Lab401 Workshop: Physical Pentesting with Covert Entry
Physical penetration without infraction is a cornerstone of penetration testing.
Clients of all experience levels will leave this workshop proficient physical penetration testers.
Focused on hands-on training, clients will pick locks, bypass deadbolts and safety doors, mold keys, decode keys from a picture, learn privilege escalation on simple and advanced masterkey systems, identify and duplicate RF and RFID credentials...
After three days training, clients will have the skills and tools necessary to audit and enter a vast array of locations, including public (hotels, etc), commercial (offices, headquarters, warehouses) and industrial sites (critical infrastructure: power, security, etc)
Physical Security Expert
Security trainer for pentesters, computer scientists and the military for 10 years, Alexandre Triffault ( @Frenchkey_FR ) is developing tools and techniques to circumvent physical security devices (https://www.intrusion.eu/) . Specialized in 3D printing Keys and Tools, his work consists in finding and exploiting the flaws in access control systems, electronic or mechanical.
He is World Champion in impressioning technique (LockCon 2016). He is also a Research Associate at the Virology and Cryptology Lab at ESIEA and gives physical security classes in several IT Schools, and delivers training and consulting to multiple governmental and private organizations in Europe. He has lectured his research over the years at various international conferences and workshops, such as Nuit du Hack (FR), Defcon Lockpick Village (US), Hackito Ergo Sum (FR), LockCon (NL), SigSegV1 (FR), IT Defense (DE), GS Days (FR)...
- Security Professionals
- Law enforcement / government
- No previous knowledge of locks, keys or lockpicking is required.
- An interest in physical security
- Clients can bring their own locks, keys and tools if desired
- Detailed training manual.
- Lockpicking Kit
- Bypass Kit
- RFID/RF Recon tools
- 📅 June 15-17, 2020 📍 Paris, France 🇫🇷/🇬🇧
- 📅 July 15-17, 2020 📍 Paris, France 🇫🇷/🇬🇧
Signup for an upcoming workshopSignup for workshop
Detailed Course Overview
Physical Entry Introduction + Attacks on popular office locks
Day 1 is an overwiew of the possible targets and scenarios available to the attacker in the real world, and the first lockpicking session of the training.
- Social Engineering
- Access opening
- The different types of locks
- How they work
- How to identify them
- Casual intruder (opportunist)
- Organized burglar team
- Industrial espionage
Pin tumblers locks + Padlocks (Combination and with keys)
Day 2 focuses on learning and practicing various lockpicking and bypass techniques on pin tumblers locks, padlocks and combinations.
- Raking/Single Pin Picking
- Specific Tools
- Tips and tricks
- Mechanical Pickgun
- Electronic Pickgun
- Tension Tools in depth
- Shims (where possible)
- Blade bypass (where compatible)
The Key, the Door, the RF and the RFID vectors
Day 3 is the time to think outside of the box with mutliple additional attack vectors available to the pentester.
- Photo decoding
- Special techniques
- Different techniques (push/pull)
- Compatible locks
- Via Latches
- Via Handles
- Emergency / pushbar doors
- Attack vectors
- Vulnerable systems
- Attack vectors
- Summary: Attack Vectors
- Summary: Tools & Techniques
- Possible counter-measures
- Homework: How to develop skills
- Legal: Don't go to jail
How to participate?
Workshops are regularly scheduled, with the additional possibility of private sessions if required. To stay informed about upcoming workshop dates, subscribe to our Workshop mailing list.