Register now for SANS Cyber Defense Initiative 2016 and save $400.

SANSFIRE 2013

Washington, DC | Fri, Jun 14 - Sat, Jun 22, 2013

Physical Penetration Testing - Introduction

  •  12 CPEs
  •   Laptop Not Needed

Physical security is an oft-overlooked component of data and system security in the technology world. While frequently forgotten, it is no less critical than timely patches, appropriate password policies, and proper user permissions. You can have the most hardened servers and network but that doesn't make the slightest difference if someone can gain direct access to a keyboard or, worse yet, march your hardware right out the door.

Those who attend this session will leave with a full awareness of how to best protect buildings and grounds from unauthorized access, as well as how to compromise most existing physical security in order to gain access themselves. Attendees will not only learn how to distinguish good locks and access control from poor ones, but will also become well-versed in picking and bypassing many of the most common locks used in North America in order to assess their own company's security posture or to augment their career as a penetration tester.

Day One

  • Why Physical Security Matters
  • Pin Tumbler Locks
  • Common Tools, Basic Opening Techniques
  • Pin Tumbler Locks (Tubular, Cross, Dimple)
  • Wafer Locks
  • Raking & Jiggling
  • Combination Locks (Shimming, Decoding)
  • Warded Locks
  • Lever Locks
  • Barrel Locks
  • Handcuffs & Gun Locks
  • Lock Bumping

Day Two

  • Pick Resistant Locks (keyways, pins)
  • Shim Resistant Locks
  • Side Pins
  • Side Bars (Medeco, Smart Key)
  • Mul-T-Lock overview
  • Rotating Disk overview
  • Magnetic Lock overview
  • Impressioning intro (filing, foil, casting)
  • Bump Countermeasures
  • Corporate Concerns (key control, master keying, fire access, elevators)
  • Electronic Locks (Cliq attacks, RFID cloning, access control sniffing)
  • Quick Bypassing for Pen Testers
  • Social Engineering for Pen Testers
  • Lockpicking Forensics
  • Legal Concerns
  • Details of Equipment and Tools

Notice:

SANS Hosted are a series of classes presented by other educational providers to complement your needs for training outside of our current course offerings.

Course Syllabus
InstructorsSchedule
Deviant Ollam Sat Jun 15th, 2013
9:00 AM - 5:00 PM
Deviant Ollam Sun Jun 16th, 2013
9:00 AM - 5:00 PM
Additional Information
 
  Who Should Attend
  • Penetration testers, security auditors, IT professionals responsible for infrastructure oversight.
 
  Prerequisites

This course begins at the complete novice level, no prior knowledge of lockpicking is necessary.

 
  Took Kit Included with Class
  • A twelve-piece lockpicking toolkit with a varied blend of hooks, rakes, diamonds, and turning tools
  • A set of eight training and practice locks
  • Wafer lock tools and a sample wafer lock
  • A tubular lock pick
  • Door latch bypassing tools
  • A locksmith's impressioning file
  • A pocket microscope & steel key gripper (also for impressioning)
  • A bypass tool for American Lock padlocks
  • A bypass tool for Adams Rite display cabinet locks
  • A multi-wheel combination lock decoder tool
  • Bump keys and a bump hammer
  • A polymer and steel lock mounting stand (for picking and impressioning)
  • A tactical pouch to contain it all when you leave the classroom and put your knowledge into action in the field!