Professional Documents
Culture Documents
● Locks
● Lockpicking
● Lockpicking mitigations / defenses
1. This lecture is part of the Offensive Computer Security 2.0 course. You must
watch lecture #1 for discussion on ethics if you are new.
2. The primary difference between legal hacking and illegal hacking is:
○ PERMISSION
i. If you do not have permission to do whatever you have in mind to the target, it is likely
illegal. Therefore you SHOULD NOT do it whatsoever.
1. This applies for both cyber techniques, as well as social and physical techniques.
3. The topics and techniques discussed in this lecture are for professional
penetration testing, and personal / organizational security.
○ Vast majority of cyber attacks involve social engineering components
i. It is imperative that we discuss how to prevent being a victim.
PART I:
Social Engineering
W. Owen Redwood, Ph.D.
Offensive Computer Security 2.0
http://hackallthethings.com/
Social Engineering
Social Engineering:
● Any act where you try to manipulate a person to accomplish a goal, and that
goal may or may not be in the target's interests
○ Various types:
■ Phishing email
■ Phone calls
■ In-person social engineering
○ often goes hand-in-hand with OSINT reconnaissance
Reconnaissance
Reconnaissance:
Recon
Post Exploitation
Scanning / vulnerability
(cover tracks &/or pivot)
assessment
Observables:
● Direct Observations
● Indirect Observations
● Inferential Observations
Variables:
● Knowns
● Known unknowns
● Unknown Unknowns
What matters:
● Actionable intelligence
Evolutionary Triggers
Evolutionary Triggers
● Mimicry
○ Batesian mimicry
■ prey vs predator
○ Müllerian mimicry
■ poisonous prey vs predator
○ Aggressive
■ predator vs predator
● Sabretooth Blenny
○ Aggressive Mimicry
■ Sabretooth Blenny learned the Quiescence dance
● Feeds off grouper
Evolutionary Trigger Exploitation: Mimicry
1. Reciprocity
2. Consistency
3. Social Proof
4. Liking
5. Authority
6. Scarcity
It is really hard!
● Raise awareness of these principles
● Practice by resisting advertisements
○ Try to identify the exact quirks an ad is targeting
● Practice by manipulating your friends
Recap
Recommended Reading:
Robert Cialdini's book, Influence: The Psychology of Persuasion
Scott Adams Persuasion reading list:
http://blog.dilbert.com/post/129784168866/the-persuasion-reading-list
Many of these fantastic diagrams / animations are from The Open Organization Of
Lockpickers (check them out!):
● http://toool.us/
Bolt + Lock (respectively)
How locks work
http://i.imgur.com/ETTfE.gif
The
Shell
The
Plug
Key hole
How locks work
● it will "BIND"
How locks work
Lock terminology
Note:
Drivers are usually also just called
Pins
The
Plug
How Lockpicking Works
http://toool.us/deviant/02-picking/2.09-picking_by_individual_lifting.gif
Why does lockpicking work?
b
Intro to lockpicking
http://toool.us/deviant/02-picking/2.09-picking_by_individual_lifting.gif
Lockpicking
Spool pins/driver
Spool pins/driver
Takes finesse
Lockpicking mitigations
Mushroom pin
Lockpicking mitigations
Hybrid pin
Multidimensional Plug/Cylinder + Security pins
Other types of locks
Wafer Locks
● Spy
○ Place keyloggers and other devices
● Sabotage
○ Destroy, Damage, or Degrade
● Steal (papers, hard drives, laptops, phones)
Related talk:
Steal Everything, Kill Everyone, Cause Total Financial Ruin:
https://www.youtube.com/watch?v=JsVtHqICeKE
Below the Operating System
http://www.youtube.com/watch?feature=player_embedded&v=Tbh1qrchyUo
http://www.pjrc.com/teensy/
Commercial Hardware attacks ($30-100)
As you can see, there are a lot of tools readily available for anyone who wants to
buy one. Anyone can present a threat with physical access to your machine.
Hacking over Powerlines
If IPMI can be abused, and the datacenter has Power Over Ethernet (POE) + Wake
On Lan enabled in unprovisioned server bioses, an attacker may leverage IPMI to
wake the entire unprovisioned farm into a PXE boot for a full botnet takeover of
the unprovisioned segment of the affected datacenter.
Hacking Buildings
https://wiki.wireshark.org/Proto
cols/bacnet
RedPoint (by DigitalBond)
● https://github.com/digitalbond/Redpoint
BacNET Resources