Event Logs

Collapse

• Hack Chat Transcript, Part 3

  Dan Maloney • 06/03/2020 at 20:05 • 0 comments

  morgan12:58 PM
  heh, classic 'get into the gated community party' trick

  Which is why I installed my own ;-) Just wondering if there are any undocumented surprises that got slipped in there

  anfractuosity12:58 PM
  sorry, i'm a bit confused you mean, you attach a metal plate, and use a microphone + amp? What's the metal for?

  Eric12:59 PM
  Speaking of default codes. Many safes use 50-25-50 before installation... Also common but less so, 25-50-25 and I've seen 25-50-75 in one case

  Deviant Ollam12:59 PM
  @Eric this is correct... but we've used it when in a building during the daytime to add a new user =)

  Eric1:00 PM
  I have seen safes in the field where that code wasn't changes. Employees actually using 50-25-50 as "their" code.

  Deviant Ollam1:00 PM
  @anfractuosity so that my mag-mount audio pickup has something to which it can attach

  anfractuosity1:00 PM
  ohhh

  anfractuosity1:00 PM
  sorry :)

  Deviant Ollam1:00 PM
  @Eric yes, those are all common. i have a list somewhere, standby...

  Deviant Ollam1:01 PM
  

  anfractuosity1:01 PM
  haha cool

  Deviant Ollam1:01 PM
  @anfractuosity no worries@!

  Eric1:01 PM
  These are fun. I have access to one if I need it... https://www.google.com/search?client=firefox-b-1-e&q=TL2000+safe+dialer

  Welp, that was a wicked fast hour! We usually like to let our hosts get back to life at this point, but of course everyone is free to stay on and chat as long as you like. I want to thank @Deviant Ollam for his time today and for sharing his expertise. This was a fun one!

  Deviant Ollam1:01 PM
  @Eric the ITL-2000 is a nice unit, but the Combi blows it out of the water

  anfractuosity1:02 PM
  do some of those dialers, use acoustic analysis?

  Eric1:02 PM
  The "Soft-drill" You don't see those very often however.

  Deviant Ollam1:02 PM
  
  

  https://www.qtactical.com/combi-qx3-autodialer-preview/

  QTACTICAL® TOOLS AND TECHNOLOGY
  

  Combi QX3 Autodialer Preview

  Lockmasters, Inc: 859-885-6041 - www.lockmasters.com MBA USA, Inc.: 859-887-0496 - www.mbausa.com Combi QX3 is a high-speed, wirelessly controlled safe lock dialer (autodialer) for opening Group 2 mechanical combination locks. 8 Hour Average Opening Time Combi QX3 uses a precision step motor with an optical encoder to maintain accuracy even at exceptionally high speeds.

  Read this on Qtactical® Tools and Technology

  anfractuosity1:02 PM
  cool!

  Deviant Ollam1:02 PM
  thank you @Dan Maloney for having me here!

  FYI, I'll post a transcript in a few minutes, in case anyone missed any links. And don't forget next week, when we'll be talking about Rapid Prototyping (sorry, no link yet)

  Deviant Ollam1:02 PM
  (the combi was made by guys we know at Q-Tactical specifically to be an ITL-2000 competitor)

  Eric1:03 PM
  Softdrill I think we <13 minutes. They took them off the market except for limited 'special' customers

  Thanks Dev and all!

  tonkas641:03 PM
  @Deviant Ollam cheers for your time and knowledge, awesome as always :-)
  

• Hack Chat Transcript, Part 2

  Dan Maloney • 06/03/2020 at 20:04 • 0 comments

  Deviant Ollam12:26 PM
  

  when i say "any one" i mean any super clear one

  anfractuosity12:27 PM
  silly question, do you ever use a stethoscope ?

  Deviant Ollam12:27 PM
  @anfractuosity something similar! i use an audio pickup amp at times

  anfractuosity12:27 PM
  ooh, cool i wasn't sure if they where really used

  anfractuosity12:28 PM
  i saw some safe locks which claim to be resistant against x-ray which sounds interesting i thought

  Deviant Ollam12:28 PM
  think of it as a stethoscope but it mag-mounts to the safe door. and it's not like a little cup on the end... it has a metal probe that hears vibrations within the safe. (and you're mostly hearing contact points where the nose interacts with the drive cam, as opposed to hearing the "wheels" as it were)

  oz12:28 PM
  I'd buy safe cracking 101 if I could. I have a couple of tell coin safes I'd like to open and put to use.

  anfractuosity12:29 PM
  neat @Deviant Ollam :)

  Douglas Henke12:29 PM
  Do you have any tools that caused a "where has this been all my life?" moment. (For me, the recent answers are Knipex cutters and step drills.)

  Deviant Ollam12:29 PM
  @anfractuosity Grade 1R safes, yes. "resistant to Radiographic attack" ... often Delrin plastic wheels. they have other vulnerabilities

  Tametomo12:29 PM
  Safe against x-rays could just mean they're lead lined.

  Deviant Ollam12:29 PM
  @Douglas Henke the A-1 pak-a-punch and the new Lishi 2-in-1 decoder picks

  anfractuosity12:29 PM
  @Deviant Ollam heh neat, could you expand on other vulnerabilities, if you can

  Deviant Ollam12:29 PM
  @Tametomo shielding became a ladders-and-walls game during the cold war. new materials, like polymer wheels, were the solution

  Deviant Ollam12:30 PM
  @anfractuosity you can melt the wheels... enough heat or even acid injected in the right spot, and the wheels just fall apart, lol

  anfractuosity12:30 PM
  haha wow

  anfractuosity12:30 PM
  that's very cool

  oz12:31 PM
  Aren't most modern containers electronic locks?

  thomas.august12:31 PM
  @Deviant Ollam Can you point me to any case studies or news articles where poor physical security practices have directly led to thefts or data breaches? I know it's implied, but sometimes its good to have independent sources to show that not focusing on this stuff has real consequences.

  Eric12:31 PM
  Get the safe too hot and the fusible link goes and triggers relockers and no one is opening that safe!

  thomas.august12:32 PM
  Management folks are not always the most tech savvy

  Deviant Ollam12:32 PM
  @oz i would say that most modern "building security solutions" are moving to electronic. and electronic locks are making in-roads even in residential spaces, yes. but mechanical locks will still be with us for quite a while

  Deviant Ollam12:32 PM
  @thomas.august most stories like that are ones that entail stolen laptops or other endpoints

  Eric12:32 PM
  To anyone who thinks they might try drilling a quality safe, watch out for tempered glass between the door and the lock. Break it and relockers trigger.

  Deviant Ollam12:33 PM
  @Eric yes, it's a delicate balance, that kind of attack

  Tametomo12:33 PM
  The security industry isn't often what outsiders think it is. You have to deal with risk bars, which are just a way of saying "will the solution cost more than the potential problem"? So depending who does the calculations, something can either be critical to fix, or something just worth ignoring.

  pop1312:33 PM
  Do you think that electronic systems have higher a higher barrier to entry for the common criminal?

  Here's a question: do electronic safes have built-in back doors, like service technician codes so they can get in no matter what the owner does?

  oz12:34 PM
  @Deviant Ollam I was thinking of modern classified document storage containers. I thought that mechanical locks could not meet the requirements. \

  Eric12:34 PM
  Really really really old safes had explosives loaded in them. Watch out.

  Deviant Ollam12:34 PM
  here's another interesting kind of auto lock with a specialized entry pick tool...

  ... Read more »

• Hack Chat Transcript, Part 1

  Dan Maloney • 06/03/2020 at 20:04 • 0 comments

  Deviant Ollam12:00 PM
  Good evening, good morning, and good 'morrow... depending on what time zone you're in while reading this! 👍

  Hello all, welcome to the Hack Chat today. I'm Dan Maloney, I'll be moderator today for our chat with Deviant Ollam. We'll be talking about physical security - locks, lockpicking, etc.

  Hi @Deviant Ollam, welcome to the Hack Chat! Perhaps you can start us off with a little aboutyourself and how you got into the security game?

  cdecde57 joined  the room.12:00 PM
  

  Tametomo joined  the room.12:01 PM
  

  Deviant Ollam12:01 PM
  Sure thing

  Deviant Ollam12:01 PM
  Thank you for having me, BTW

  Deviant Ollam12:01 PM
  =)

  Deviant Ollam12:02 PM
  I get a lot of folk who reach out to me or approach me at events and speak with awe over the idea that my career exists -- that I get paid to break into secure facilities -- and the first thing I try to always tell folk is that I got here by tripping over backwards into opportunities that I wasn't expecting, and that some of the best things you will get to do in your life are things you haven't even considered yet.

  Deviant Ollam12:03 PM
  I started as a computer and network engineer, with lockpicking merely as a hobby. That hobby became my full-time work (in a manner of speaking) and I credit this almost entirely to my attempts at giving away knowledge and teaching as much as possible

  Dang, that's what I've been trying to tell my son for years now. You put it way better than I ever could have.

  31337Magician joined  the room.12:03 PM
  

  thomas.august joined  the room.12:04 PM
  

  Zack Freedman joined  the room.12:04 PM
  

  t.w.otto12:04 PM
  looking forward to hanging out @Deviant Ollam

  Deviant Ollam12:04 PM
  How did others get involved with "hacking" (Depending on your definition of it)

  31337Magician12:05 PM
  I wanted to make airplanes do stupid things in flight simulator when I was a kid.

  pop1312:05 PM
  Mostly by just messing with stuff and discovering there is a community around it

  t.w.otto12:05 PM
  for me it was BBS's and it seemed like something super interesting, i like to tinker. then defcon. now its part of life

  Deviant Ollam12:05 PM
  @31337Magician oh totally! seeing how far straight up it could fly, etc? (or crashing it into things, or trying to)

  For me, it's just wanting to know how everything works. Can't really do that with tearing it apart, whether it's hardware or software

  31337Magician12:06 PM
  I used to switch physics profiles of airliners and aerobats then join public servers and freak people out at the airfield.

  Deviant Ollam12:06 PM
  @pop13 absolutely... it's one thing to tinker and want to disassemble and learn, but meeting with communities of other folk who are resources is so rewarding

  t.w.otto12:06 PM
  and im teaching my spawn to tinker and question everything

  Tametomo12:06 PM
  Got into programming when I was 5, and was fascinated with breaking things in unusual ways.

  Nicolas Tremblay12:06 PM
  I always was interested in electronics and how stuff was built. The my boss wanted to know more about 3D printers. That got me to find Make magazine and the whole community.

  Tametomo12:06 PM
  Never grew out of that.

  Lennaert Oudshoorn12:07 PM
  Started programming when a teacher gave me a book about basic and let me sit behind the computer because I always finished my assignments early, rolled in to the rest from there.

  Deviant Ollam12:07 PM
  @t.w.otto do you find that you're buying kits or items specifically for that or using things around the house? my wife and i were saying recently how modern products (a remote control, for example) are all tabs and not screws and usual fasteners anymore, etc.

  thomas.august12:07 PM
  Officially, during an special IT audit for a DOD contractor. Unofficially, I learned a lot about radio and telephones as a kid.

  pop1312:07 PM
  And by taking stuff apart as a kid

  Deviant Ollam12:07 PM
  @Nicolas Tremblay what 3D printers do you have or use, may i ask? Our firm has a PRUSA

  t.w.otto12:08 PM
  that is a challenge....

  Read more »

View all 3 event logs