GF - Tactics of a Trash Panda

okay so I do have a PDF you can download here of the slides minus the videos if you would like to go and follow along or have notes and links for later so this is just something you can get I'll give you about 15 seconds uh you know and then we'll go ahead and just start on with the slides uh but yeah thank you everybody for coming to tactics of the trash Panda uh the real TTP acronym the only TTP acronym all other acronyms are garbage compared to this one uh I still see phones out so I'm going to wait a little bit

cool let's get started so uh just a quick who am I I am an infos doer I'm a senior consultant at darkwolf Solutions I'm a 3D printer Enthusiast I've been hacking and doing crazy things uh but getting paid for it for the past six years I've been trained in multiple disciplines such as net pen appsx physical uh vulnerability research I'm a proud member of DC3 six occasionally dropped by Aha and set K C I do have a disclaimer here so the following presentation will deal with security and adjacent topics consequentially some of the content may be of adult nature this content is handled in a professional manner by me and I hope you can handle it with

respect as an audience so if you do have any any qualms against this uh please feel free to leave the room now if not you know whatever um additionally content is provided for educational use only I take no responsibility for any actions taken by the audience as a result of this let's behave ourselves and have a little of fun so let's talk about like modern physical entry and red teaming uh you have this problem of Mo tradecraft Mo Problems as you get into specialized tooling markets you start having the need to fill those markets and needing to improve on that and that either costs money or development or reduces the ambiguity you can use on

site with certain pretext these tools become less of uh tools you can mend to your pretext and more just right Team Tools right some other problems is your geographic location where you're performing these tests May restrict you from utilizing certain tools we know Canada has some stuff going on proposed for a bunch of SDR stuff lockpicks are illegal in certain countries and uh per state there are different lockpicking laws I'm not an expert on the lockpicking laws you can talk to the people at the lockpicking village for that but let's get down to some proposed Solutions uh you have Batman over here which looks weird in some movies he has like money or something and he just

breaks into places that he could just buy easily right um but on the other hand you have a raccoon they look awesome they eat trash and they break into anywhere without spending a dime so how do we mimic this Behavior how do we become more resourceful today I'm going to be telling you about how to do this and I'm going to be walking through how to present yourself and advice for packing my own kit commercial trade craft and tooling primer attempting to replicate these with our own variants and some video demos and then I can show you how to practice on your own and uh kind of leave away so just a quick thing about physical evaluations they're a

great way to show the internal network isn't too hard to reach there's a lot of prep work before even scoping the place out in person and all your legality and paperwork is a pain normally you go to a consultancy that has this figured out if you're trying to get into the field and do this testing instead of going freelance um and you can't always use repeat pretext for scenarios there's always something unique about a test um so preparation mainly entails a lots of preparation uh of objectives your connections your out of office your trash schedules your Tex Stacks your fire code your disability measures applied to the building and whatnot uh your surveillance schedules your antics

Behavior conly planning um having good luck and a lot of reading so some of this reading might be your normal fire code so NFP 80 is like an RFC but for doors and buildings kind of um there's also the ADA compliance standards and these are for uh in the US they're kind of like rfc's but for doors and buildings and a lot of modern tooling that is considered red team tooling is based on the foundations of these documents um so let's talk about getting into pre X packing an improv class goes a long way before you go out and register for some Advanced red team training or something like that you might just try your local theater and

just get the basics down in one discipline first um I have used multiple pretexts some of the more common ones are here these are by no means comprehensive I've used the authoritative pretext of oh I work for a help desk or I'm an IT person or I'm some sea level that hates people I don't know um or you can have mutual bonding lighting somebody's cigarette you can hold the door open or be courteous and kind right or you can be a Meek Inquisitor if you're trying to gain information you can go around and ask and say oh I'm new here and whatnot and weave your shenanigans through that way uh but play to your strengths right

these pretexts it's never oh I was born this way so I I have infinite pretext or something like this um it's always whatever you find is good about yourself and you can strengthen that and use that to your advantage and pretext uh game is game if you get into the building like that's it right like cool so a little more about packing um prepare for multiple pretexts to be used don't just have like one outfit right um have the ability to maybe even swap on site once you're outside of the hotel room and on the client site being able to change um there's lots of Treasure tros of information online from employees and um charity events and

whatnot that you can scrape that information from uh don't impersonate in ways that will make you catch a case please do be legal with this um talk to your lawyers if you have questions on this I'm not a lawyer have clothing for your archetypes and covers right if you have say a construction worker vest don't bring that [ __ ] in clean you're going to walk into a place with a a nice shiny hard hat and a clean construction worker vest and oh wow yeah I've been here for three years working hard days work and no get out of here like um how I phrase these types of pretext and planning I do say an improv class goes a

long way but there's kind of a framework I have where I use props to perform my skit with punch lines as the anchors so for instance you can have a clipboard with with an RFID reader inside and you can have a coffee and a handkerchief and these can be your props right and you can say oh I want to get a clone of somebody's badge so I have to get really close to them right and let's say some scenario plays out where you're outside the building and oh gosh hey could you hold this for me really quick I I got this coffee all over my shoes I spilled it all I'm just cleaning up here hold

this clipboard with the RFID reader next to your chest right um things of that nature and always you know work with the flexibilities you have normally you don't have to worry about your hotel rooms being searched but um obviously with some recent happenings at resorts in the area that might be uh I need to update that slide uh talking about practicality packing uh bring just enough tooling so different goals will have different loadouts you want to have raw material for lots of use cases and maximum flexibility such as wires strings and pins you want to plan for failure so if you're caught with a certain tool out how do you talk yourself out of that situation right we

don't want to have to just pull out our letter of authorization immediately and that's it that's the test right we want to kind of try to fall gracefully as we do this um practice quick deployment so as you work with your tools and specialize equipment you want to practice pulling that out putting it away very quickly so you can increase your speedrun strp for this to say and then also check what's legal allowed on your person in case of EX event for instance in the state of Kansas you may require be required to give fingerprints if a cop catches you and you have picks on your person and you're doing some type of burglar activities right so

here's my kit and the approximate usage for it so you can see here there are a lot of familiar tools and I'll start moving over here um my most used one by far has to be these plastic shims and this like local supermarket Market Shoppers card um but I have gear ties flashlights some bump Keys a little lever like a wedge thing um some shims for loing our our punch bar our um Traveler Hook some bobby pins my under the door tool and we'll get to the mods and and some of those here in a second and extra Kevlar rope and yeah just all the goodies there that aren't electronic and here's some other stuff

so there's my mod under the door tool based on DAV and Noto civil engineers modifications that they committed to their under the door tools using Kevlar rope there's also the humble firefighters mini J Tool which is great I think it's a awesome replacement for a double door Tool uh that you can find online and this is just made out of some cheap titanium rods you can get off of Amazon so what I don't you here is of course all the cables for the gadgets and gizmos but uh here's all your electronic stuff um I've lost numerous Leatherman multi-tools just because I forgot them in my carryon and TSA had to confiscate them rip right uh but yeah

for the rest of this talk we'll cover the physical entry implants and devices and your wireless evaluations so talking about your under the door tool options U NATO civil engineer has amazing guides comprehensive guides on your under the door tool modifications you can make for different out uh outlooks and different scenarios so you have your standard under the door tool from uh sparrow and other vendors will do this you can buy that for about $40 and that's qu inch to 38 in uh high carbon steel and it's foldable it lasts pretty long uh as long as you take care of it if you're in a pin you can buy zinc rods from Menards and these rods do not retain the shape

well so prepare to use these for like maybe one or two uses and then throw them out uh other metals try it and share uh titanium could be a proposed solution but it's really expensive u in that size so I wouldn't recommend it as a budget option so getting into your budget and low profile options you do have some Noto civil engineer recommendations of the copper tubing at quarter inch with framing wire and you can make three of these for about $30 in my local market in the midwest um these you cannot easily substitute Kevlar cord for as you could the normal under the door tool and we'll see you I here in a second um your taked down under the door

tools which is the ones that bolt together they add a little bit more thickness to it and they can be harder to fit under certain scenarios so I don't really go with that you can compensate by carrying an air wedge with you and rely on that more but it's not an option I really use in the field so looking at the the mods here's a close-up so i' I've dug this groove similar to what's recommended off YouTube right with a Dremel and I just put my kevlar cord here and I'm able to use this on crash bars and whatnot cuz this hooks into the door and I'm able to use the cord to push that uh for the

crash bars um and actuate that right and I have some uh tape up here so that it's increased friction now this is the one you can't substitute Kevlar cord for so the reason you can't do this is because this dog catcher design and this is meant to be for doors with little levers so you can slide this under the door and this is where the door is sitting and you can actuate the Handle by grabbing it kind of like animal control does for dogs right and you just pull this little cable right here and Kevlar doesn't really work for that um talking about shims um so some people buy the supermarket shims from Red Team

tools and other vendors these are kind of expensive you can buy them in bulk they're just called myar stencil sheets and we'll get to the measurements that I recommend here in a second but yeah the bulk is a much better value and you can cut them however you want you get much longer material so you can be more flexible with it um Dylan's card or Supermarket card this one just happens to be a good combination of thinness and rigidity and it's free it saves you money in the long term and like what accusations are going to follow you if you get found with a Dylan's card right like oh I want to save money on gas oh

oh no like kill me right um You can use laminated paper uh I've had buddies who have used this but it does take work and this probably means that you've lost your other tooling and you're really in a pinch so yeah uh just explore your options there so for shims I recommend 14 to 16 mil thickness for the best results your 10 mil thickness is tolerable uh but cutting these you're going to have different notches for different types of locks should you ever run into say this lock you're going to cut a notch like this and be able to close the door on it so that you push on one of these arms and then you'll be able to

actuate it open as you're closing that door back um assuming you've got the other locks handled on the door this is the normal hook that you do for your normal bezel out uh style doors so you can Loy those latches properly and you can just open that door like it's nothing I did run into a couple scenarios where doors had improper latch mechanisms and Deadlock mechanisms that uh They just added one of these after we exploited it and I was like wow does that help because I was actually curious you know I wasn't being sarcastic at the time it does not help all you have to do is just have a long piece of material

that will go through the top or the bottom of this and you can just fold that up and put it in your wallet so that's hence by the myar stencil sheets so you can fold those up and deploy these long mechanisms out

got a little video demo for loing here and this is all it is um you know loing has been talked about heavily on the internet internet I'm not going to reiterate it to you but this is basically the gist of

it that deadlock plunger isn't properly actuated so we're able to just push that in and open the door no problem so talking about strings and cordage we noticed in the under the door tools I had some steel examp examples and Kevlar examples uh the steel cable is coated and shielded you have to inspect this prior to every use otherwise you will really mess up your client's doors and that's not a very good look when they're ping you to do this work um we want to be respectful with our entry your rigidity increases the space taken by storing it and folding it up so it's it's harder to pack at times and it's difficult to cut without your beef your

tools depending on the cable thickness you get your Kevlar rope is great it's more forgiving and it's easier to cut the only problem is not like nylon rope with burning it to seal the end off you have to use some type of resin or epoxy so it doesn't Fray on you U but this is great you can get 1.1 diameter U thickness and it holds about 200 PBS of force on that rope so very tough stuff seamstress tape has been used before on the internet a lot uh you can use this as an under the door tool but it goes over the door technically and it actuates the lever from the top side and you just slip that around same with 35mm

film rolls that we've seen before on the internet and that stuff I didn't demo cuz it's been done so many times it's not like an original idea I mean none of this really is original ideas all right um I recommend gear ties as well a buddy of mine recommended gear ties to hold your gear and fold your under the door tools and hold things together and they're amazing and I have about like two on me almost all the time so talking about wire I bring electrical wire Dupont connectors uh just for some programming over cereal for certain devices and implants and then I have alligator crimps just in case you do need it to tap into things uh physical

tooling I have 2mm thick wire uh pliable and capable of holding its own weight so you can get this from barb wire or real estate signs estate sale signs and fencing wire this won't Harden very well so if you want to use this for more rigid purposes not going to go well talking about pcks so your lockpicks are not always accessible in lockpick form right they come in many shapes and sizes and you want spring steel and high quality ones normally but we don't have that blessing here in this scenario we are raccoon so we are using bobby pins and windshield wipers which has been done all over the Internet online so here's how I do it with bobby pins you

get your normal bobby pins you cut the ends off right the little bulbs I recommend filing down the edges because you will cut yourself otherwise I've done it multiple times and then you can use it as a lockpick right um otherwise if you're going to go to a riy after a rainy day you can pick up all these beautiful uh windshield wiper internals and turn these into your lockpicks and all you have to do with these These are steel or some type of Steel metal um so you can just heat these bend them quench them in water or used motor oil and they should be good to go and that's a tension wrench and this one I just filed

with ad Dremel as you can see it's very crude but they work right you can use bra wire as well this stuff is pretty good um if this is something that you can carry on your person or works with your pretex that's awesome use it it's good stuff just make sure to cut the ends off and pry all the weird silicon stuff rubbings from it um talking about keys so a one-time investment in known keys or cabinet Keys you can be the key duplicator for your entire Community you can buy one of these key duplicating machines buy one of those rings off eBay that's you know $70 and just start printing out keys that are the same as these these are

very easy to pick up and and use you know you can learn it in about five minutes right um and keychain of D the Oak City Lockport uh they have their their pre-made keys that you can find online right so uh here's an example ch751 and then bump Keys bump keys are this is a known thing uh are used to have bump attacks on locks and be able to break easy locks open right uh just by actuating as many pins as we can at the same time and trying to get that these bump Keys normally are paired with these goat banding kits for faster reverberations towards the back um and yeah these are very cheap and they're

used for goat banding and you can use them for these bump Keys it's amazing so here's an example of that and we'll get to kind of the science of of the bump hammers here in a sec so as you can see here here's the normal key nobody steal that bidding that's my house game um and then we have our bump key with our heavily used goat banding kit and by heavily used I mean on the bump key not goats I not going to reuse it that way that's not sanitary so as you can see here we're just fitting it inspecting it before use because these can break very easily and we're just going to take a

solid Hammer object or something and just bump the back of it while we're we're holding slight tension on that in the direction the key is supposed to go so as you can see it's not open there we'll use a screwdriver I'm just going to tap it a few times and it opens and there you it turns right oh bumpy crazy stuff right it's not not too crazy right oh slideshow come back um alternatively there's an energy transfer that you can mess with if you have materials that are stiffer they will make more sound on the bump Hammer as opposed to materials that are more gelatinous um so as you can see here I have an ASAP printed phallic

device and this is something that you can use to bump the the key uh very easily and even faster than the screwdriver really um it was like midnight when I printed this and I was hot off the press and I was like I hope this works just go come on and yeah it just opens right up um so that's one example if you go on the other end in the Spectrum with something more gelatinous more like a silicone um what you'll get is you'll get worse energy transfers so less reliability but you'll get a a uh much more stealthy approach that won't make as much noise um for size recommendations if you're going the silicone route I do recommend about six

to seven Ines um you know that was a 91 that was way too much it's unreliable uh but yeah like The Sweet Spot about six six to eight you know something like that so now the question is like why would you do this like what what's what's the point of this besides it's funny right like it is funny um having a flamboyant uh device when you're doing these types of things can create a guise normally when you're talking to guards or looking at how they're trained they're trained to solve escalations in terms of encounters but they're not trained to you know come around a building and they see a person knocking on the door um

normally if you turn around with a bump Hammer that looks like this uh you know you might eat lead because this is very threatening in the middle of the night and oh that's a bump Hammer there's no way you're going to talk yourself out of that uh but if you're coming around and you know you're you're you're bumping a door open security your gu guard shines a light on you and you're like oh I'm sorry my boyfriend and I have seven years he works here and we broke up and I'm just going through it they're not going to know how to respond sometimes it's it's something that allows you you're already caught you're already to the point of almost

failing you can gracefully fall and have a non z% chance of getting away with it and the story this scenario is based off of the Guard simply walked away and just left they didn't report any of this they didn't call extra authorities none of that they they just left that that's just how it went down um because some people aren't training to handle that so again um people have used vibrators and pumpkin Carvers for lockpicking guns I think this is like too much of a power requirement and it's too noisy right for the meme it's cool right but uh usefulness is not as useful in my opinion uh but yeah the more flly boyant the

better so let's talk about keys and replication of keys uh this slide I actually made the day the replicant was dropped on Covert Insurance website and uh what had happened was they were like oh $90 for this kit and we look at what the kit is and cool it's all put together and what not I can order it very quickly but 20 o molting clay all this metal ingots okay A a crack spoon um and then some other stuff right however this wonderful individual on the internet made a 3D printed model of a similar device so all you have to do is have a buddy with a printer or print something on your your your own and use this device and you're

able to replicate keys and let's look into uh the process of getting that I recommend sculpy 3 polymer clay other sculp have kind of been an issue but essentially you just want to pack this um with the clay and make sure it's rolled flat right and then what you want to do is you want to put some type of baking powder on this some type of thing to release that uh releasing agent is what it's called some people use like uh baby powder I use baking powder because is what I had on hand and then you put your key let's say you obtained the key and you need to mold it now so okay I

got the key give me like 10 seconds okay put it in take it out and you carve this little this little hole so air can escape when you're casting this key and then once you've done that the process looks kind of like this A blank YouTube video um

I see people doing this all the time you know it's like a common thing uh so yeah they're big in security everybody's big in security but yeah as you can see here I'm using very primtive tools just a small big lighter from a gas station and a spoon and then I've got the uh this was actually not Woods metal it was s safe which is uh slightly different but still primarily or like a third lead so be careful with these you should use gloves and like properly ventilate and all that I say as my hands are bare in this uh but as you can see there we have the cast and the the cast is held

together by none other than a gear tie yeah and we get this melted once it's mostly in liquid form we just go ahead and pour that and it fills the cast and actually this take of the video I actually messed it up so it didn't go in very much and it broke but after numerous tries after numerous tries um we got it so I essentially went from zero to key casting in less than an hour plus like a 3 minute video that I watched uh it was not very difficult to pick up like practice makes decent on this right so as you can see here we've got the quote unquote finished key replica and then we've got the normal key and

there's some defects with the key replica as you can see here but with wiggling it I was able to overcome this so it wasn't too bad uh mostly functional right like if I put it in it doesn't turn immediately but I just rock it back to fill up for that Gap and then should open right up and there you have your key right these keys are really very delicate remember this is about 33% uh lead so let's talk about Crash bar hooks uh The Sparrows one is bulky and rubber has to be trimmed on it um you can make your own and I recommend using titanium bars or steel bars you can get these online realtor signs have wire frame

that can be used but they can't be hardened very well so try to avoid this unless it's your last itch effort and you can try to double up on the real estate sign and make kind of two wires go along but it doesn't really work too well here's a hanger that I had in my room and it was all metal thankfully so we looked out on that speedrun Tech and that's the first two steps I reinforced it with some Kevlar cord and the rest of the hanger and then some gaffer tape and this supports about 5 lbs of force on that uh hook Point whereas The Sparrows one is about 20 before it starts really

bending so it's give and take right looking at this double door J Tool The Hum humble firefighter has the instructions on how to make these properly uh but as you can see here here are the specifications uh this would go and terms of your doors it would go kind of through here and actuate the door from the the U outside right I think 3mm titanium is great shout out Rob Moore for that he recommended titanium over steel um if you will heat this you want to heat it red you want to bend it and then you want to air cool it and or sand quench it and not do the whole U water quenching oil quenching with steel you

want to do the quenching and water used motor oil um with titanium there is a spring back effect so when you bend it it's going to spring back normally so if you're going for a 90° angle you want to go a little bit more in terms of the bend right and you'll see the manufacturing here in a second and I think audio hopefully is pass through I don't know where I'm hearing the audio from but I can just hear it Fly oh yeah but as you can see here this is the titanium uh 3mm bars and we just heat these up I am not wearing gloves or ventilation equipment or shoes proper shoes don't replicate this uh that's is

yeah so you heat her headed you bend it and once it's bent you you kind of let it sit there or you do your sand quenching right don't use wet sand um and the sand quench technique that was actually um I found that on a a fishing forum where people were talking about uh titanium wire and whatnot so let's talk about forensics tools finding your keypad touches uh you can have dust reacting to ultraviolet light and this is suspicious procuring and traveling with it's kind of like how do you how do you sell this off if TSA is going to look at you weird how do you get it past them and it doesn't even get you high

like you paid $13 and like that's the only use it has is finding fingerprints uh versus sucus based powder which honey dust pleasure driven retailers have this all the time uh it sticks to oils very easily it's available at your pleasure driven retailers and it's cornstarch baking powder powdered sugar types of Alternatives the thing is honey dust has such a small granule size it's amazing for fingerprints I have tried baking powder in the past I had tried powdered sugar in the past nothing comes close to Honey dust and and its ability to uh stick to anything because it's so small in terms of that particle size and you can see here there are a couple techniques that that we have but

a clean is keypad and we can see there are like no super visible fingerprints whatnot and I'm going to go ahead and just use it like a normal person would right I'm oh I'm an authorized Personnel typing in the code I know oh gosh and as you can see there there's already residual ridges um from your fingers and you can see that in the glimp or that or that light

reflects and if we want to abuse that we can just throw this powder at it this honey dust powder with the feather applicator that comes with the device and it stands out like crazy good right like you can see that a lot better and you want to wipe the surface a little bit you don't want to be too um tough on it right because you'll lose the fingerprints eventually um but with the feather dust it's amazing I've actually flown with a jar of this honey dust and that feather applicator in my carry-on to numerous States and have gotten no looks from TSA I try to make eye contact anytime they're inspecting my bag I will bait them and I will look

at them they're cowards they don't look at me I'll carry two of those those bump hammers in my bag and the powder they do not turn there was one guy who was a TSA agent who just looked around frantically I was like no I'm right here you know where I am look at me look at me um here's a te technique using a highlighter a yellow highlighter um and a ultraviolet light or a black light and as you can see here I'm just drawing little x's on it little formation shapes um these are supposed to be interrupted by the fingerprints whenever people touch them so this is kind of pre-rig whereas the honey dust is investigating

who touched what buttons on there this is saying oh my Target's going to come through this door and touch these buttons let me go ahead and Prime this for use right so we've made the X's

and as you can see here we've got the x's and they stand out pretty well and we're going to go ahead and you know be our Target and we we type these things

in and you can see The Ridges just interrupt the portions of the X's um I have been told uh by co-workers that to use a non- smudge or don't go for the non smudge highlighters that are yellow I tried other colors but yellow highlighters just the best the others just don't work as well I'm talking about door alarm bypasses so K&J magnetics shout out to them they're cool they have strong magnets your neodium magnets the reason the this is important is because when you're trying to get magnets through crevices and through small areas you want the neodon ones because they are stronger uh there are normal magnetic paper sheets you can use but they were just never strong enough

uh to actuate what I needed them to in this device um you can also use the polarity detecting papers if you can't get one of these dipole magnet detectors um around that area so this is this is a lab environment obviously so it's like best case scenario kind of proof of concept as you can see this is a huge magnet so the process is essentially slip magnet between other magnets that's it and then once you've done that uh you can't really hear the alarm go off because of the sound set up here here but um it doesn't go off and it's it's silent and oh cool you you can do whatever you want now go pen test all

the things right and that's one technique you can do so talking about hid so this is a subject I'm not as strong as uh but there are a lot of cool devices on the market nowadays uh but starting out I like to use the Arduino uh Shields that came there's the low frequency and the high frequency ones you can buy and there's a lot of cool get projects that do like my fair 1K classic uh cracks and whatnot you can uh Brute Force those keys or you know do a dictionary attack against known keys and this is heavily talked about think there's a chameleon Pro which is cool flipper zeros and some other devices coming out um Great Scott

has an awesome video on trying to extend the RFID range um for some of these readers and going over the math and all the cool electrial engineering stuff I'm too dumb to understand and basically just takes these eBay ones and is able to extend that range a little more by adding some Capac here um changing the circuit right um if you do buy these large coils that are meant for longer range reading you do have to have pre-made Keys normally for them um as you can see that's like a low frequency one but you would have to set it up properly so it negotiates with the car um the uh handshake so talking about disguises uh Goodwill is drip Goodwill

is awesome uh not as a company but like what you can buy there some swag can be ordered so your Walmart vest you might see these go on sale on eBay before Black Friday I'm not going to go into that uh what I use recently is uh zinc printer it's a type of paper where you'll see people have this Polaroid type setup it's a small battery power device that fits in your hand and you're able to use these pre-formatted sheets of paper to print pictures and so here's the printer and I say oh okay you know like let me open like Snapchat editor or something and make my fake uh little little picture and this is the one I

made for another presentation at a community college and as you can see here this just prints out in a matter of minutes and you can just put it on any card now upon really close inspection you can notice oh it's not the exact same size as the card but you can fill it in by printing a blank sheet of paper and filling it in ETC changing things if you do have these disguises where you have lanyard and whatnot and your pretext says oh I've been here a while then run those into the ground don't make them look new right you don't want to look like you just got back from the Kinkos right um so yeah wear them down

Sharpie is good as well talking about implants your usb hid implants uh rubber duckies are cool but like have you ever felt bad for leaving one at a site like a $50 dongle or $75 dongle you're going to lose that because your Powershell payload had to run really these are $1 uh if all you need is hid emulation uh then you can just run these and then leave them oh okay cool I don't care I left that at our customer site they can burn that they can do whatever they want it was only a dollar there is previous research on the weed Suite the weed Elite Suite U I suggest you go check that out but if you use a Raspberry Pi

0w you can have the pon pie aloa kit which uh back in the day used to be a really cool kit that had like air gap bypasses and all this hid mass storage emulation and could do whole bunch of cool stuff um when you do that wiring I wire it up so that these uh four connectors are all on the same USB port and it's actually at a right angle some people buy the adapter so it's your pi and then the weird USB port and it's a really long thing but for a certain use case I bent it 90° and needed it so I could go up to a help desk talk to the help desk person they're using an all-in

one I'm talking to them their all-in one is right here I plug it in and it fits nicely because of that 90° angle um and then I leave and give my sha Etc you can also use Logitech dongles these are about $77 each and if you set these up you can use a GitHub project to uh go ahead and just set up communications for keystroke injection for these hid implants talking about your network monitoring Network Taps Raspberry Pi is got expensive right um so using passive monitoring I like the orange pie series as long as they support armbian so you're not downloading some weird image off of GitHub um you want to spoof Mac usually as printers or or uh yeah Mac

devices or voes uh those are great devices to spoof now do be warned if you run into network access controls Etc or you you have some type of authentication you might have to change this it's not context aware right but you can add buttons as well so for GPI pins you can add buttons that say okay start monitoring start capturing packets okay now xill out okay now do this um so they're great little platforms and they're half the price of raspberry pies most of the time and you know you have some like here's some just lazy xfill methods right you can DNS tunnel you can use like enro cloudflare whatever to prove the point right um You can

purchase your LTE hats to do out of band stuff whatever your powerless Taps are error prone so if you do a passive tap right that is going to drop a outad of packets and it's also going to downgrade the connection to 100 Bas TX based on how it works don't ask me how it works it's just I'm not an electrical engineer I don't do that stuff um but no idea if you'll fry something if you get like an ethernet port or Poe Etc um I've done it with Poe and it's worked fine but you know it mixed mileage right so um as you can see there on my arm that was at one point worth like over $500 uh when the

Asberry Pi Spike started going up so yeah that's a that's a flex um if you're going for active Taps for gigabit connection monitoring Etc you can buy these these wire shark Taps that are like $230 and they look like a tap um or you can use what they might already own in their Network closet and just duplicate the port or mirror the ports or mirror four ports or do whatever you want right so I try to blend inin more with the environment talking about Wireless I personally think you should all stop using Wi-Fi pineapples um I'm not paid by anybody to say this but like Linux plus better cap and 5 gz cards go a long way with just being able to

troubleshoot and do your own things I've had Wi-Fi pineapples fail me uh quite a few times in very critical uh sections of the operation poni is awesome it's a great little starter kit you can go and Flash one of the two forks that's working now um your antenna can give you different ranges you all know about this probably much more than I do because I'm not a very big RF nerd um but do your research on what cards support what wir less attacks so you're hosting AP bridging networks and all that you want to make sure that's all there and take your full peaps during your wireless activities have a buddy take full peaps while you're doing your hacking and all

that so you can D duplicate and say yeah that was me I sent those packets or oh yeah I stole that handshake whatever and here's just a overview diagram of a yogi antenna this is more directional right that gets you longer range and there's a can tenna as well uh so check those out so talking about practicing on your own how do you practice on your own uh when you don't have access to these like red team environments and uh places that are you're normally given a lot of authorization to Via contracts well if you're authorized to be on either side of a door that's a great place to start um if you're focusing on info Gathering

I think that's awesome what you can do is you can be authorized for certain spaces and kind of dig in by asking or wandering around right and great defc con's a great place for that bide is a great place for that right um here's an example so there was a auction for a gym that was nearby and I said okay they have an open house let's go to the open house right and I went to the open house and you know I was just walking around and being nice to people checking things out and you know you just like walk into places and it's an open house so it's open right like you're supposed to be

there um granted when I got to the network closet and like was walking around the keys uh I as I was walking out there like oh you you're not supposed to be here and I was like oh I just wanted to buy stuff and they were like oh okay and you know went about your day but always try to find more information about environments you're already in right that you don't own uh hopefully here's a resources dump I encourage you to check out all these resources uh physical security bypass games uh bosi and bill has great videos lock me lawyer DAV allum NATO civil engineer has great playlist uh The Humble firefighter she has great uh

respectful entry playlist and you can look at a lot of these tools on and more so takeaways from this be resourceful become ungovernable once you've learned a concept go back and do it with shitty your tools for fun repeat this until you can do it with as minimal supplies as possible and do it under pressure do it under duress um stay out of trouble though and I do help organize a conference in wit called oek so yeah if you can if you're in town around that date those dates October 18th 19th uh check us out well I'll be there and yeah any questions uh we've reached the end of the talk thank you everybody for your

[Applause] time thanks um for the polymer clay Key Mold do you bake the clay do you do it while it's still wet do you use air dry clay awesome question so don't use air dry clay um what I do is that sculpy 3 Clay is actually the baking kind but I don't bake it right yeah yeah CU it'll shrink so you'll notice when you pull it out of the mold um in terms of the texture you'll pull this key out went too far you'll pull this key out and essentially you'll see where the metal was residing on the clay it's already kind of solid right and baked um so yeah you don't want to bake it you just want

want to get it hot enough the seros safe I was working with melted at I believe 180° F so what is that just under like boiling or something like that um so yeah mileage may vary uh Woods metal I think has a higher bowling point but yes Ser safe has very very uh boiling points so yeah uh don't don't bake it don't use air dry just use normal bake bake clay yep other questions um the magnet bypass for the magnetic alarms yeah uh does stuff like orientation of the magnet matter for most alarms or can you just like shove it on there and it works great question so yeah for this alarm that is $3 on Amazon it does not matter

the orientation I found out later on um normal magnets like quality stuff that's sold to you by a vendor yes it does matter and that's why you have this detector here or use your uh sheet of polarity paper to detect what polarity it is because you want to essentially match the portion of the polarity that is off on the opposite side of of this node right um or the opposite side of the node you're trying to not trip um so yeah was that answer your question yes thank you Y Cool other questions all I if you encounter any door that has a p Electric door release system at the other side where you have to maybe use

your underd door tool to wave at it or actuate the p Electric sensor to open a door or something are you talking about the uh the rec sensors the request exit sensors yeah yeah so your request exit sensors are normally um your cheaper ones are passive infrared and they'll they'll be very easy to trip um there have been some newer ones on the market that claim to do motion detection and human detection and all that but they don't really get into the specs of how they do that obviously there's got to be a way to fool these but yeah you can use canned air um there have been stories of people using blowup dolls as well uh

with a a haird dryer and hot air on setting you can get a hair dryer for I think $10 I got one at Walmart was like the cheapest one and the blowup doll was like $50 which is crazy you can buy five hair dryers for the price of one blowup doll but um yeah so you can uh you can trigger those passive infrared ones pretty easily as long as you're just placing enough temperature um in the in the frame um so yeah I actually recorded some video demos where U I was browsing forums and I I had seen people talk about putting Tupperware over them to to just cover them if you know these are

rigged to trigger something when they detect movement if you're trying to stay in in an area uh and that actually works pretty well as long as you're fast and you don't change lighting too much uh in terms of variant but yeah passive infrared you know uh people use CO2 cans as well davan allum has a video of using small compressed CO2 cans I think the air duster for computers is better because you get a flexible pretext like oh yeah I'm the IT guy here's my [ __ ] uh duster I use to claim your computers versus oh here's this weird thing that looks like a miniature bomb right like in the Paw of my hand so uh does that

answer your question Cool other questions if not thank you all so much for coming out um yeah thank you for the time and really appreciate it