Lock Bypass Village
This village explores all the ways you can hack physical security that don’t involve lockpicking. Try your hand at door hardware bypass techniques, disabling alarm systems and cameras, and applying a hacker mindset to secured physical spaces. Come learn advanced methods for physical red-teaming in today’s world - or just learn the ropes (and we mean that literally, too)! Just about every type of locking hardware has a bypass vulnerability, which we have here for you to learn and try out. If you want to up the stakes, try disabling alarms and security systems by attacking the sensors, controller, communication lines and everything in between.
We’ll run three village talks to teach the basics, and to cover exploits we can’t easily reproduce at DEFCON - come out to “DIY B&E A-Z, OMG” to do a whirlwind tour of the exploits available, and how to use them in context. Learn about alarm and response timing, avoiding and interacting with security, and other practical considerations for redteaming by attending “So You Want to Rob a Bank: a Step-by-step Instructional Guide”. Finally, see what you are capable of doing by climbing, jumping, squeezing and pulling in “The Human Body’s Promise: How Your Bare Hands can Defeat Physical Security”.
Aspiring redteamers who want to try their hand in a simulated environment can enter the village’s contest, which simulates a datacentre containing valuable and confidential information and multiple layers of security protecting it. Can you get in and out before security catches you? Can you do it without setting off any alarms? Can you avoid leaving damning forensic evidence behind after you? Pit yourself against the world’s best hackers to find out!
Finally, we’ll have all of the blue team’s tools for you to try as well - for every exploit you learn, we’ll show you the patch. We’ll also demonstrate integrated approaches to secure facilities by considering security as an interconnected system rather than a bunch of individual boxes to be checked. Finally, we’re happy to discuss at length how to apply this methodology to whatever specific facility or operation you have in mind - it is our job, after all!
We are currently preparing three village talks, which give an overview of the village content - both well suited to a 20-minute slot:
- “DIY B&E A-Z, OMG” - an introduction to the world of locking hardware and alarm bypass
- “So You Want to Rob a Bank: a Step-by-step Instructional Guide” - an introduction to the non-technical aspects of physical redteaming, such as reconnaissance, timing, social engineering.
- We are also submitting a main track talk, “The Human Body’s Promise: How Your Bare Hands can Defeat Physical Security”, which ties closely into this village’s mandate. If not accepted as a main track talk, we can run that as a village talk - either way, the two will be connected.
Comment