On This Page

Physical Penetration Testing

The CORE Group | July 30-31 & August 1-2



Overview

Physical security is an oft-overlooked component of data and system security in the technology world. While frequently forgotten, it is no less critical than timely patches, appropriate password policies, and proper user permissions. You can have the most hardened servers and network, but that doesn't make the slightest difference if someone can gain direct access to a keyboard or, worse yet, march your hardware right out the door.

Those who attend this session will leave with a full awareness of how to best protect buildings and grounds from unauthorized access, as well as how to compromise most existing physical security in order to gain access themselves. Attendees will not only learn how to distinguish good locks and access control from poor ones, but will also become well-versed in picking and bypassing many of the most common locks used in North America in order to assess their own company's security posture or to augment their career as a penetration tester.

Who Should Take this Course

Penetration testers, security auditors, IT professionals responsible for infrastructure oversight.

Student Requirements

No prior knowledge of lockpicking is necessary.

What Students Should Bring

Only themselves. If they have any lockpicking tools, that's fine... but a full suite of tools, practice locks, and other equipment will be provided.

What Students Will Be Provided With

We provide a full kit of picks, bypassing tools, impressioning gear, and instructional practice locks. Retail value if sourced separately would be over $450.

The CORE Student Kit includes:
  • A twelve-piece lockpicking toolkit with a varied blend of hooks, rakes, diamonds, and turning tools
  • A set of eight training and practice locks
  • Wafer lock tools and a sample wafer lock
  • A tubular lock pick
  • Door latch bypassing tools
  • A locksmith's impressioning file
  • A pocket microscope & steel key gripper (also for impressioning)
  • A bypass tool for American Lock padlocks
  • A bypass tool for Adams Rite display cabinet locks
  • A multi-wheel combination lock decoder tool
  • Bump keys and a bump hammer
  • A polymer and steel lock mounting stand (for picking and impressioning)
  • A tactical pouch to contain it all when you leave the classroom and put your knowledge into action in the field, because students retain all of these materials after the course concludes

https://www.blackhat.com/images/us-15/physical-penetration-kit.png

Trainers

While paying the bills as a security auditor and penetration testing consultant with his firm, The CORE Group, Deviant Ollam is also a member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers. Every year at DEFCON and ShmooCon Deviant runs the Lockpick Village, and he has conducted physical security training sessions for Black Hat, The SANS Institute, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, ekoparty, AusCERT, GovCERT, CONFidence, the FBI, the NSA, DARPA, the National Defense University, the United States Naval Academy at Annapolis, and the United States Military Academy at West Point. His favorite Amendments to the US Constitution are, in no particular order, the 1st, 2nd, 9th, & 10th.

Babak is a noted member of the physical security community, well-recognized among both professional circles (due to the work The CORE Group) as well as in the hacker world (as the President of TOOOL, The Open Organisation Of Lockpickers.) His first foray into the world of physical security was in the third grade, where he was sent to detention for showing another student how to disassemble the doorknob on the classroom supply closet. Babak is an integral part of the numerous lockpicking workshops, training sessions, and games that are seen at annual events like DEFCON, ShmooCon, DeepSec, NotACon, QuahogCon, HOPE, and Maker Faires across the country. He likes spicy food and lead-free small arms ammunition.

Robert Pingor is chief of The CORE Group's Law Enforcement Division. Prior to that he founded Nomad Tactical Solutions. His policing and operations background was honed during his years at the National Security Agency where he served with distinction in four different specialty units. Robert has extensive training in both the government and private sectors. He has instructed for the Department of Defense, the State Department, the National Security Agency, the United States Air Force, the United States Military Academy at West Point, the United States Naval Academy at Annapolis, the National Defense University, and countless local law enforcement agencies. Additionally, he regularly conducts trainings for Black Hat, the SANS Institute, and other technical conferences. Outside of work Robert volunteers for a variety of charities and non-profits. He runs the Future Blue Program, an organization dedicated to developing young people into competent law enforcement professionals, and he trains volunteers to fight childhood sex trafficking.

Chris Cochran is a former Marine Corps Intelligence Analyst, seasoned Security Instructor, and consultant. His outstanding performance in the Marines resulted in appointment as Senior Intelligence Analyst and Training Chief to develop his fellow Marines. After finishing his service in the Corps, Chris continued his information security work with the Department of Defense. Chris Served as the Subject Matter Advisor to the U.S. Cyber Command Commander and Director of NSA for the 2014 Nomination Team. Chris has developed and delivered infosec courses for military and private sector. When Chris isn't building a better America by imparting knowledge to the masses, he can be found slamming bodies in Mixed Martial Arts or slamming weights while powerlifting.