As mentioned in the doobly-doo... this was an impromptu recording that isn't my usual caliber of capture but since a camera showed up, I was glad they gave me the footage. There was one battery change that took place about 80 minutes in (and we lose maybe a minute of the talk) but other than that and the imperfect audio... I'm still happy to share this with you folk!
@@DeviantOllam I will pull that talk up from time to time to show to friends because its both interesting and genuinely entertaining. I have had many friends later come to me talking about stuff they noticed in their own lives that they could relate back to that talk. Might show this one to a few people at work to help nudge them in the right direction on security.
Had me double-checking that I still have a CH751 on my ring. It's Spectrum branded and labeled as CH751, because if you are a school and need to secure 30 laptops in a charging cart, CH751 will provide... Superb lifetime warranty though, would buy from them again if 2020 hadn't eliminated charging carts from schools. I also sadly have a Mesan 4444 key because I need it, I often have to be careful I don't pull the core out with the key :/
When I was in the boy scouts the cabins had generous gaps by the latch/deadbolts that you could fit a pocket knife into. With a little patience, we learned how to scrap the bolt along with the tip of the knife until it would trip and unlock the door. No pantry or kitchen was safe when the leaders were out.
Be honest: How many here were listening to the video and guessing what Dev's going to talk about next? I may have heard some variation of these talks multiple times, but I just cannot ever get tired of hearing it. Thank you again for a new presentation, Deviant.
@@DeviantOllam That entire last segment was new to me. The well known material is like an old Rob White bit. “They call me tater salad.......” I half expect people to start clapping when the canned air comes out. ;-)
@@DeviantOllam Until everything you talk about (all the easy door bypasses) gets fixed in a majority of critical places, I don't think you should stop talking about it :)
@@АнтонГусев-н5ю This this this this this. The fact that Deviant has been a squeaky wheel for several years on these subjects shows just how much these security practices need to be updated.
I inherited the security role I have now only in the last year from two guys who stopped caring. End of December one of our IT guys noticed a switch room door was left open. Its not got an alarm, no access control, just a standard lock. I pull up the only camera that can see it, which is at the worst possible angle, but it just barely sees the door. I start going back through the footage trying to see when it was last opened. I go back a few hours, its open, a few days, its open, eventually I'm back over two weeks before finally finding the point it was opened. And it was one of the two guys who had been handling security before me. And he opened it for the freaking elevator guys, despite that room not handling the elevators at all. It was like 30 seconds to just point it out I guess for some reason. Fortunately with basically no one in the building because of the obvious reason, nobody else went in that room during that time until an IT guy was in the office and saw the door open and put up the alert. This is large part of the reason we are now in the middle of a project to replace our entire physical security infrastructure.
That's Deviant's Title. Deviant "Walking OSHA Violation" Ollam... because he exists where he shouldn't. Like elevators checking Twitter, or playing Angry Birds, while charging his phone, browsing youtube, camping, taking a nap, firing up the BBQ grill, inviting the entirety of Iceland to join his Elevator BBQ, all meanwhile every guard and employee of the company he is currently in are totally clueless.
it stinks that the camera blipped (i think due to a battery change) right as i was talking about how we used vehicles and had team members act as unhoused folk
I recall seeing someone from MI5 on TV talking about catching a terrorist or something of that level of importance (I could tell they were a spy because they had a pixelated face), and they specifically mentioned how they were sleeping rough, "stinking of my own urine" he said, in an alleyway where the target walked by every day. I'm not saying you have to go as far as this guy did, but it's an actual tactic used by very real spies.
while I love your content since it appeals to the security enthusiast in me, it also helped with a design for my architecture electives thanks to your knowledge of building codes and your view on circumventing them. it really makes you think in both a builder and breaker perspective basically thanks for giving me a leg up in architecture class
I truly think a lot of dislikes are accidents. I've gone back to videos I watched previously and noticed I had clicked the dislike button accidentally :(
As a former Carpenter I used to hang and rehang a lot of doors and its amazing how many exterior doors I have rehung that were improperly installed with just nails and no screws or blocking behind the jam. The door knobs and deadbolts barely lineup.
These talks are both terrifying and reassuring. Terrifying, because being a musician with tons of expensive music equipment, ya tend to worry about protecting your shit. Reassuring in that I love the easy solutions to protect and secure my stuff. Love your stuff Deviant! :)
My favorite is the security protecting the key that opens most city property in my city - the key most city employees carry is stamped “do not copy” and has a logo for the local locksmith who made them. Even that specific locksmith would make copies.
Love watching these. Whilst some of these issues won't apply or be the same in the UK. It's amazing how much you notice after watching a few of these vids. Keep up the good work sir.
Codes and regs will undoubtedly be different, but it's shocking just how much stuff made for the US market makes it's way over here virtually unchanged.
@@dafoex Fortunately, most brands of physical install gear keeps separate product lines for US compliance rules, accidentally limiting the spread of US stupidity. But we in Europe still suffer from a few things like Master lock and Yale products. Plus random US imports and our own bad products, that those of us in the know routinely replace.
@@Atlessa You probably want to see this video, too: LockPickingLawyer, BosnianBill, LockNoob and Deviant Ollam at Circle City Con 2020 th-cam.com/video/-43REd2pATQ/w-d-xo.html
I'm an irrigation tech and I often don't have access to certain areas but your vids have taught me many great ways to by-pass access with a 5 foot long piece of 1/2 inch pvc pipe.
I got to this video a bit late. It's a great talk and I love the lively audience. You also interacted with them nicely. I'm sure it must have been fun presenting for this crowd. I definitely second the idea of putting the untold stories (and the told ones, too) into separate "storytime" videos. Those stories are great fun and they illustrate how the individual weaknesses combine in a complete breach. They also illustrate the human aspects the best.
It seems like the more "safe" we try to make everything, the less secure it becomes. Interesting stuff. Thanks for teaching me a few ways to not be victim to this so easily.
Hotel room deadbolts are even more interesting because they often aren't doing anything mechanical. On a certain brand (that will remain nameless until I get through the responsible disclosure stuff) the deadbolt thumb turn operates a switch that tells the controller that the deadbolt is set. The controller then denies access to valid credentials unless the credential has the deadbolt override bit set. If you have the ability to program your own credentials, you can set the deadbolt override bit yourself.
Excellent talk Deviant. Really enjoyed the deep (but not too deep) dive into all the topics. Even learned a few things. Hope everyone is staying safe, take care.
As a guy who used to have an instantly recognizable federal uniform [civilian], I will attest to the fact that looking the part and being confident are half the battle. All of the talks I've seen so far are incredible and exploit things I knew existed but I never knew how broad some of the implications were. Fascinating stuff.
I love all the talks about the common key cuts. For my job I have four keys that cover 90% of what I do CH751 is about 40%, an Abloy (I'm guessing master key) 40%, C415A 10%, the last may be a bit more secure as it has no name in the key but it has a code on the side 10%
One of my favorite videos. Although commonly called motion detectors, I believe that PIR sensors do not, rigorously speaking, "detect motion". They detect changes in total infrared luminosity in the field of view. A person walking into that field will typically radiate more energy in the infrared part of the spectrum, brightening the field (increasing total luminosity), and triggering the sensor. In contrast, the dust-off spray creates a dark cloud (in the infrared) due to its lower-than-ambient temperature, resulting in less radiation in the IR. This is also detected as a change in total luminosity, a reduction in this case, which, if the change exceeds a threshold, also causes the PIR’s switch to open (if NC, or close if NO). The PIR’s switch is in turn wired to the doors electromagnet controller, perhaps a door control system like a Linear, momentarily shutting off current to the magnet.
Once I was in Italy really drunk with some friends and the hostel locked us out because it was too late and we were able to open the main door with a credit card, didn't even took us a minute, first time ever trying to get into a building.
The Amanda Palmer quote is the most beautiful way you could have ended your talk with. Keep being awesome, you're making the world a less scary and better place to live in.
Thanks Deviant. Your explanation of the guard bolt got me looking at my front door, and yep, it was installed so poorly that the guard bolt wasn't engaging and I could open the locked deadlock (a decent quality Lockwood 001) from the outside with the first piece of plastic I grabbed. Took an hour or so to reposition the catch plate and install longer screws, but for the first time in years my house is actually locked :)
@@johndododoe1411 thanks for the tip, but it's the correct strike plate. They are aligned ok, but the gap between the deadlatch and the strike plate was too wide, so I packed out the wood under the strike plate to close up the gap. Now there's only 2mm between them and the guard bolt engages properly.
@@DeviantOllam Absolutely! The stories are great fun and they provide better insight into how the individual aspects combine in an actual attack. They also show the human interactions the best.
Every time one of these videos pop up in a recommendation or by a friend sending them to me I always love watching the different techniques on display. Not just those by the pen testers, but also the recipients, the plastic scoops and the trackdoors. Always in awe of how calm you are during confrontations/interrogations while on the job and truly envy the level headedness. Definitely wonder if you've ever responded to "Who are you guys, why are you here?" with the "yeah, the building owners requested a pen test observation. Just checking any obvious egression flaws that should be remedied before the next annual progression meeting. Don't mind us, this is some basic stuff. Oh, speaking of, do you mind showing us to the guard post? It's a critical site to harden." And then ask for any guards to step outside for a while "to really get a good look at all the angles." Plot twist: this isn't a job hit.
Goodness! I sat through the entire video first thing in the morning, because it was all so fascinating I could drag myself away. I've hear the armed guard story before, but it was just as good second time round, although Deviant put more detail for the cop aspect of the story last time.
Hey Dev! I really, really love your talks. If not for covid, I would have tried to get to listen to one in person, though since I'm from Europe, it would probably be hard to get to one of these smaller talks, timing wise. Thank you so much for uploading these talks to YT, I'm looking forward to new talks from you!
The room that we had robotics club in at my old high school had a door that had a solid inch and a half of space under it. One day we were trying to get in and we used a piece of bamboo from outside and a bit of string we found somewhere to make an under-door tool, which we then left hidden on top of some exposed ventilation stuff on the ceiling outside in case we ever needed to let ourselves in lol. The worse the door fitment, the more options to open it with random garbage you find lying around.
Absolutely wonderful talk. I'm going into cybersec, and this is very useful information (can't have cybersecurity if your infrastructure isn't secure).
You remind me of Scotty Allen from Strange Parts... You two kinda look alike (especially this bit @24:26), you're both passionate about your subject, love sharing and teaching your subject...
Would love to hear more stories. Also I have been doing this for a few years now. The apartment where I live has a call box. You dial a number for the person you want to see and the box rings their phone they press a number on there phone to let the person in. So instead of carrying my key fob I just buzz myself in. It takes a bit more time and can be a bit cumbersome but it is more secure. I mainly do it just so I dont have to carry a key fob.
If you've got a cloner, you can make a new credential and then carefully break it open and extract the goodies at which point you put it in between your cell phone and cell phone case. Likely this isn't necessary for your situation, but figured I'd share nonetheless
Also that corner looks similar to the Linus MG meeting room (think when they pulled the blurry project prank) and also we know Linus makes sure that keys are blurred out in videos.
Entering a biomedical facility with an RFID reader by bullshiting guards and giving them weird hugs - and that, folk, is what you get when you let your kids play cyberpunk roleplaying games!
In eastern europe where I live most residential area doors open to outside. But we do not have hingepins, hinges are usualy one piece of steel and they are quite big, and hinges like those you guys show are for wardrobe doors. And especialy in older doors there are 3-4 spikes that dig in into door frame when doors are closed so even if you grind down the hinges doors wont budge.
Amazing content, albeit some key opening technicques are specific to the american market, the overall way of thought and especially the stories are amazing and really open the mind of the dangers and security gaps. Will recommend further.
The Amanda Palmer bit at the end was a nice touch.
3 ปีที่แล้ว +2
God, latch slipping is so common. It became common knowledge in my middle school back in the day that you could open basically any locked door in the school by slipping a credit card in the crack, tilting it down, and pushing down to shove it between the latch and the frame. At least a dozen times I used that to get a jacket I forgot in a classroom after school, lol. The same tricked worked in my high school's interior doors iirc.
You had credit cards as kids? I would have expected basic ID cards.
3 ปีที่แล้ว
@@johndododoe1411 Yeah that's what they really were, or gift cards or something. Just said "credit card" out of habit but that's not technically what they were
You are not afraid of the darkness. You are not afraid of the darkness because it feels lonely. You are afraid of the darkness... because you fear NOT being alone in it! You fear the unknown. ;-) I love these talks. THANK YOU @DeviantOllam for making your channel!!! :-D :-)
UKoalaBag has similar bag that is a little larger (and notably more expensive than the bags from Mishu that Tarah linked) that also has a built in option for a concealed carry holster. ukoalabagstore.com/product-category/bags/
Hey, Ollam, how would you feel about doing a version of your classes geared towards first responders? Non-destructive forcible entry, bypasses, and so forth. Ways for us to get into places faster or less destructively than using a set of irons.
Many of the solutions to the EZ break in techniques are common in recurring studios type door frames. Most are designed to automatically make a near airtight seal. Some are like Deviant Plan showed others use powerful magnets to pull a seal up into a gap. If air can't vibrate through, it is quite difficult to get a small rod, flat or even a gas through. It does cost a bit more though.
About direct bitting stamped on the key, how about when the housing company stamped (more or less) the address on the keys? It was apartment numbers, but that encoding was trivial to decode to the address. To "fix" it they crossed out the bad code with x:es, so the code was still visible.
One question I've always had. You have a VERY recognizable face and voice, at least in the hacker/lockpicking community. Have you ever had a situation where a clients in house security has recognized you or Babak or someone else personally while on a job, just by happenstance of having seen some of your talks?
As mentioned in the doobly-doo... this was an impromptu recording that isn't my usual caliber of capture but since a camera showed up, I was glad they gave me the footage. There was one battery change that took place about 80 minutes in (and we lose maybe a minute of the talk) but other than that and the imperfect audio... I'm still happy to share this with you folk!
Love the long form lectures. You are a gifted speaker!
@@brickchains1 thank you so very much :-)
LMG??? I'm new here and I'm wondering, what is that an abbreviation for??? **Edit** I read some other comments and one told me what I wanted to know
@@northwiebesick7136 Lake Missoula Group
I love you vocab similarities between yourself and AvE man!
The sequel to I'll Let Myself In that everyone knew they wanted! :D
indeed... this is definitely the spiritual (and practical) successor to that talk.
@@DeviantOllam I will pull that talk up from time to time to show to friends because its both interesting and genuinely entertaining. I have had many friends later come to me talking about stuff they noticed in their own lives that they could relate back to that talk. Might show this one to a few people at work to help nudge them in the right direction on security.
Had me double-checking that I still have a CH751 on my ring. It's Spectrum branded and labeled as CH751, because if you are a school and need to secure 30 laptops in a charging cart, CH751 will provide... Superb lifetime warranty though, would buy from them again if 2020 hadn't eliminated charging carts from schools. I also sadly have a Mesan 4444 key because I need it, I often have to be careful I don't pull the core out with the key :/
I’ll let myself in definitely opens folks eyes...
@@DeviantOllam I was watching InRangeTV and wondered why you looked familiar, now I know.
When I was in the boy scouts the cabins had generous gaps by the latch/deadbolts that you could fit a pocket knife into. With a little patience, we learned how to scrap the bolt along with the tip of the knife until it would trip and unlock the door. No pantry or kitchen was safe when the leaders were out.
We used this attack to open the top firestair door, giving access to the roof so we could parachute (BASE) from the building at 2am.
Be honest: How many here were listening to the video and guessing what Dev's going to talk about next?
I may have heard some variation of these talks multiple times, but I just cannot ever get tired of hearing it. Thank you again for a new presentation, Deviant.
i'm so glad folk didn't think of it as all redundant and needless
@@DeviantOllam That entire last segment was new to me.
The well known material is like an old Rob White bit.
“They call me tater salad.......”
I half expect people to start clapping when the canned air comes out. ;-)
@@DeviantOllam Until everything you talk about (all the easy door bypasses) gets fixed in a majority of critical places, I don't think you should stop talking about it :)
That was me as well. I've heard like 5 versions of this talk, and a few versions multiple times. Some new stuff though.
@@АнтонГусев-н5ю This this this this this. The fact that Deviant has been a squeaky wheel for several years on these subjects shows just how much these security practices need to be updated.
I inherited the security role I have now only in the last year from two guys who stopped caring. End of December one of our IT guys noticed a switch room door was left open. Its not got an alarm, no access control, just a standard lock. I pull up the only camera that can see it, which is at the worst possible angle, but it just barely sees the door. I start going back through the footage trying to see when it was last opened. I go back a few hours, its open, a few days, its open, eventually I'm back over two weeks before finally finding the point it was opened. And it was one of the two guys who had been handling security before me. And he opened it for the freaking elevator guys, despite that room not handling the elevators at all. It was like 30 seconds to just point it out I guess for some reason. Fortunately with basically no one in the building because of the obvious reason, nobody else went in that room during that time until an IT guy was in the office and saw the door open and put up the alert.
This is large part of the reason we are now in the middle of a project to replace our entire physical security infrastructure.
12:51 "Walking OSHA violation" is my new favorite insult.
That's Deviant's Title. Deviant "Walking OSHA Violation" Ollam... because he exists where he shouldn't. Like elevators checking Twitter, or playing Angry Birds, while charging his phone, browsing youtube, camping, taking a nap, firing up the BBQ grill, inviting the entirety of Iceland to join his Elevator BBQ, all meanwhile every guard and employee of the company he is currently in are totally clueless.
That's everybody who does construction.
The last story - "Detailed dossier" - this was like some spy movie level stuff.
it stinks that the camera blipped (i think due to a battery change) right as i was talking about how we used vehicles and had team members act as unhoused folk
@@DeviantOllam haha and here I thought it was like "Oops, I wasn't supposed to talk about that!" :D
@@mirkalimaricadie160 Me too! I thought it was cut for either being "too hot for YT" or simply too long video. :)
I recall seeing someone from MI5 on TV talking about catching a terrorist or something of that level of importance (I could tell they were a spy because they had a pixelated face), and they specifically mentioned how they were sleeping rough, "stinking of my own urine" he said, in an alleyway where the target walked by every day. I'm not saying you have to go as far as this guy did, but it's an actual tactic used by very real spies.
@@dafoex Tom Marcus tells this story, or a similar one, in his book "Soldier Spy". The clothes were a disguise only. The end of his book is salutary.
while I love your content since it appeals to the security enthusiast in me, it also helped with a design for my architecture electives thanks to your knowledge of building codes and your view on circumventing them. it really makes you think in both a builder and breaker perspective
basically
thanks for giving me a leg up in architecture class
Even ignoring the quality of the content, this is a master class on how to do a power point presentation.
I was impressed when he smoothly moved to the chosen story slides.
power point presentations are extremely simple, if you actually have anything to present
The one dislike must be from the one of the security guard chasing him in the parking lot
hahaha, maybe =)
Must be, I can't see any other possibility.
I truly think a lot of dislikes are accidents. I've gone back to videos I watched previously and noticed I had clicked the dislike button accidentally :(
In that elevator story we learn the best technique; jargon is totally key to bullshitting your way into or out of literally anything.
As a former Carpenter I used to hang and rehang a lot of doors and its amazing how many exterior doors I have rehung that were improperly installed with just nails and no screws or blocking behind the jam. The door knobs and deadbolts barely lineup.
These talks are both terrifying and reassuring. Terrifying, because being a musician with tons of expensive music equipment, ya tend to worry about protecting your shit. Reassuring in that I love the easy solutions to protect and secure my stuff.
Love your stuff Deviant! :)
Love watching your talks. Always so much fun.
thanks so much! happy to entertain and educate
My favorite is the security protecting the key that opens most city property in my city - the key most city employees carry is stamped “do not copy” and has a logo for the local locksmith who made them. Even that specific locksmith would make copies.
I could listen to his stories all day. What a life he has.
Love watching these. Whilst some of these issues won't apply or be the same in the UK. It's amazing how much you notice after watching a few of these vids. Keep up the good work sir.
Codes and regs will undoubtedly be different, but it's shocking just how much stuff made for the US market makes it's way over here virtually unchanged.
@@dafoex Fortunately, most brands of physical install gear keeps separate product lines for US compliance rules, accidentally limiting the spread of US stupidity. But we in Europe still suffer from a few things like Master lock and Yale products. Plus random US imports and our own bad products, that those of us in the know routinely replace.
Somebody needs to do a montage of LPL saying "this lock is shim-able".
Or anything along the lines of "crucial flaw" or "vulnerable to low skill attacks"
@@inund8 Yeah, including the gun lock that can be defeated with a Lego toy.
Yikes! Can you imagine getting Dev's team and LPL together in a room?!?
CHAOS! WELL OILED CHAOS!!!
@@AflacMan13 Already happened. watch?v=O74Q1VTz4j4 (2 years ago even)
@@Atlessa You probably want to see this video, too:
LockPickingLawyer, BosnianBill, LockNoob and Deviant Ollam at Circle City Con 2020
th-cam.com/video/-43REd2pATQ/w-d-xo.html
I'm an irrigation tech and I often don't have access to certain areas but your vids have taught me many great ways to by-pass access with a 5 foot long piece of 1/2 inch pvc pipe.
the last story is simply fascinating. you can NEVER know for sure if a literal SPY is or isn't right next to you
its like stand up except the crowd is also partly terrified and are gonna call their contractors after the show
I got to this video a bit late. It's a great talk and I love the lively audience. You also interacted with them nicely. I'm sure it must have been fun presenting for this crowd.
I definitely second the idea of putting the untold stories (and the told ones, too) into separate "storytime" videos. Those stories are great fun and they illustrate how the individual weaknesses combine in a complete breach. They also illustrate the human aspects the best.
Also a TH-cam friendly short format that could get a fair bit of love from the algorithm.
You are a great speaker. I love they way you setup your presentations. It shows that you truly love to teach people these things.
i seen like 80% of this before , and it still never gets boring !
This is so so good, thank you for sharing. Please consider aggregating the other stories and sharing them here too!
I will!
It seems like the more "safe" we try to make everything, the less secure it becomes. Interesting stuff. Thanks for teaching me a few ways to not be victim to this so easily.
Amazing! Should be a Netflix Docu. Comedy. Thanks Deviant.
that'd be fun =)
So directly to the heart of the matter. Brilliant.
Every time I watch one of your talks it's the best talk I've ever seen haha
If I ever run a high security building, I'm using your videos to train guards.
Oh you spoil us Deviant! Christmas came late, but it sure as heck came nonetheless!
Hotel room deadbolts are even more interesting because they often aren't doing anything mechanical. On a certain brand (that will remain nameless until I get through the responsible disclosure stuff) the deadbolt thumb turn operates a switch that tells the controller that the deadbolt is set. The controller then denies access to valid credentials unless the credential has the deadbolt override bit set. If you have the ability to program your own credentials, you can set the deadbolt override bit yourself.
Yeap... You can hear it when the interior thumb turn isn't doing much mechanically
Excellent talk Deviant. Really enjoyed the deep (but not too deep) dive into all the topics. Even learned a few things.
Hope everyone is staying safe, take care.
thanks! hope you're staying safe, too
Every time I watch this I see something I forgot the first time, and it's been a few times now. great work, Mr Ollam.
As a guy who used to have an instantly recognizable federal uniform [civilian], I will attest to the fact that looking the part and being confident are half the battle. All of the talks I've seen so far are incredible and exploit things I knew existed but I never knew how broad some of the implications were. Fascinating stuff.
I love all the talks about the common key cuts. For my job I have four keys that cover 90% of what I do CH751 is about 40%, an Abloy (I'm guessing master key) 40%, C415A 10%, the last may be a bit more secure as it has no name in the key but it has a code on the side 10%
I've seen this guy's presentation probably a dozen times over the years, and it's entertaining every time.
I can't iam dead when you tell old war stories it cracks me up!!! 🤣🤣🤣
That towel in the hotel room door handle is a great trick! 👍
In the past 24hrs I’ve watched so many of these videos and this was definitely the best delivery of the Armed Guards story
Every time... too short, love the work.
Thanks for uploading this. It was a delight to watch
Glad you enjoyed it!
I've heard all about the under door attacks and all that, but man, every time there's a new story...
One of my favorite videos.
Although commonly called motion detectors, I believe that PIR sensors do not, rigorously speaking, "detect motion". They detect changes in total infrared luminosity in the field of view. A person walking into that field will typically radiate more energy in the infrared part of the spectrum, brightening the field (increasing total luminosity), and triggering the sensor.
In contrast, the dust-off spray creates a dark cloud (in the infrared) due to its lower-than-ambient temperature, resulting in less radiation in the IR. This is also detected as a change in total luminosity, a reduction in this case, which, if the change exceeds a threshold, also causes the PIR’s switch to open (if NC, or close if NO). The PIR’s switch is in turn wired to the doors electromagnet controller, perhaps a door control system like a Linear, momentarily shutting off current to the magnet.
I am excited to watch, I'll probably be going to be when this premieres, but I will definitely watch it.
It was fun, informative and illuminative. Thank you TH-cam algorithm and DeviantOllam.
Once I was in Italy really drunk with some friends and the hostel locked us out because it was too late and we were able to open the main door with a credit card, didn't even took us a minute, first time ever trying to get into a building.
The Amanda Palmer quote is the most beautiful way you could have ended your talk with.
Keep being awesome, you're making the world a less scary and better place to live in.
Thanks Deviant. Your explanation of the guard bolt got me looking at my front door, and yep, it was installed so poorly that the guard bolt wasn't engaging and I could open the locked deadlock (a decent quality Lockwood 001) from the outside with the first piece of plastic I grabbed. Took an hour or so to reposition the catch plate and install longer screws, but for the first time in years my house is actually locked :)
Don't reposition the strike plate, buy the real one with the smaller hole that the deadlatch can't go in.
@@johndododoe1411 thanks for the tip, but it's the correct strike plate. They are aligned ok, but the gap between the deadlatch and the strike plate was too wide, so I packed out the wood under the strike plate to close up the gap. Now there's only 2mm between them and the guard bolt engages properly.
Hi! I loved the stories you told near the end. Are you planning on ever telling the rest of them? Maybe as a Storytime video?
i could see doing that as future videos on my channel, if folk would like that
@@DeviantOllam they definitely would
@@DeviantOllam Absolutely! The stories are great fun and they provide better insight into how the individual aspects combine in an actual attack. They also show the human interactions the best.
@@DeviantOllam I would love to hear them!
@@DeviantOllam Yep, that would be WONDERFUL!
Every time one of these videos pop up in a recommendation or by a friend sending them to me I always love watching the different techniques on display. Not just those by the pen testers, but also the recipients, the plastic scoops and the trackdoors.
Always in awe of how calm you are during confrontations/interrogations while on the job and truly envy the level headedness. Definitely wonder if you've ever responded to "Who are you guys, why are you here?" with the "yeah, the building owners requested a pen test observation. Just checking any obvious egression flaws that should be remedied before the next annual progression meeting. Don't mind us, this is some basic stuff. Oh, speaking of, do you mind showing us to the guard post? It's a critical site to harden." And then ask for any guards to step outside for a while "to really get a good look at all the angles."
Plot twist: this isn't a job hit.
Goodness! I sat through the entire video first thing in the morning, because it was all so fascinating I could drag myself away. I've hear the armed guard story before, but it was just as good second time round, although Deviant put more detail for the cop aspect of the story last time.
I've watched you do similar talks online but you were really in the flow state on this one for sure. Great work man ty!
Ive heard those stories a dozen times but they always get a smile and laugh from me. [Toasts some Bushmills steamship to ya]
Hey Dev! I really, really love your talks. If not for covid, I would have tried to get to listen to one in person, though since I'm from Europe, it would probably be hard to get to one of these smaller talks, timing wise. Thank you so much for uploading these talks to YT, I'm looking forward to new talks from you!
The room that we had robotics club in at my old high school had a door that had a solid inch and a half of space under it. One day we were trying to get in and we used a piece of bamboo from outside and a bit of string we found somewhere to make an under-door tool, which we then left hidden on top of some exposed ventilation stuff on the ceiling outside in case we ever needed to let ourselves in lol. The worse the door fitment, the more options to open it with random garbage you find lying around.
Thanks!
Ah, yes. The Olden Days when we used to blow on our cake before giving it to our friends.
What kind of pointer are you using that allows that zoom in / highlighting of the slides? Thanks!
isn't it great?! that's the Logitech Presentation Tool also called the Logi Spotlight.
Absolutely wonderful talk. I'm going into cybersec, and this is very useful information (can't have cybersecurity if your infrastructure isn't secure).
You remind me of Scotty Allen from Strange Parts... You two kinda look alike (especially this bit @24:26), you're both passionate about your subject, love sharing and teaching your subject...
I love your videos! I am thinking about doing pintesting because of your great videos.
Would love to hear more stories. Also I have been doing this for a few years now. The apartment where I live has a call box. You dial a number for the person you want to see and the box rings their phone they press a number on there phone to let the person in. So instead of carrying my key fob I just buzz myself in. It takes a bit more time and can be a bit cumbersome but it is more secure. I mainly do it just so I dont have to carry a key fob.
If you've got a cloner, you can make a new credential and then carefully break it open and extract the goodies at which point you put it in between your cell phone and cell phone case.
Likely this isn't necessary for your situation, but figured I'd share nonetheless
Love it! Nice stories for rethinking security as a whole.
Lock Picking Lawyer: "That's what I've been saying!
I thought this was going to be a collab video with Linus Sebastian of Linus Media Group where you help upgrade his office's security.
that'd be neat. but, no, this was at Lake Missoula Group in Montana
@@DeviantOllam If ElectroBoom could do it, you can do it :D
@@p_serdiuk He wouldn't even have to ask, he could just invite himself in :)
Also that corner looks similar to the Linus MG meeting room (think when they pulled the blurry project prank) and also we know Linus makes sure that keys are blurred out in videos.
Entering a biomedical facility with an RFID reader by bullshiting guards and giving them weird hugs - and that, folk, is what you get when you let your kids play cyberpunk roleplaying games!
I'm convinced y'all could pull off a heist after listening to a few of these talks. Glad you guys use your knowledge for good haha
Absolutely brilliant!
Def one of my favorite talks that you have done
The door servicing story had me ROLLING on the floor
In eastern europe where I live most residential area doors open to outside.
But we do not have hingepins, hinges are usualy one piece of steel and they are quite big, and hinges like those you guys show are for wardrobe doors.
And especialy in older doors there are 3-4 spikes that dig in into door frame when doors are closed so even if you grind down the hinges doors wont budge.
21:39 that has to be one of the most literal security by-passes I've seen :-D
Here to hoping the end of 2021 brings back the Cons thanks for sharing the vid
New Deviant Talk!
yep! well, old talk... but newly published. =)
A good eye opener for sure, this was a great watch.
Frequent travelers. Crying in 2021 lockdown tears
I found this video randomly and I had just finished some coursework and thought why not.. Well time to test this on my flat and surprise everyone
I love watching these. This is great.
Thanks for enjoying!
Is this gonna be Linus Media Group? :D
That was exactly why I clicked on this!
@@robdavy4468 Me too, i wish it was :/
I thought this was a colab video with Linus lol!
yeah a few folk may have thought that. This is LMG Security, a firm in Montana where I had my office when i was living there.
@@DeviantOllam sounds like the people (us) want you to do a collab with Linus though!
Amazing content, albeit some key opening technicques are specific to the american market, the overall way of thought and especially the stories are amazing and really open the mind of the dangers and security gaps. Will recommend further.
The Amanda Palmer bit at the end was a nice touch.
God, latch slipping is so common. It became common knowledge in my middle school back in the day that you could open basically any locked door in the school by slipping a credit card in the crack, tilting it down, and pushing down to shove it between the latch and the frame. At least a dozen times I used that to get a jacket I forgot in a classroom after school, lol. The same tricked worked in my high school's interior doors iirc.
You had credit cards as kids? I would have expected basic ID cards.
@@johndododoe1411 Yeah that's what they really were, or gift cards or something. Just said "credit card" out of habit but that's not technically what they were
I love your lectures like this. Could you please do a video covering the stories you didn't get to tell in this one?
I would love just a storytime series from you.
You are not afraid of the darkness.
You are not afraid of the darkness because it feels lonely.
You are afraid of the darkness... because you fear NOT being alone in it!
You fear the unknown. ;-)
I love these talks. THANK YOU @DeviantOllam for making your channel!!! :-D :-)
you are so very welcome!
i wish you would do videos of just in the field because you tell good stories
OMG. What is that bag Tarah is wearing at 50:38? I've been looking for ages for good belt bags that don't look like a fanny pack.
I was wearing a bag from Mishu :-) www.mishuboutique.com/products/new-moon-bag
That’s not the bag itself but that’s the website. I don’t know if they still make the leather bags.
UKoalaBag has similar bag that is a little larger (and notably more expensive than the bags from Mishu that Tarah linked) that also has a built in option for a concealed carry holster. ukoalabagstore.com/product-category/bags/
@@TarahWheeler Thank you!
Dev is such a great speaker.
Hey, Ollam, how would you feel about doing a version of your classes geared towards first responders? Non-destructive forcible entry, bypasses, and so forth. Ways for us to get into places faster or less destructively than using a set of irons.
shop.redteamalliance.com/products/exigent-entry-restricted-1-day
Nothing short of amazing!!!
A master storyteller!
Bike story is great. I love that they didn't just grab their own bike to chase you.
Many of the solutions to the EZ break in techniques are common in recurring studios type door frames. Most are designed to automatically make a near airtight seal. Some are like Deviant Plan showed others use powerful magnets to pull a seal up into a gap. If air can't vibrate through, it is quite difficult to get a small rod, flat or even a gas through. It does cost a bit more though.
Can you throw up a link for the door wedge and the deadbolt strap? I'd like to get a set for my wife when she travels again someday.
www.leevalley.com/en-us/shop/home/travel/40812-veritas-travellers-doorstop?item=05K9920
supergriplock.com/
@@DeviantOllam thank you! I was just tracking these down when I saw this comment 😊 Would love to see a whole “Security on the Road” talk someday too
@@Chirael we had a plan to do that with the Modem Rogue possibly, back before COVID hit
About direct bitting stamped on the key, how about when the housing company stamped (more or less) the address on the keys? It was apartment numbers, but that encoding was trivial to decode to the address.
To "fix" it they crossed out the bad code with x:es, so the code was still visible.
Great movie well worth the watch.
incredibly action-packed.
One question I've always had. You have a VERY recognizable face and voice, at least in the hacker/lockpicking community. Have you ever had a situation where a clients in house security has recognized you or Babak or someone else personally while on a job, just by happenstance of having seen some of your talks?
Dev has mentioned accompanying his wife when he got recognized.
This was so informative! Thank you!
Saleae Logic is one of my absolute favorite tools.
they are great, aren't they?
That thumbnail is great! I wanted it to be a movie and the only anime I’ve watched is spirited away. Also, great presentation!
Thanks!