Save $200 on InfoSec Training at SANS San Diego 2017. Ends Tomorrow.

Network Security 2012

Las Vegas, NV | Sun, Sep 16 - Mon, Sep 24, 2012
This event is over,
but there are more training opportunities.

Physical Penetration Testing - Introduction

Physical security is an oft-overlooked component of data and system security in the technology world. While frequently forgotten, it is no less critical than timely patches, appropriate password policies, and proper user permissions. You can have the most hardened servers and network but that doesn't make the slightest difference if someone can gain direct access to a keyboard or, worse yet, march your hardware right out the door.

Those who attend this session will leave with a full awareness of how to best protect buildings and grounds from unauthorized access, as well as how to compromise most existing physical security in order to gain access themselves. Attendees will not only learn how to distinguish good locks and access control from poor ones, but will also become well-versed in picking and bypassing many of the most common locks used in North America in order to assess their own company's security posture or to augment their career as a penetration tester.

More

Day One

  • Why Physical Security Matters
  • Pin Tumbler Locks
  • Common Tools, Basic Opening Techniques
  • Pin Tumbler Locks (Tubular, Cross, Dimple)
  • Wafer Locks
  • Raking & Jiggling
  • Combination Locks (Shimming, Decoding)
  • Warded Locks
  • Lever Locks
  • Barrel Locks
  • Handcuffs & Gun Locks
  • Lock Bumping

Day Two

  • Pick Resistant Locks (keyways, pins)
  • Shim Resistant Locks
  • Side Pins
  • Side Bars (Medeco, Smart Key)
  • Mul-T-Lock overview
  • Rotating Disk overview
  • Magnetic Lock overview
  • Impressioning intro (filing, foil, casting)
  • Bump Countermeasures
  • Corporate Concerns (key control, master keying, fire access, elevators)
  • Electronic Locks (Cliq attacks, RFID cloning, access control sniffing)
  • Quick Bypassing for Pen Testers
  • Social Engineering for Pen Testers
  • Lockpicking Forensics
  • Legal Concerns
  • Details of Equipment and Tools

Hide

Course Syllabus

Schedule
Date Time Instructor
Sun Sep 23rd, 20129:00 AM - 5:00 PM
Deviant Ollam
Mon Sep 24th, 20129:00 AM - 5:00 PM
Deviant Ollam

Additional Information

Basic System Requirements

  • x86-compatible 1.5 Ghz CPU Minimum or higher
  • DVD Drive
  • 1 Gigabyte RAM minimum or higher
  • Ethernet adapter
  • 5 Gigabyte available hard drive space

Software:

  • You are required to bring Windows 7 (Professional or Ultimate), Windows Vista (Business or Ultimate), Windows XP Pro, or Windows 2003 or 2008 Server, either a real system or a virtual machine.
  • You must have either the free VMware Player 1.0 or later or the commercial VMware Workstation 4.0 or later installed on your system prior to coming to class.

List of Materials for Students

  • Nessus Professional Feed Software
  • DVD with Vmware image

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

  • Penetration testers, security auditors, IT professionals responsible for infrastructure oversight.
  • Student Requirements, experience/expertise
  • This course begins at the complete novice level, no prior knowledge of lockpicking is necessary.
  • A lockpicking toolkit with a varied blend of hooks, rakes, diamonds, and tension tools
  • A set of ten training and practice locks
  • Wafer lock tools and a sample wafer lock
  • A door latch bypassing tool
  • A locksmith's impressioning file
  • A pocket microscope & key gripper (also for impressioning)
  • A bump key