This village explores all the ways you can hack physical security that don’t involve lockpicking. Try your hand at door hardware bypass techniques, disabling alarm systems and cameras, and applying a hacker mindset to secured physical spaces. Come learn advanced methods for physical red-teaming in today’s world - or just learn the ropes (and we mean that literally, too)! Just about every type of locking hardware has a bypass vulnerability, which we have here for you to learn and try out. If you want to up the stakes, try disabling alarms and security systems by attacking the sensors, controller, communication lines and everything in between.

We’ll run three village talks to teach the basics, and to cover exploits we can’t easily reproduce at DEFCON - come out to “DIY B&E A-Z, OMG” to do a whirlwind tour of the exploits available, and how to use them in context. Learn about alarm and response timing, avoiding and interacting with security, and other practical considerations for redteaming by attending “So You Want to Rob a Bank: a Step-by-step Instructional Guide”. Finally, see what you are capable of doing by climbing, jumping, squeezing and pulling in “The Human Body’s Promise: How Your Bare Hands can Defeat Physical Security”.

Aspiring redteamers who want to try their hand in a simulated environment can enter the village’s contest, which simulates a datacentre containing valuable and confidential information and multiple layers of security protecting it. Can you get in and out before security catches you? Can you do it without setting off any alarms? Can you avoid leaving damning forensic evidence behind after you? Pit yourself against the world’s best hackers to find out!

Finally, we’ll have all of the blue team’s tools for you to try as well - for every exploit you learn, we’ll show you the patch. We’ll also demonstrate integrated approaches to secure facilities by considering security as an interconnected system rather than a bunch of individual boxes to be checked. Finally, we’re happy to discuss at length how to apply this methodology to whatever specific facility or operation you have in mind - it is our job, after all!

---

We are currently preparing three village talks, which give an overview of the village content - both well suited to a 20-minute slot:

1. “DIY B&E A-Z, OMG” - an introduction to the world of locking hardware and alarm bypass
2. “So You Want to Rob a Bank: a Step-by-step Instructional Guide” - an introduction to the non-technical aspects of physical redteaming, such as reconnaissance, timing, social engineering.
3. We are also submitting a main track talk, “The Human Body’s Promise: How Your Bare Hands can Defeat Physical Security”, which ties closely into this village’s mandate. If not accepted as a main track talk, we can run that as a village talk - either way, the two will be connected.

We’ll also have a contest running with the village, which presents a set of increasingly challenging timed bypasses and exploits, simulating a typical datacentre security system (with some extras added in for fun). We’ll use a virtual system to have participants “move around” the facility, like a choose your own adventure book - but to move from place to place, contestants will need to crack physical barriers such as cracking the combination on a key lock box, turning a deadbolt on the other side of a door, setting off a request-to-exit sensor, operating an elevator in special operating modes (we’ll only have the control panel there, don’t worry!), tricking alarm sensors, cutting camera wires, and much more. As soon as the first alarm is tripped, a timer starts - if it runs out contestants who wish to keep going have the added challenge of getting out of handcuffs. Based on total time, efficiency of route taken, and proficiency of various skills along the way, contestants are ranked, and at the end, one will be crowned victorious.