|
KozmoNaut posted:The ancient door locks in my apartment building are set to be replaced with a "cloud-based, intelligent system" This is A Thing around here, with more and more of my friends having those on their apartments. I occasionally think about getting a sniffer setup so I can gently caress with them
|
#
?
Nov 7, 2022 16:23
|
|
|
|
| # ? May 28, 2024 09:09 |
|
|
But we'll be able to pay to have compatible lock installed on our apartment doors, so we'll have one key for everything! Yeah no, I'll just stick with a good old lock cylinder and key that is under my and only my control, thank you very much.
|
|
#
?
Nov 7, 2022 17:21
|
|
|
My startup, 1Housekey
|
|
#
?
Nov 7, 2022 17:25
|
|
|
Cup Runneth Over posted:My startup, 1Housekey 2Locks1Housekey
|
|
#
?
Nov 7, 2022 17:28
|
|
|
I have seen too many lock picking videos. I trust the electronic locks as much as I trust the old locks (barely at all).
|
|
#
?
Nov 7, 2022 17:30
|
|
|
Sickening posted:I have seen too many lock picking videos. I trust the electronic locks as much as I trust the old locks (barely at all). Last I checked an automated lockpick is alot harder to make than an automated sniffer for that sort of thing.
|
|
#
?
Nov 7, 2022 17:35
|
|
|
RFC2324 posted:Last I checked an automated lockpick is alot harder to make than an automated sniffer for that sort of thing. Bump keys are pretty easy to make/use. Any kwikset (most common household lock) can be bumped in under a second
|
|
#
?
Nov 7, 2022 17:37
|
|
|
App13 posted:Bump keys are pretty easy to make/use. Any kwikset (most common household lock) can be bumped in under a second Well poo poo, I didn't know about those I also wanna say lockpicking is a rarer skillset, but I have to remember who I spend most of my time talking to
|
|
#
?
Nov 7, 2022 17:38
|
|
|
RFC2324 posted:Last I checked an automated lockpick is alot harder to make than an automated sniffer for that sort of thing. Lol no. I understand that this isn't as common knowledge even though its so widely available. Physical security is a very big topic, but its not worth the headache of worrying about this issue as long as you are doing some basic things. People will worry about reinforced doors and expensive locks while having a glass window 2 feet away.
|
|
#
?
Nov 7, 2022 17:49
|
|
|
RFC2324 posted:Well poo poo, I didn't know about those I’m a physical security nerd so I think I vastly overestimate the general public’s knowledge about this sort of thing, and probably even the typical infosec professionals baseline knowledge on this sort of thing. In my mind lockpicking is a fun hobby but has VERY little practical value in the field (but not 0). Usually there is just a better way to get through the door. Bumpkeys, under the door attacks, around the door attacks, etc. I could go on and on though
|
|
#
?
Nov 7, 2022 18:04
|
|
|
Sickening posted:Lol no. I understand that this isn't as common knowledge even though its so widely available. Yeah, having a window right next to the door is one of the more bafflingly common design decisions out there I knew one person who kept an umbrella stand full of weapons(assorted sticks and a baseball bat) in front of that window, and it feels like your paranoia has skipped a track at that point
|
|
#
?
Nov 7, 2022 18:05
|
|
|
Was on a physical pen test one time and the only door was solid core, all windows were impact resistant ballistic glass with fault detection, whole 9-yards. It was a “no holds barred” sort of engagement so I cut a hole through the drywall. If someone wants to get into a building they are going to do it.
|
|
#
?
Nov 7, 2022 18:25
|
|
|
App13 posted:Was on a physical pen test one time and the only door was solid core, all windows were impact resistant ballistic glass with fault detection, whole 9-yards. This is unironically the best way to breach assuming you don't mind damaging things. Doors are dangerous. Windows aren't much better. Also it's one of my favorite scenes in Burn Notice (S1E1).
|
|
#
?
Nov 7, 2022 18:31
|
|
|
My favorite on internal doors is just popping open a ceiling tile and climbing over the drywall.
|
|
#
?
Nov 7, 2022 18:34
|
|
|
I seem to recall someone doing that but with the raised floor?
|
|
#
?
Nov 7, 2022 18:39
|
|
|
Internet Explorer posted:My favorite on internal doors is just popping open a ceiling tile and climbing over the drywall. Been there, kinda! In the ceiling tile of one room and punching through the drywall from above to use a yard stick to open a handle on the other side. No visible damage that way (well, unless you're in the ceiling). Also got access to a network once because the network closet door had scrap cat6 cable stuck in it from years before when their contractor originally pulled cable for them (presumably to go in and out of the room without a key). No one ever bothered to check it apparently and I was able to just walk right in.
|
|
#
?
Nov 7, 2022 18:52
|
|
|
Internet Explorer posted:My favorite on internal doors is just popping open a ceiling tile and climbing over the drywall. Had to do this once at a remote site because staff didn't leave a key for the network closet. Stood on my boss' shoulders (there was no ladder), stuck my head and torso up through the drop ceiling, and opened the door using a patch cable tied into a tiny lasso so that it could reach and lift the door handle. It worked but was extremely stupid.
|
|
#
?
Nov 7, 2022 19:47
|
|
|
Punching holes in drywall is a fun way to get in. But I will say that lockpicking is a real common skill that can probably be easily learned if you want to. Consider how relatively easy it is to get someone to pick your own lock at 2am when you find out your keys are gone.
|
|
#
?
Nov 7, 2022 20:12
|
|
|
BonHair posted:Punching holes in drywall is a fun way to get in. But I will say that lockpicking is a real common skill that can probably be easily learned if you want to. Consider how relatively easy it is to get someone to pick your own lock at 2am when you find out your keys are gone. Consumer locks =/= enterprise locks. Anyone can pick a kwikset 991. I’ve only ever met one person who can pick an ASSA Twin, and it takes them like 5-10 minutes.
|
|
#
?
Nov 7, 2022 20:56
|
|
|
App13 posted:Was on a physical pen test one time and the only door was solid core, all windows were impact resistant ballistic glass with fault detection, whole 9-yards. I would love to hear that story and any others!
|
|
#
?
Nov 7, 2022 22:22
|
|
|
App13 posted:Consumer locks =/= enterprise locks. Never heard of ASSA, so I googled it. It's so secure, you can't even buy it. Found some shady ebay listings, one amazon product that's no longer available with one star rating since apparently it came without a key ... and that's about it. Maybe it's only for industrial use, where you buy directly from the manufacturer 1000 of them at a time.
|
|
#
?
Nov 8, 2022 00:00
|
|
|
You buy ASSA locks through a certified dealer, usually a locksmith or GC firm. That’s the lock you will commonly see in university or professional campus settings
|
|
#
?
Nov 8, 2022 00:17
|
|
|
Sirotan posted:Had to do this once at a remote site because staff didn't leave a key for the network closet. Stood on my boss' shoulders (there was no ladder), stuck my head and torso up through the drop ceiling, and opened the door using a patch cable tied into a tiny lasso so that it could reach and lift the door handle. It worked but was extremely stupid. This also wasn't a pen-test story, but back in the 90s, I worked for an ISP that had a small presence in New Orleans. I was there to do a build-out, and while I was there, our BSDi terminal server with a bank of US Robotics modems had a network card failure, and while I had access to the network room, I didn't have a key to the office space where there were a couple of PCs for desktops. At the time, we used Intel 3C509s (I don't for sure remember, but I think it was the TP variant and not the coax one) on all the PCs we built, so, all I had to do was cannibalize the network card from an unused desktop and put it into the terminal server. As it was around midnight, and I had been in the hotel bar having a few bloody Mary's with pickled green beans, we figured the best course of action was to have me climb up into the ceiling and go over the door to get the card from one of the desktops so we could get folks SLIP and PPP access back online as soon as possible. I got boosted up into the ceiling, and started to inch my way on top of the hung ceiling over the doorway, and as I got into the office space, I felt the ceiling structure start to buckle. I grabbed onto the I-beam hanging over the space, but my lower body dropped as the entire hung ceiling collapsed into the space below while I had a death grip on the I-beam. Eventually, I figured that the damage was done, and I had to just let go and drop down to do the work we had started. I shut down the desktop, removed the network card, unlocked the office door, went back to the equipment room, replaced the card in it, and got it back up and running. The collapsed ceiling would be tomorrow's problem. The next day, we came back to continue our work and saw that the hallways were sealed off with plastic sheeting and there were a bunch of workers in full hazmat suits. Apparently the place was full of asbestos, but I'm not sure they noticed the fingernail scrapes in the I-beams that knocked a lot of it loose.
|
|
#
?
Nov 8, 2022 06:26
|
|
|
Volguus posted:Never heard of ASSA, so I googled it. It's so secure, you can't even buy it. Found some shady ebay listings, one amazon product that's no longer available with one star rating since apparently it came without a key ... and that's about it. Maybe it's only for industrial use, where you buy directly from the manufacturer 1000 of them at a time. You might have better luck searching for the current corporate name "ASSA Abloy" https://www.assaabloy.com
|
|
#
?
Nov 8, 2022 09:23
|
|
|
If you're not into locksport but interested, there's a lot of good youtube content on it. I started watching BosnianBill a long time ago and his videos usually involved picking a complicated lock, disassembling it to show you the construction and all the different kinds of pins, and talking about and modifying lockpicking tools. He'd also pick or bypass easy locks like masterlocks now and then just to show how bad they are and why. He's retired from making videos due to getting busy in real life but he has a lot of good ones that tend to be longer: https://www.youtube.com/user/bosnianbill The Lockpicking Lawyer has much more direct and to the point videos generally defeating commonly available locks or showing bypasses or exploits that make things that should be secure not secure if you know how they work (he takes companies that make lovely gun safes and locks to town pretty often): https://www.youtube.com/c/lockpickinglawyer Deviant Ollam does a lot of pentesting stuff that includes locks and other bypasses, but I don't personally watch much of his content. He's got that early 90s 2600 energy: https://www.youtube.com/user/DeviantOllam/videos I think I first heard of Assa Abloy on Bosnianbill's channel and website where he recommended them as a top choice for a serious home lock if you wanted the best money could buy off the shelf. Anyway, BB's website seems to have become a repository of information since he stopped making videos so there's tutorials and resources. The front page also seems to have new videos from other creators featured on it. https://locklab.com/ In the US the laws for owning lockpicking tools varies by state, but only a few restrict them. I haven't seen this site before but it has a synopsis of legality on it (wouldn't hurt to double check if you're in one of the areas): https://www.art-of-lockpicking.com/is-lock-picking-illegal/ quote:United States Lock Picking Laws By State
|
|
#
?
Nov 8, 2022 10:33
|
|
|
App13 posted:Was on a physical pen test one time and the only door was solid core, all windows were impact resistant ballistic glass with fault detection, whole 9-yards. Our store locations are metal/big box type buildings. At 3am one morning, a thief removed enough of the screws on the metal panels on the outside to fold one up. Either he was just lucky, or had this spot picked in advance, but he just happened to do this in an area that didn't have internal walls built up in front of it. After moving the metal out of the way he tore through some plastic sheeting, pushed the insulation aside, and he was in. In the end all he did was steal a couple of hand tools and a single cheap Black and Decker drill. He had tripped the motion sensors soon as he slipped in. The police had spotted the hole when they did an initial search of the outside and they were waiting when he came back out.
|
|
#
?
Nov 8, 2022 15:18
|
|
|
I don't have many exciting stories, everyone wants fun incognito, in-person social engineering, but that's only made up like 5% of my actual assignments  . Here's one from this year though:I had an assignment to breach a corporate WiFi network on the fifth floor of an office building. I was able to fit my WiFi radio equipment inside of a handbag, and went to the fifth floor. Their suite itself was locked up, but the bathrooms in the hallway outside of the suite were not. I had already set up kismet and some other tooling to run automatically in my bag so I could enumerate what WiFi technology they were using. I left, look at my data, and was super thrilled because they were using PEAP-MSCHAPv2 for authentication to join the WiFi network. This is very insecure. It's very easy to pretend to be the real access points and pull down active directory usernames and password hashes directly over the air, especially if laptops are configured to connect to them automatically. Which they were. One other issue though, the customer also had a WIDS in play. But a WIDS can only defend if it's range of course. So I configured my rogue-credential-stealing AP, hid it back in the bag, and the next day I hung out in the building lobby in a sitting area (far outside the WIDS range!) and messed around on my phone for about an hour. The passing laptops saw my rogue AP and sent me credentials to connect to the "WiFi". I'm unsure if these people had hibernation mode disabled, or what configuration issue there was that the laptops were trying to connect to the WiFi while closed and in bags, but that's what they did. When I checked my equipment, I must have had at least a dozen usernames and password hashes (8 or so I was able to crack). Came back the next day, went to the 5th floor bathroom. Logged into the WiFi and then into one of the users O365 (the customer had MFA disabled if the user is coming from an internal network) e-mail and took a screenshot for the evidence. It was a fun job, and I knew I was going to succeed as soon as I saw PEAP-MSCHAPv2. Edit: They switched to certificate based authentication after this. FungiCap fucked around with this message at 17:53 on Nov 8, 2022 |
|
#
?
Nov 8, 2022 17:41
|
|
|
Lol, lmao even https://twitter.com/vxunderground/status/1589762598605828098?t=J5DnF9JpAZoOHkr-0-kWtQ&s=19
|
|
#
?
Nov 8, 2022 18:11
|
|
|
TheWorldsaStage posted:Lol, lmao even No, please do this. Its very entertaining. Just don't do it if you work with me
|
|
#
?
Nov 8, 2022 18:25
|
|
|
FungiCap posted:I don't have many exciting stories, everyone wants fun incognito, in-person social engineering, but that's only made up like 5% of my actual assignments This is the content I crave.
|
|
#
?
Nov 8, 2022 20:01
|
|
|
navyjack posted:This is the content I crave. Seconded.
|
|
#
?
Nov 8, 2022 20:05
|
|
|
motion passes. the thread demands content
|
|
#
?
Nov 8, 2022 21:24
|
|
|
RFC2324 posted:Last I checked an automated lockpick is alot harder to make than an automated sniffer for that sort of thing. A few years ago you could pick my inlaws' US front door in just a few seconds. Our (euro) home came standard with a moderately fancy cylinder, plenty of security features (pinned+dogged hinges, full coverage plate and solid core, offset threshold, etc) and key custody is tracked by a specialist third party. If you lose a common access key, you get to pay to replace all the affected cylinders. If you tried putting something like a kwikset on a euro door literally nobody would insure you. evil_bunnY fucked around with this message at 13:52 on Nov 9, 2022 |
|
#
?
Nov 9, 2022 13:42
|
|
|
KozmoNaut posted:The ancient door locks in my apartment building are set to be replaced with a "cloud-based, intelligent system"
|
|
#
?
Nov 9, 2022 13:50
|
|
|
evil_bunnY posted:Most of these IoT locks have absolute garbage physical overrides. And in general, most US (sub)urban homes have complete garbage physical security. (euro) (pinned+dogged) seeks specialist third party [quikset = hard no]
|
|
#
?
Nov 9, 2022 14:34
|
|
|
Is there a preferred 2FA app? I currently have all my poo poo on lastpass authenticator (lol) and I've been using authy for work stuff, but ideally i'd like something with folders and push notifs---does that exist? edit: while the thread was on the topic of physical pen, the technique in this video (ultimately an ad for a barely useful product) is wildly effective for how simple it is. At my job, a bird died on a patio behind a door with a missing key. All I needed was some pliers to give him a proper burial. https://www.youtube.com/watch?v=yBpTTZ9lXes Head Bee Guy fucked around with this message at 17:56 on Nov 9, 2022 |
|
#
?
Nov 9, 2022 17:51
|
|
|
https://twitter.com/CaseyNewton/status/1590724257608134657 
|
|
#
?
Nov 10, 2022 16:53
|
|
|
I could share more stories, but they're all just slice of life type stories, none of them particularly riveting. I did accomplish an assessment today in under 24 hrs by password spraying an ADFS portal page with $CompanyName$2022! against users I found on linkedin. I got one hit, MFA was enabled. I kept sending push MFA requests to them until they accepted out of frustration, which I heard was commonly successful but a bit surprised to see it myself in action. I added my own device as an MFA device to their account after logging in (thanks azure portal).
|
|
#
?
Nov 10, 2022 17:23
|
|
|
Outsourcing regulatory risk to individual employees seems like a good recipe for some very large fines (assuming the FTC isn't toothless). If they start asking their engineers to sign off on certification I hope those engineers get themselves some good insurance policies.
|
|
#
?
Nov 10, 2022 17:30
|
|
|
|
| # ? May 28, 2024 09:09 |
|
|
FungiCap posted:I could share more stories, but they're all just slice of life type stories, none of them particularly riveting. I guess this user didn't hear about how Uber got popped in the same way
|
|
#
?
Nov 10, 2022 17:43
|
|
