NEW Managing Security Vulnerabilities: Enterprise and Cloud Course in Boston. Save $300 thru 2/26


Washington, DC | Fri, Jun 14 - Sat, Jun 22, 2013
This event is over,
but there are more training opportunities.

SPECIAL: Physical Penetration Testing - Introduction

Sat, June 15 - Sun, June 16, 2013

  • 12 CPEs
  • Laptop Not Needed

Physical security is an oft-overlooked component of data and system security in the technology world. While frequently forgotten, it is no less critical than timely patches, appropriate password policies, and proper user permissions. You can have the most hardened servers and network but that doesn't make the slightest difference if someone can gain direct access to a keyboard or, worse yet, march your hardware right out the door.

Those who attend this session will leave with a full awareness of how to best protect buildings and grounds from unauthorized access, as well as how to compromise most existing physical security in order to gain access themselves. Attendees will not only learn how to distinguish good locks and access control from poor ones, but will also become well-versed in picking and bypassing many of the most common locks used in North America in order to assess their own company's security posture or to augment their career as a penetration tester.


Day One

  • Why Physical Security Matters
  • Pin Tumbler Locks
  • Common Tools, Basic Opening Techniques
  • Pin Tumbler Locks (Tubular, Cross, Dimple)
  • Wafer Locks
  • Raking & Jiggling
  • Combination Locks (Shimming, Decoding)
  • Warded Locks
  • Lever Locks
  • Barrel Locks
  • Handcuffs & Gun Locks
  • Lock Bumping

Day Two

  • Pick Resistant Locks (keyways, pins)
  • Shim Resistant Locks
  • Side Pins
  • Side Bars (Medeco, Smart Key)
  • Mul-T-Lock overview
  • Rotating Disk overview
  • Magnetic Lock overview
  • Impressioning intro (filing, foil, casting)
  • Bump Countermeasures
  • Corporate Concerns (key control, master keying, fire access, elevators)
  • Electronic Locks (Cliq attacks, RFID cloning, access control sniffing)
  • Quick Bypassing for Pen Testers
  • Social Engineering for Pen Testers
  • Lockpicking Forensics
  • Legal Concerns
  • Details of Equipment and Tools



SANS Hosted are a Series of Classes Presented by Other Educational Providers to Complement Your Needs for Training Outside of our Current Course Offerings.

Course Syllabus

Additional Information

  • Penetration testers, security auditors, IT professionals responsible for infrastructure oversight.
  • Student Requirements, experience/expertise
  • This course begins at the complete novice level, no prior knowledge of lockpicking is necessary.
  • A lockpicking toolkit with a varied blend of hooks, rakes, diamonds, and tension tools
  • A set of ten training and practice locks
  • Wafer lock tools and a sample wafer lock
  • A door latch bypassing tool
  • A locksmith's impressioning file
  • A pocket microscope & key gripper (also for impressioning)