PicoBlog

Lockpicking and Lock Bypassing: Mastering lockpicking techniques allows you to manipulate various lock mechanisms and gain unauthorized access. Familiarize yourself with lock types, pin tumbler systems, and tools commonly used in lockpicking. Additionally, learn lock bypassing techniques, such as decoding combination locks or exploiting vulnerabilities in electronic lock systems. I will sometimes get a statement of, “But most buildings use ID Badges instead of locks these days, so why bother?” While this is true, all too often those RFID Access Control Systems will have a physical key backup, and once inside the building you will often encounter physical locks that need attacking such as server racks, lockers, desks, inner doors, key boxes, etc.

Master Keying and Keyed Alike Systems: Understanding master keying and keyed alike systems enables you to analyze and exploit the hierarchical structure of key systems. Explore the principles of keying, including how different levels of access are granted through master keys and sub-master keys. Make your life easier, if a system is master keyed … just go buy the key (if its available). Many things most people wouldn’t think would be keyed alike are, including things like police cars, elevators, electronic access control systems (telephony systems), lockers and cabinets, etc.

Key and Lock Impressioning: Develop the skill of key impressioning, which involves creating a functional key by making an impression of an existing lock. Mastering this technique allows you to gain access to restricted areas without raising suspicion. Sometimes locks are simply overly complicated or beyond your ability as a picker, but simply making an impression of the key is a quick and simple way to clone it. A devastating attack on physical locks is simply lock impressioning; this ability allows an attacker to use a key blank to figure out the bitting of the real key without ever having seen the key or destroying/taking apart the lock.

Door and Window Bypassing: Learn various door and window bypassing techniques, such as picking simple locks, bypassing latch mechanisms, or manipulating hinges to gain entry. Familiarize yourself with common vulnerabilities found in doors and windows to exploit them effectively. In Europe, the turn/tilt windows will become your friend.

Alarm System Identification and Bypassing: Acquire knowledge about alarm systems, their components, and how they are interconnected. Explore methods to identify and bypass alarm systems, including disabling sensors, neutralizing sound alarms, or exploiting vulnerabilities in the system. When it comes to black teaming, you will have to fight the machines (alarms); knowing what each alarm is, its weaknesses, and how to get around them is vital for not getting caught.

Access Control Systems: Develop a deep understanding of access control systems, including electronic keypads, card readers, biometric systems, and their associated vulnerabilities. Learn techniques to bypass or exploit these systems to gain unauthorized access. PACS systems are so common now it would not be a complete list without including this. Knowing how these systems work and how to bypass and abuse their vulnerabilities gives a black team member a great deal of ability to get in.

ID Badge Cloning and Attacks: Explore techniques for cloning ID badges, such as proximity cards or smart cards, to impersonate authorized personnel. Understand the technology behind ID badges and devise strategies to exploit vulnerabilities in card reader systems. Knowing which types of badges can be cloned and which cannot, how to do it, and how to do it quickly (without getting caught) is an incredibly important skill for a black team member.

PACS Reader Attacks: Become proficient in attacking Physical Access Control Systems (PACS), such as manipulating card readers, exploiting system vulnerabilities, or reverse engineering communication protocols. The ID card isn’t the only thing that can be attacked in regard to PACS, in fact most readers themselves are vulnerable to MiTM attacks (around 60-70%).

Social Engineering and Elicitation: Develop the art of social engineering to manipulate individuals and extract valuable information. Master the skill of elicitation, engaging in conversation techniques to gather sensitive details without arousing suspicion. When you aren’t fighting the machines, you’ll be fighting the people. Knowing how to pick the right target for SE, how to go about it, get information you need, and blend in, are must-have skills that need to be practiced regularly.

Black Team Planning and Operations: Learn how to plan and execute black team operations effectively. Develop strategies, coordinate team members, and ensure seamless execution of penetration tests. Mission planning is one of the most important parts of black teaming; unlike other forms of pentesting there isn’t really a “do over”, knowing how to plan things out correctly, having backup plans, etc. will save you the dreaded moment where a client finally agrees to pay you for a month of work and your team gets caught on day one.

Target Site Reconnaissance: Master the art of target site reconnaissance, gathering intelligence about the physical environment, security systems, and potential vulnerabilities of the target location. Understand the importance of reconnaissance in formulating effective penetration strategies. This can be everything from OSINT, drone footage, building layouts, who goes into the building, how the employees dress, time they arrive, how guards treat employees, etc.

Long Range Reconnaissance: Develop skills in long-range reconnaissance, using specialized equipment and techniques to gather information from a distance. This includes visual reconnaissance, photography, and video surveillance. Critical infrastructure is an obvious example here; these facilities are often in the middle of nowhere and can be tricky to get close to without getting spotted to get real useful intelligence. Know how to get that intelligence from a distance.

Embedded Reconnaissance: Learn to conduct embedded reconnaissance, blending into the target environment as a legitimate visitor, employee, or contractor. This allows you to gather information firsthand, assess security measures, and identify weaknesses. This also allows you to see inside the facility for things like alarms, guards, if tailgating is possible, routes into the building interior, etc. It also is an excellent time to prep certain attacks.

Bugging & Plantable Devices: Familiarize yourself with bugging and plantable devices, such as hidden cameras, audio recorders, or GPS trackers. Understand their usage, limitations, and potential legal implications. Most of the time you are not payed to just get into the building, the client wants you to actually do something. This will very often lead to bugging the buildings and key locations such as VIP offices, board rooms, server rooms, etc. Know how these bugs work, their capabilities and limitations, and for god sake always bring extra cables and batteries … I’ve had a few instances in my career of getting inside, passing all the guards, getting into the server room and a while planting a device, discovering I am one cable short or the batteries are dead on a device :(

Destructive Entry: Gain expertise in destructive entry techniques, which involve breaching physical barriers through methods like drilling, cutting, or breaking to gain access to secure areas. Understand the legal and ethical boundaries associated with destructive entry. Covert entry is the game, but sometimes a little desctrution is both allowed and appropriate. Learn how to destroy things without really destroying everything while doing it quietly.