ID if asked for ID".
    Every time some random dude comes in and says "yeah I'm from X and supposed to do X", we tell them oh do you have an ID?
    Every single time they say "what?", so we reply "you know it's for security, then point to the sign".
    The thing is that the sign is located kinda "randomly" on a shelf, so you kinda have to look up. and since you're looking up, the security camera is there to look right back at you.
    Most of them actually pull out their state issued ID, because obviously a badge is not an ID, the one that point to their badge usually get's told, "I could also print out a badge".
    It's a small step to counter potential security flaws, but honestly even if you show the ID and we take it down, it's not like we're checking if it's valid, by cross refering it with some database...
    but at least we try to trick people to either show a valid ID or look up by giving them an unfamiliar scenario, if we are the one getting tricked then shame on them :)

    • @edogg5690
      @edogg5690 6 років тому +6

      Way to fuck over anyone with a good plan. What do you care if your job gets knocked off for?

    • @edogg5690
      @edogg5690 6 років тому +3

      We all know you don't make that badge comment either.

    • @Davvg
      @Davvg 5 років тому +78

      E Dogg who pissed in your Cheerios?

    • @Monitice
      @Monitice 5 років тому +10

      @@Davvg Seems like the cheerios had rotten milk maaaan

    • @UnknownSend3r
      @UnknownSend3r 5 років тому +6

      This is the equivalent of bringing an apple for your teacher, unless you are responsible for security then it shouldn't concern you. And if you are then good job in taking pointers from the video and applying them.

  • @raymondparks1572
    @raymondparks1572 5 років тому +12

    The most satisfying red team engagement I have had in 20+ years was when the client's developers started helping us with attack steps during the kickoff meeting. They bought into our slogan, "The Red Team is your friend". And, with their help, we achieved our goal - "Make life hell for the bad guys".

  • @killslay
    @killslay 5 років тому +11

    I've been a security guard. We got no training other than the legal limits of our authority/responsibilities we have and an hour class on "physical intervention". We always got forgotten about, nobody would go through proper channels and tell us about guests visits or keep us in the loop about work going on so it isn't out the ordinary to have a bunch of randoms wandering into the building unexpectedly

  • @theprogrammer32
    @theprogrammer32 4 роки тому +86

    "Im not exactly sure what security guards are trained to do."
    I recently worked security in Florida, one of the strictest states for security ever since an event in 2016 where a gay club got shot up by a security guard.
    we are trained to walk around and write reports.
    Our training focuses heavily on what we can legally NOT do (ie. avoiding lawsuits and COA)
    In practice, it's mostly preventing crime by simply wearing a uniform and walking around, checking for broken lights, taking readings from water pumps, and cleaning up the pool area after it closes - anything for the client to get their money's worth.

    • @Eye_of_a_Texan
      @Eye_of_a_Texan 4 роки тому +22

      Exactly the same in Texas. Guards are a token measure to make simple minded folk think that there is opposition. Walk right in peeps. They're not going to stop you, and they're not paid to. They will witness in your trial though. Good guards are better than stationary cameras I guess.
      Texas commissioned guards are armed though, and are paid to stop intruders. They aren't paid enough in my opinion.

    • @Djorgal
      @Djorgal 3 роки тому +2

      @@Eye_of_a_Texan Everyone in Texas is armed and will stop intruders with fire and brimstone.

    • @Eye_of_a_Texan
      @Eye_of_a_Texan 3 роки тому

      @@Djorgal..... Sure why not

    • @aramilalpha1
      @aramilalpha1 3 роки тому +4

      I worked as a guard in a monitoring center for an international security company. Most of the job was monitoring alarms and reviewing video to ensure no illicit entry occurred and doing lots of random BS for the client execs. But, sometimes, we would work as regular security in local properties of they were short staffed.
      Absolutely no training whatsoever on how to identify or question people to determine if they were supposed to be in the building. The client basically said that entry security was good enough and didn't want security guards harassing potential employees inside who entered normally.

  • @PlasmaHH
    @PlasmaHH 6 років тому +66

    When you come back, and can't get in, then you did a good job.

  • @jeeper426
    @jeeper426 5 років тому +4

    honestly watching your videos have made me better at my job (i'm a Private Security Contractor), thank you for your security talks and all you do man

    • @DeviantOllam
      @DeviantOllam  5 років тому +3

      what a lovely thing to say. Thank you so much, I appreciate hearing it and I appreciate being able to be helpful element of Your world. :-)

  • @Delvareus
    @Delvareus 4 роки тому +4

    “Yes, thank you, cannon-based assailants are not in our risk model.”

  • @butre.
    @butre. 6 років тому +28

    ok putting a jumper wire on your key ring is a genius idea. I've always just kept one in my wallet because people in theory won't see it there. nobody's gonna question you using one as a lanyard though

  • @m0314700308891515
    @m0314700308891515 6 років тому +65

    As a security guard, this hits close to home. Most of the time we get put on sites as replacements or fill ins with zero training aside from "Just check doors 1,2,3,4... every hour and call 555-5555 if there is a fire. We all pretty much accept that we're a cog in the liability system and there to be blamed when shit breaks. (Well, that's company side, I'm sure the client was sold a lie about "Highly trained professionals" and pays $90 an hour for us to walk around) armed guards are even worse, the standards are non existent and using your gun is a fast track to unemployment and possibly court no matter how justified it was. (Client probably pays $190 an hour for that skill)
    Please, people, *NEVER HIRE THIRD PARTY SECURITY CONTRACTORS*

    • @lifeisgood12341
      @lifeisgood12341 6 років тому +2

      Please just hire me.

    • @clonerstive
      @clonerstive 6 років тому +18

      I enjoyed being security because I loved social engineering. I 100% took pride in being one of the newest but also one of the best on our team. I got kudos from our clients for my detailed reports and insight into potential problems that ithers could exploit. Sadly, the job wouldn't compensate for the extra accolades and skill set, so I moved on to greener pastures. Boss begged me to stay, I told him I would happily for $x more, but "i can't afford to pay any more". Sorry boss, you were a good dude, but gotta do me

  • @DeliveryMcGee
    @DeliveryMcGee 6 років тому +84

    Re: "look like you belong there." -- I can get onto the sidelines of any college or lesser sporting event just by waving my Nikon D7000 and saying "I'm with [local newspaper]." They asked to see my press badge maybe twice in the ten years I worked for the paper, never called the number on it to verify me. Related tip for photographers, make friends with a publisher who will back you up, so if they DO call to verify your credentials, your buddy will say "Oh, yeah, he's a freelancer working on a thing for me."

    • @Nudgarrobot
      @Nudgarrobot 5 років тому +18

      Dude legitimately you can get in the back of so many places (Who are utilizing A/V equipment, especially through a third party) by wearing a black shirt and just holding a roll of gaff tape- For all anyone else is aware, you look just like one of the event technicians. Bonus points if you have a cable wrap and look like you're in a hurry.

    • @TheAlison1456
      @TheAlison1456 3 роки тому

      This comment, real this whole comment section, is the embodiment of Hitman.

  • @fjshdf
    @fjshdf 6 років тому +296

    amazed that you used TF2 but not any images of Spy

    • @Providence83
      @Providence83 6 років тому +38

      fjshdf there is no end to my dissatisfaction from this. HE LITERALLY WEARS A MASK THAT TURNS HIM INTO OTHER PEOPLE, IT'D FIT SO WELL IN THIS TALK.

    • @Ablankname
      @Ablankname 6 років тому +80

      How do you know there isn't a blue spy in there?

    • @danpowell806
      @danpowell806 6 років тому +88

      All of the TF2 images are of Spy.

    • @plushifoxed
      @plushifoxed 5 років тому +10

      he's the spy

    • @ysink
      @ysink 5 років тому +4

      4:30 a spy on the right of the image

  • @russellbluewolf6427
    @russellbluewolf6427 6 років тому +30

    stepdad is a locksmith of 30 years..ive learned alot of how insecure stuff really is by going on jobs...the keys you list i have seen in places and im like " why do you even do that?"..people never think a about security i until there is a break in, or they hire a company like yours...and its scary, that security(physical especially) isnt on peoples minds...

  • @suicidalbanananana
    @suicidalbanananana 6 років тому +7

    Points for somebody plugging a usb device being into the presentation computer 3:35 into the video, nothing to worry about folks, no really, im from HQ. ^^
    Love your talks, keep em coming, as somebody from the Netherlands i'd love to hear a presentation about any work you ever done here and/or in neighboring countries

  • @garrukapex6693
    @garrukapex6693 6 років тому +326

    Oof, a new deviant talk. There goes my next 44 minutes

    • @DeviantOllam
      @DeviantOllam  6 років тому +30

      GarrukApex hah, I hope it was worth it for you!

    • @garrukapex6693
      @garrukapex6693 6 років тому +10

      DeviantOllam oh it definitely was!

    • @devinpallone1840
      @devinpallone1840 6 років тому +6

      You can learn twice as fast. In fact, open two Deviant talks and do this.
      You'll learn 4x as fast

    • @Uncle_Buzz
      @Uncle_Buzz 6 років тому +1

      @@DeviantOllam ALWAYS. Love your talks. Cheers!

  • @FirstIsa
    @FirstIsa 5 років тому +51

    "Look like you belong" works in some frightening ways. I did Delivery for Jimmy Johns and was literally badged in to the local Homeland Security Office because I was on delivery. They didn't ask for ID, didn't check if the order was legitimate, simply saw a uniform, matching bag in my hand, and swiped me through and gave me directions.
    When it comes to security guards- they are usually paid to do two things- Observe a property, and report what happens. In the case of an actual problem they call the cops. Armed guards are only slightly higher (at least in Ohio) in that they can restrain someone if their is suspicion, if there's an actual threat to someone's life they can shoot. Personally I enjoy the work but I'm happy that I do not have anywhere near the obligations of a cop even as an armed guard.

  • @uis246
    @uis246 Рік тому +2

    In Team Fortress 2 Red team is often on defence and Blu(e) on offence. Except symmetrical gamemodes.

  • @salvagebar
    @salvagebar 6 років тому +37

    7:13 Marry the girl who will break into buildings for you

  • @micahnightwolf
    @micahnightwolf 4 роки тому +6

    Deviant Ollam and LockPickingLawyer are two of my favorite people who specialize in blowing massive holes in everyone's sense of security. Now just imagine if they teamed up.

    • @DeviantOllam
      @DeviantOllam  4 роки тому +5

      we have. =)

    • @micahnightwolf
      @micahnightwolf 4 роки тому +2

      @@DeviantOllam It won't be long before one of you figures out how to bypass a lock using telekinesis. LPL is already using kitchenware.

    • @isabellam1936
      @isabellam1936 Місяць тому

      Lock picking lawyer is the LLCoolJ of the lock picking world, he’s not nearly the best and practices before he actually picks the locks and gets it on video but he has lots of views so every uneducated person thinks he’s god. People thought the same thing about Elon Musk now all of Reddit hates him.

  • @aaronbell5994
    @aaronbell5994 5 років тому +11

    I'm never hugging anyone again after this talk.

    • @JasperJanssen
      @JasperJanssen 3 роки тому

      Pandemic didn’t do that already?

  • @mjptrapster
    @mjptrapster 5 років тому +2

    Really interesting talk, and it gives you a lot to think about. I've had a Paxton maglock fail open at work before and no one mentioned it - even when the system emailed the reception and site staff to say the controller had fallen over. Reception ignored it, site assumed IT would deal with it and the rest of the staff just found it more convenient to have that door open all the time!
    Now it's integrated with the CCTV and sets off two audible alarms in the reception and main office from the CCTV head unit on a door failure or tamper and the master control unit for the site which is in a false ceiling in the office. Now they don't ignore it, as they can't. The noise gets extremely grating after a minute or two!

  • @Brainreaver79
    @Brainreaver79 3 роки тому +2

    when i worked part time as an unarmed guard, we literally got told, "you are only there to lower the insurance rates. dont try to stop whoever breaks in, your life isnt worth it. just call the cops/hq/whatever and be done with it"

  • @SeleenShadowpaw
    @SeleenShadowpaw 5 років тому +26

    How casually you talk about your wife having reader implants.
    [Posthumanism intensifies]

    • @DeviantOllam
      @DeviantOllam  5 років тому +17

      Yeah. I have them, too. Many folk I know do. They're fun, not gonna lie. :-)

    • @SeleenShadowpaw
      @SeleenShadowpaw 5 років тому +9

      @@DeviantOllam i know they are a thing, but hearing someone talk so casually about cloning creds into their hand still sounds a little bit like some scifi shtick to me. Not that i don't think it's incredibly awesome, mind you.
      Now we just wait wait for the subvocal/cochlea communications units and the cybernose :D

  • @mikes_.5_cent
    @mikes_.5_cent 4 роки тому

    Amazing.
    So glad I saw you guys on the Modern Rogue.

  • @lifeisgood12341
    @lifeisgood12341 6 років тому +7

    My dad is a contractor and my first car was an old work truck, I drove around and looked at new construction all the time, no one questions a guy in a truck with hardhats hanging in the window

  • @slackerengi2401
    @slackerengi2401 5 років тому +4

    Dude
    your one of my favorite presenters and I just realized it
    i feel like a dummy

  • @sobertillnoon
    @sobertillnoon 6 років тому +7

    "It'll getcha through everything… half the time"

  • @userou-ig1ze
    @userou-ig1ze 5 років тому +3

    awesome, congrats, perfect talk. With all the whiskey video shorts I had forgotten why I subbed, now it's clear (again)

    • @userou-ig1ze
      @userou-ig1ze 5 років тому

      Can you just say what the red team is supposed to be please??? I know the team fortress reference but that's it

  • @carolinafrog4365
    @carolinafrog4365 4 роки тому

    I love your vids dude! I've worked at so many facilities where nobody bothered reading our shift reports and it got to where at a data center, one person would badge in then hold a door leading to a "man trap", the next facility employee would badge open the other door and whole depts would enter/exit on 2 badges lol

  • @GameAceTaylor
    @GameAceTaylor 4 роки тому +9

    Ironically, the RED team graphics used in the presentation are "blue team" defense, in actual gameplay.

  • @johnsmith-sp6yl
    @johnsmith-sp6yl 5 років тому

    39:29 local school district uses these to secure their laptop carts. each about 700 dollars at retail, easy to access with one of those 3 keys, a few crash bars, and one door per ~35 laptops you can get through with shim, under door, pick, jiggler, or pry bar if you're feeling spicy. there are something like 2-3,000 laptops in the local district. be a shame if...

  • @AlexA-sz9yj
    @AlexA-sz9yj 5 років тому +2

    Your presentations and stories are great! Very interesting.

  • @unfa00
    @unfa00 5 років тому +4

    29:40 - the red shirt of that artillery dude is perfect for the context :D

    • @ly-yx1rk
      @ly-yx1rk 4 роки тому

      Artillery guy is FPSrussia
      Now host of the PKA podcast

  • @B2Ttrolling
    @B2Ttrolling 5 років тому +6

    With me, I dont even try to break in anywhere. In fact i dont even really care about social engineering. BUT, I do deliver pizza. The amount of places i've been let in is sort of funny. I remember being in a retrirement home sort of facility and there was a door that said it was alarmed etc.. I knew I had to get in there because its what the ticket said. I waited, an employee saw me standing there with food in hand and just put in the code and let me in. Even had to wait for an employee to let me out too or the door would have set off an alarm. Food delivery drivers are trusted quite easily ive come to notice.

    • @tylisirn
      @tylisirn 4 роки тому

      In an elder care home that lock is almost certainly to keep the dementia patients safely in, rather than to keep anyone out really. At least during the day hours.

  • @posidonentertainmentcompan8490
    @posidonentertainmentcompan8490 3 роки тому +1

    One time I did a job with my granddad, we were installing and troubleshooting a phone lane line routing issue and a cam system. We happened to go past the main server and network system for their internet, and I noticed a LAN turtle with the literal stereotypical bullshit tag on it saying I.T. do not remove so I brought it up and we don't know how long their network was compromised and it was a hotel that touted a secure internet system. I only knew it was a LAN turtle because I wanted (and still do) to get my hands on one. Although I do not know what finally became of it I know they got their ISP out the next day to look into it. for those wondering the problem with the phone system was that over half of the room phones were routed to the wrong portions of the building and almost all of them were miss labeled.

  • @scottcol23
    @scottcol23 4 роки тому +1

    Goodwill is a great place to get official collard uniforms. I have seen them all from sewage and water board, Entergy, Cox, AT&T Verizon Tyco, DHL you name it

  • @IVoyager-lj9it
    @IVoyager-lj9it 5 років тому +2

    I had a step father in the 80's who would steal big screen TV's. He would walk in the store, then 20 minutes later he'd be walking out with a store employee, pushing a cart with 4 or 5 on it. The employee would load them in the back of the truck and we'd drive off. Did this ALL the time, in different stores in 3 states.

  • @jasonmyneni8605
    @jasonmyneni8605 4 роки тому +1

    My favorite example of bad security was at a Detroit hospital. I came in with a Badge (from a different hospital) and in scrubs, and they flagged me through security. No questions asked.

  • @PetterBruland
    @PetterBruland 4 роки тому

    One time when I worked as a network engineer contractor, and needed to verify switch ports on multiple floors of a hotel to plan out the number of wireless APs needed. Got to the front desk and did not even show ID, although presented myself and whom I worked for, asked for the IT person on site to get access to some closets. I was told the IT person is also their accountant and is tied up in an offsite meeting, gave me an access card. I expected keys and was told that all doors use HID readers and the card is the master card that will open ANY door so I should have no issues getting what i needed. I was sort of in a shock and wanted to tell the person, what the hell is wrong with you. However did my job, and reported it to the main IT guy who said that is just standard to give contracts unlimited access. Insane.

  • @copuis
    @copuis 6 років тому +15

    So, not red teamming, but still breaking into a house (power outage, and my friend had gotten into a very bad habit of using the garage door)
    now, doing a little first responder, and having some pretty basic breaking in skills due to my security work, and having worked in real estate, and seeing how successful people got into places
    I was f*in floored at her rental, and the either dumb luck or care that went into securing this house (sunday night, and locksmith was going to charge 150 for the call out, and 150 for every part hour on the job)
    the security door was shimmed open in seconds, and thats where all the promising progress ended,
    the main door was hung corrected, and a recess added to make pulling the latch hard, but also, the striker plate was installed correctly (the first time other I'd come across that in a rental)
    so, that wasn't an option (only took two coke cans to find that out)
    hinges on the other side
    right, went onto the garage door, an electronic roller door, no worriers, many of these you can either lift them with force they "pop" and you're just holding up the weights of the door, and a little spring
    I still havent worked fully how, but I managed to just slip a car jack under and short of damaging the door, that was no longer an option
    right, screw it, I will bend out the track, and pop the door out of the track, and get the much thinner than me renter to shimmy past and bam
    nope, i bent out the track with a hammer and screw driver, but it would not pop, because as I found, there was re-enforcing ribs bolted into the house frame every 15cm holding off the the door ever being able to skip off the track!
    it was an tin roof, so the other normal route of lifting tiles, and getting in the roof space (an oft overlooked easy quick way in) was off the table
    no, the method to get it was three coat hangers, a length of string, and enoscope and hooking onto the manual over ride from the top, dropping string, lifting the door, getting the other end, (and the real trick!) pulling back down on the door to take all the upwards load off the door, and pulling the override!
    i was pretty impressed (and I was happy as I have no clue where my lock picks are, and it is a skill I've not using in ten odd years, and I think it would have been something I dont think I would have been good enough to do at mu rusty arse state)

  • @raymondsabee
    @raymondsabee 5 років тому

    Awesome video and great way of presentation! My compliments.

  • @lashlarue7924
    @lashlarue7924 5 років тому

    Masterfully well-done! Thank you for sharing.

  • @jowilson5581
    @jowilson5581 4 роки тому +1

    Having worked as a security guard: Yeah you get no training. MAYBE you have to read a company binder on report procedure, or watch a corporate training video. You're there to be a visible uniform and/or car, that's it. It's a deterrent, you're not actually enforcing anything lol. I think the most I was ever asked to take an active hand in things was, once there was a site where it was a gated community and they wanted me to kick people out of the pool after 11. Sometimes they'd even listen! If anyone got belligerent with me my orders were to just stand down and note it in my log for the next morning. Once my boss sent me to a gig with a company car and my job was to just sit in the parking lot. If anyone hung around, I was supposed to turn my car's lights on and see if it scared them off. It's a weird job.

  • @MichaelBerthelsen
    @MichaelBerthelsen 6 років тому +18

    Hunt pack inside clip board, place on reception desk, read all cards in reception desk?

    • @Buy-n-large
      @Buy-n-large 6 років тому +1

      metal clipboard would act like a Faraday cage.

    • @danpowell806
      @danpowell806 6 років тому +4

      Use a plastic clipboard? Modify the metal clipboard to have an external antenna glued to the bottom? Cards should be stored in a Faraday cage?

    • @flareshift1
      @flareshift1 5 років тому +2

      @@danpowell806 use a plastic clip spraypainted metallic?

    • @jamesfair4023
      @jamesfair4023 5 років тому +1

      Dan Powell if the cards was stored in a faraday cage it would prevent anyone from remotely reading them.

  • @nicolali4792
    @nicolali4792 5 років тому

    He is so right! Learn to at least id an improperly installed deadbolt i see them everywhere corporate ugh

  • @bene5431
    @bene5431 4 роки тому +1

    You're missing a Key for electrical cabinets. But that often hangs on a wire next to the cabinet and is more there to ensure it stays closed when nobody tries to open them

  • @dieface12
    @dieface12 4 роки тому +1

    Looking like you belong is a method my father has used to legitimately enter restricted areas. High-vis vest and a toolbox (that could have literally anything inside), but no ID or anything. Just walks right in, looking like he knows what he's doing, and never gets stopped or asked for ID. Granted, he was actually doing jobs there, so he had a legit reason that could actually be verified by contacting his employer, but the point still stands.

  • @Techn0magier
    @Techn0magier 3 роки тому +1

    So let me get this straight. The security holes today were the same as three years ago? And I found old guides for people building their own homes, where those are talked about as well. (From the '70s) Not the digital stuff, but the physical. I remember the tip to change the lock on the case for the electricity and to position the letterbox in a way, the postman can access it without having keys to your property. xD

  • @KellyAlwood
    @KellyAlwood 6 років тому +6

    another great presentation bro...nice.

    • @DeviantOllam
      @DeviantOllam  6 років тому

      Kelly Alwood thanks, man! this was a really fun one to write

  • @NuclearSlayer52
    @NuclearSlayer52 4 роки тому

    38:20
    "our flame cabinet" sounds like just flames, by themself, for when one needs one

  • @joshuarosen6242
    @joshuarosen6242 4 роки тому

    I used to be an auditor for one of the Big 4 and simply wearing a suit, being well-spoken and confident was enough to get me into almost anywhere except data centres. Getting onto the trading floor of a major investment bank ought to be difficult but it wasn't. In my whole career I was only once asked to prove my identity.
    If I were a baddy, I'd go for social engineering every time.

  • @ConstantlyDamaged
    @ConstantlyDamaged 3 роки тому +1

    Ah heck, that FPSRussia vid is a freakin' classic.

  • @jacobjake683
    @jacobjake683 4 роки тому +15

    If I ever see this guy near my property I'm going to be immediately suspicious

  • @randomsandwichian
    @randomsandwichian 4 роки тому +5

    So a Soldier with a rocket launcher got into an elevator.
    "It's cool, it's cool 🖐 😑🖐 *clears throat, kneels to the intercom* This is just a test."

  • @Cptn.Viridian
    @Cptn.Viridian 3 роки тому +1

    That moment you realize the red-team defends in Tf2

  • @christophersilverberg4217
    @christophersilverberg4217 5 років тому +1

    I don't see why customers do not sue Dork-king etc. since their product is essentially worthless now with the key being publically available.

  • @plagiats
    @plagiats Рік тому

    "Gets you through everything, half the time" best sales pitch ever

  • @SGresponse
    @SGresponse 4 роки тому +1

    A cool attack vector that I discovered in my company randomly.
    Prerequisites:
    1. Be physically there. They have desks. Desks have company phones.
    2. On the back of the phone there is a NAME of the person who owns the desk.
    3. Often in the reception desk there is a list of common phone numbers. 24/7 IT support is your target.
    Attack:
    1. Go to desk of the target person, get their name, make sure that the GENDER matches. If you're playing extra safe - try one who would (from their name) have presumably your accent (or an accent that you can fake).
    2. Call 24/7 IT from the phone on the desk. Say "Oh my name is X, I can't log in. Something's wrong with my password. Could you reset? ... Yeah I know it's 10PM. I'm working on this report for tomorrow, just went out for a smoke and now login fails."
    3. They will just SPELL YOUR NEW PASSWORD OUT TO YOU BY PHONE. Without any further need of ID, because they see that the phone number and name match in their registry.
    4. BOOM. You have now logged in as person X. Perhaps person X is a finance clerk or HR. Or maybe a director? Or the local IT guy? Go wild, mate.
    And you'll be forgiven in thinking that my company had a shoddy service deal and it was just a fluke and it's not probable at all in a normal setting. Yep. It was shoddy. After all it was serviced by the shadiest of the companies: I.B.M.

    • @howtomundane3109
      @howtomundane3109 Рік тому

      ”Nobody ever got fired for buying IBM“

    • @Alexis-lt3zy
      @Alexis-lt3zy 6 місяців тому

      Meanwhile, trans women with male-sounding voices and female names get fucked over (yet again) lol. I've literally had IT help desks say they cant help me because I dont "sound like that person". I've passed the phone to my girlfriend, impersonating me, and that works 😉

  • @shannonmcstormy5021
    @shannonmcstormy5021 4 роки тому

    First, big fan. That said, I would argue that your keys may arguably be a little too James Bond-ish of an advantage. They shouldn’t be, but I think they are. The other thing is after a half a century in I.S. Management, big and small, for every employee that is commended for following security protocols, (and I always made sure a written commendation when into the person’s file), you have 10 that were yelled at because they were being too pedantic, rule-following, too much wanna-be cop, someone didn’t let the security know a vendor was coming, or some big mukidy muck didn’t like being hassled. Learning to not raise an alarm or question seems to be a learned behavior of veteran security personnel......

  • @woswasdenni1914
    @woswasdenni1914 5 років тому +11

    3:30 drove me crazy, wtf is my pc connecting oh wait

  • @daxter8792
    @daxter8792 3 роки тому

    I like the image he used for the security truck is my old company that died due to a lawsuit for abusing a loophole to take away guard's lunch.

  • @jamcdonald120
    @jamcdonald120 5 років тому +9

    doesnt your hand chip have problems in metal detectors?

    • @DeviantOllam
      @DeviantOllam  5 років тому +15

      No, because there is no ferrous material in the chips and therefore the sympathetic field of a magnetometer-based device will generally never alert on them.

  • @RoughriderUT
    @RoughriderUT 3 роки тому

    Love your videos, and as a copier tech, but ex mil and aware of security, it amazes me how often just saying I'm so and so from copier world lets me in probably 90% of the time without even a credential check. Yes, I am supposed to be there but if I weren't no one would be the wiser.

  • @infosecgeek8675
    @infosecgeek8675 6 років тому

    Aaaaaannnd... I now have an EK333 key on the way ;)
    Fantastic presentation as always!

  • @LakeVermilionDreams
    @LakeVermilionDreams 5 років тому +7

    Actual implants for cloning RFID... That's dedication!

    • @DeviantOllam
      @DeviantOllam  5 років тому +3

      It's pretty fun... There's video on this channel of me getting the needle. :-)

  • @connorhorman
    @connorhorman 5 років тому

    My opinion of the CH751 is that its to prevent the thing from being opened by people who do not intend to open the thing

  • @seleckt6600
    @seleckt6600 3 роки тому +8

    I flip houses for a living. The amount of times I've had neighbors call cops on me for breaking into a vacant house I just bought is astonishing. What's even more astonishing is in every single case, I have just told the cop I just bought the house and he just left, no further questions asked.

  • @ronwhittaker6317
    @ronwhittaker6317 5 років тому +1

    there are two elevator companies in the U.S. we have one of them, Hollister & Whitney

  • @ObtainEmployment
    @ObtainEmployment 3 роки тому +1

    I find it funny that you showed a Las Vegas police car in your presentation about 1284x, because they don’t use keyed alike cars.
    Source: owned one and know several others who did as well.

  • @hardcodedsoftware4212
    @hardcodedsoftware4212 6 років тому

    Sweet another deviant talk, thanks deviant, one day I will go to one of your talks!

  • @ishouldgetalif3
    @ishouldgetalif3 5 років тому +11

    good talk, but a minor correction: that was a 40mm Bofors, it's Swedish and not Austrian.
    that is all, cheers!

    • @DeviantOllam
      @DeviantOllam  5 років тому +7

      Ha, good catch. Thanks!

    • @SittingDuc
      @SittingDuc 5 років тому

      Well, Bofors is a Swedish company, but all through the 20th century, they subcontracted to everyone and their dog. America made Bofors, Austria made Bofors. Heck, Australia probably made a couple back in the 30's.. On the other hand, I haven't watched enough gun-jesus videos to be able to pick the country-of-origin of a Bofors on sight, so this one example? Could have come from anywhere to take out that nasty "bullet resistant" shirt...

  • @Fatvod
    @Fatvod 3 роки тому

    Deviants words about scope and not really red teaming makes me immediately think of that talk from Jayson Street from Stratagem. Talking about making bombs with cleaning supplies or poisoning the entire building because he had access to a work fridge. The dude is the absolute definition of overblowing scope and renting the 40mm cannon for the bulletproof vest test. I'm glad Deviant really gets it, that other dude just makes me cringe.

  • @esper6119
    @esper6119 5 років тому

    I was gonna say, hiding from a guard seems like the worst thing to do, like
    even if he isn't super helpful in telling his buddies that you're good to be there, or pointing you to important things/getting you places, even if he's suspicious of you, at worst he's gonna escort you out and cost you some time
    maybe he calls a supervisor and you have to improvise
    if you mess that up, you get booted out for awhile
    if you do well, you have Joe the Supervisor, who okay'd you being in the server room
    just being friendly solves a stupid amount of problems

  • @mrpaytonsparks
    @mrpaytonsparks 3 роки тому

    Thanks for doing what you do ☺️

  • @therocketman321
    @therocketman321 6 років тому

    Great job dude, keep it coming!

  • @j0hmama
    @j0hmama 4 роки тому

    ch751: electrical panels, ATVs, scissor lifts, boom lifts, cabinets, sheds, elevator disable.

  • @Spielername
    @Spielername 5 років тому +2

    Very nice clip... but one question: Isn't this a high security risk to share all these informations on a platform like youtube? If I would be in the terror business (or stuff like this), I could make very much harm with the informations witch keys I need to pass some doors. Sorry for my english, I'm german.

    • @Trekeyus
      @Trekeyus 3 роки тому +1

      You could argue that the more people that know about these issues the more likely companies are to make the necessary corrections.

    • @Spielername
      @Spielername 3 роки тому

      @@Trekeyus you could... But bigger companies are like landmasses. Everything needs time and most companies like more to sue your ass as to change things....

    • @chromulus2225
      @chromulus2225 3 роки тому +1

      The thing is, this stuff is already out there. If someone has malicious intent they can find this stuff easily. All posting it here does is makes it accessible to people who aren't trying to use it. Which means that more people become aware and will try to make sure they don't fall for these tricks themselves.

  • @zachsoanes6417
    @zachsoanes6417 Рік тому

    whoever added that usb disconnect reconnect sounds - i love and hate you XD

  • @UnauthorizedExpression
    @UnauthorizedExpression 5 років тому +2

    That windows connection sound at 3:30 is some bullshit.

    • @Trekeyus
      @Trekeyus 3 роки тому

      Yep I literally had to rewind the video just to be sure it was on the video

  • @Gunbudder
    @Gunbudder 6 років тому +5

    I wonder if Deviant has ever been recognized during a pen test (and failed to gain entry as a result)?

    • @Kaiwala
      @Kaiwala 5 років тому +1

      I like to imagine someone did recognise him, and as a result actually let him in on that basis.

  • @wheedler
    @wheedler 6 років тому +66

    I don't know what a red team is, but this was still interesting.

    • @DeviantOllam
      @DeviantOllam  6 років тому +22

      Glad you enjoyed :-)

    • @Preacher65
      @Preacher65 6 років тому +38

      A red team or the red team is an independent group that challenges an organization to improve its effectiveness by assuming an adversarial role or point of view. It is particularly effective in organizations with strong cultures and fixed ways of approaching problems. In the context of these talks, A red team is sent to test the security, both physical and virtual, of a site or company.

    • @StopMoColorado
      @StopMoColorado 6 років тому +2

      Does that name go back to ex-SEAL Team CO, Dick Marcinko? Red Cell?

    • @Preacher65
      @Preacher65 6 років тому +2

      @@StopMoColorado I can't speak with firsthand knowledge. I have heard there were instances of red team-like tactics dating back to the 1930's, but as far as the orgin of the "red team" term, I do not know.

    • @MySpaceBarsBroken0o
      @MySpaceBarsBroken0o 6 років тому +7

      Just got this recommended to me randomly, but from what i picked up I'd assume blue team handles security while the red team are the guys who try and bypass it.

  • @Dracolith1
    @Dracolith1 6 років тому +3

    I sure hope the security guards didn't get scolded for that --- guards are mainly around as a deterrent and keep the common criminals at bay before a small incident turns into a large one; not to deal with technically adept PROFESSIONALS with badge cloners who know how to tamper through a keyswitch and a thorough knowledge of common lock bypasses.
    Would the team have been so careless about the door contacts and so quick to try and trick the guard if you'll didn't have a "Get out of Jail Free card" ?