Breaching The Perimeter The Forgotten Attack Vector That Always Works Jiří Vaněk & Chris Cowling

Thank you. Good morning. So, give you a little idea of maybe what we're up to. So, there's one.

We wind it back to the beginning. We're uh scrubbing with a picker in it.

They get there eventually. May may just become an hour to talk to this set of port unit.

that we need to have music with it. But this is typical kind of engagement uh that we typically perform. Um alo if you're going through the various stages that you do in any kind of red team or pens test engagement in that osin doing a whole bunch of recon gathering information in physical world is no different to digital world recon recon recon what's going to lead to being successful

Obviously, don't don't buy drones in part.

So, after we've done our main refund the building, we'll move on to what we call host target refund. Actually try and get in the building, find out as much more information as we can once we're in there.

And that's about how long it takes to call your office by Gian

Boy.

Take note of cameras. They usually are after the event kind of thing. So, just know where they are. Being able to bypass alarm sensors is always good. Nobody likes big loud sirens going off in the middle of a job.

that. Yeah, not always digital records, but stuff on paper. The advantage of going in physically means that we can get hold of those as well.

Oh no, cards don't work everywhere. Go figure. Obviously

for demonstration purposes, not the best place to hide a camera. um network implants probably the most common thing that we will stick in in one of our jobs. It's going to give us remote access into the network. Uh bypassing all your firewalls, EDRs, all those protections. And like I said, it's a vital bit of kit. You need to leave evidence behind that you've actually been there. Otherwise, yeah, of course, we got in. Went everywhere. Now, go and look in this door. You'll find a little porcupine is right. So, who are we? Um, people that come. Right. You cat. There we go. So, apparently I'm the brain and my colleague who was here uh is the looker. Uh, an essential

combination for for most jobs. Uh, you need somebody technical experience, but you also need somebody who's a little better looking when it comes to social engineering. side and work your way through. Uh it also attracts more girls when you go to parties. So brilliant. Uh so this is the kind of traditional view that a lot of people have of uh physical pen testing. Um going to see somebody distracted by their phone, sneak in behind them, block the sensor that stops the gate from closing and tailgate your way in. Um it's rarely that easy. Great. Um, let's introduce you to our door for the day. You recognize it. It is from a multinational company here based in

Prague. No, nobody there. No kick back. Um, so we have a mantra to bypass the door, you must first come the door. Very zen. Uh, so method number one we're going to do. What do we highlight? Use a feet. Best way to get to a locked door, right? Um, but what if you don't have the key? Or you could steal it. Borderline. Um, but you might be able to do is get a photograph of it, but somebody else has got it. You can get a photograph of a key, and it doesn't have to be that good a quality. Uh, you can actually create an overlay that you stick on top of the key that will give

you the the bittings of the key and allow you to create a copy of that key uh for you to use. Uh if you get hold of it for a brief moment, then you'll get an impression of it. Art video. >> Yay. >> But once you got it, you can literally take a quick impression of it in some modeling clay beo. Um then take a low melting point metal that hopefully isn't set off the smoke detectors in your hotel room.

And excuse the Italian director. And after you poured it in about 2 to 3 minutes later should be able to open it and you've got a cast of a key with a little bit of cleaning up with the file means you're going to be able to get in.

But that key is probably good for 10 to 20 uses before it's going to break. You can see um a lot of people say, "Oh, no, that's okay. We've got uncopyable keys. We work for a bank. We've got level five keys that you can't copy and you can't get blanks of. Um, no, but if you got €12,000, you can buy one of these machines and you can make the blanks for it. Method number two, to get into our server room door, you can pick the lock. You call it a foundational skill in physical pen testing world. Uh, but the reality is that the video doesn't start. But when it does, Does this look suspicious to anyone?

>> Perfectly legit, right? Um, it also can be quite timeconuming. It can be quite noisy. Uh, you lose all your progress if you suddenly have to pull it out cuz you hear somebody coming around the corner. Picking locks is probably not quite the last, but almost the last option we're going to take to actually get in the door. >> It can be this easy. Um the uh standards for locks are all geared around a burglar coming in. So how long it's going to take you to smash open the lock with a hammer or a chisel or a crowbar. Uh there are actually no measurements for the ability to pick a lock. Um alternatively, you find a lot

of places where you have these knobs on the other side of the door. Uh that basically means that this whole second half of the lock is empty. There's no pins in there at all. So, if you can just reach past all the pins in the first bit, you can actually manipulate the middle of the lock. And they charge you more for this because, you know, it's a Yeah, forget. But with a bent bit of wire, just read past them.

Method number three, you slit the latch. Uh, you've seen movies where they use a credit card to open the door. What's in America? Because in America, they have like a hole in the wall and they put a door in and that's about it. There's like no overlapping edges or anything. Um but in reality most batteries these days he says you put uh have dead batteries

even about it. >> So that little plunger when it's pushed in means that the latch itself um shouldn't go in. So if your doors are fitted correctly um you shouldn't be able to void the latch. you wouldn't be able to fit them in. Um, most doors don't get fitted correctly and over time they walk and stuff and like you might be able to lean on a door and get that plunger to push out into the hole. Gives you plenty of options to to look at.

So, here he's leaning on that door, pushing that plunger into the hole that's in the frame, and then just using a tool to reach down, slide the latch open. Uh, if you want to have a go at this yourself, we have a a door for you to try on our booth downstairs. Uh, you're more than welcome to come and have a go. I said in Europe, we have these things called door frames that overlap, like draft exclusion, funny things like that. Um, that means in Europe you need some form of specialist tooling to get around those door frames and lead, but it's still a very viable way of getting through a door. Method number four, packs physical

access control systems. Um, whole bunch of tools out there. Fox, the now infamous Flipper Zero, uh, Chameleon series. There's a whole bunch of hacker tools out there for either cloning uh cards or downgrade attacks or relay attacks or I could do a whole 2our talk just on the pack stuff for you. Um what do you do once you have cloned it? Most common things are I put it on another card, put it on a magic ring that has cards in it. Um or if you're an idiot like me, you get a chip inserted in your hand. Uh that means you can just walk up and get in the door. Uh alternatively uh if you can't climb

the card, 95% of the backend systems between readers and the controllers that actually say whether you can open the door um are using a protocol from like 1981 uh that's completely unencrypted. Uh so what you're seeing here is a small post samped uh thing called an ESP key being installed. It's just using the same power uh as the the reader and two communication lines uh that are on there. Just plunk down onto the existing wiring um doesn't cause any damage. stick it back in the wall eventually and then you wait for somebody to come along and use the door. You can then connect to that little trip over Wi-Fi when you come back and you can either

use that data to create a card if you want to use it in multiple other places, but if you're just in interest just in that door, you can just replay the data straight to the controller and open the door. So, method number five to get through our servid door hinges. Why bother with all the lock stuff that's difficult to do on that side when you can just pop the hinges on the other side and walk the door out there. You have this peniz old style hinges like this and you can pop the fins out, walk the door away from the wall. It's a pain in the backside to put back in. So, this is our least favorite method of

living. Um, but yeah, if you're really really struggling, it's it's definitely still an option. Method number six, the over the-do attack. Not so common in Europe, um, but definitely works a lot in the US. >> Anybody recognize what what he's using? >> That's 35 mm film. Oh no. >> So you can just use like oil tape works just as well. But if your door's open when you lift the handle, this is a perfectly valid way of getting in. Um if you don't want to go over the door there, you can look at method number seven, uh where we go under the door that you already saw in our demo video at the beginning. Uh, this is footage from me on a real

job about 11:00 at night in Switzerland. The company is worth about 13.1 billion. And this is how difficult it is to get in their offices and their labs and access to all of their IP.

So if you were on the other side of that door, it would look something like this.

incredibly uh common way that we actually get into buildings. Um in fact, it's so common that you will find this exact tool in uh hotel cataloges. So that when people like mess up the locks on their hotel doors, this is how they actually get in hotels as well. Um, method number eight, the pencil or the glue stick attack.

Place a pencil or a glue stick by the edge of the frame. Wait for somebody to walk through and your pencil or glue stick will nicely fall into the gap and prevent the door from fully closing. Uh, this is actually quite a thick door. Uh, we have to use a glue stick on this one rather than a pencil. You use a pencil, it actually semi locks the latch, which you can sloy it open. But, uh, it's much nicer when you can just walk off and open the door. Make sure you choose the right thickness of thing for the the door. Uh, method number nine, destructive entry. Who doesn't like breaking stuff? Um, actually, one of the biggest

problems that we have with locks in Europe, um, is that they can be defeated like this. So, the euro cylinder style of lock as it is. Um, see the little hole where the where the screw goes through that actually fixes it to your door. And that doesn't leave you a huge amount of metal either side of that screw. Slow-mo action.

nearly so much. There you go. So, yeah. Um, if you have more than about 3 mm of lock sticking out the front of your door, um, that's how a burglar is probably going to get in. Um, we do have jobs where we get a uh part of the contract that says yes, you are allowed to perform damage up to a value of say €400,000, whatever the case may be. Um, and then this becomes a viable option for us if we're really struggling to get into any of the other eight ways that we got in. Method X, be creative. Understand how the systems work. understand how to put stress on those systems and manipulate them in a way

that's going to allow you to get in. Um, very surprising number of ways that you can figure out get through a door that aren't typically common. Um, what's even more surprising is how many of them involve a bent piece of wire. But, uh, we have other types of doors uh, other than our servo. So if we look at typical double doors, you have a tool for that called the double door tool. Just reach through and push on the push crash bars on the other side. Um, anybody want a Tesla? >> Even though these grass doors are locked, the inside of the lock has a thumb turn on it. This is what's known as J tool.

You can use a gap in the door and use a thumb tab on the inside to open it.

Um, anybody like playing with SDR stuff? You'll be amazed at how many things are not using rolling keys and you can just do replay attacks open garage doors. Just walk through the garage door and into the building. The winner keypads. Um you have a number of ways of defeating. So first of all we look at uh using a small thermal camera. Um, if you've got more money than cents, you can buy one of those really nice thermal rifle scopes and do this from much further away. But yeah, being able to see where the numbers are pressed, um, definitely narrows down the number of possibilities for the pin to get in. Likewise, um, ultraviolet powder that only shows up when you shine a UV

torch on it later. You can go and see where the fingerprints are on the numbers and at least you know which which numbers they are, if not necessarily the order. Um, but definitely narrows it down for your ability to get in. What about that alarm system? Um, so you saw in our video we were using this which is called a magic wand. Um just run this around the edge of the door. So each of the like uh door alarm sensors is made up of a small read switch uh and a magnet uh that is either opening or closing that read switch when the door is uh opened uh and that's what's triggering the alarm. So if you

use this one to find it, you can then place a magnet next to that sensor, open the door, the re switch still sees a magnetic field uh and doesn't trigger the alarm. Likewise, P sensors uh are the other typical alarm sensor that we see. Um get to play with my thermal camera in the office. So the way P sensors work is they're looking for a differential in temperature. Uh that can be as little as 2° in the very center. So it could be as much as 8° over on the edge. So, if you can try and stay on the edge of its field of view and then mask your heat signature by using some insulating

material, you're going to be able to either get past it or get close enough to it to then permanently mask it. Um, exit sensors are starting to become more common over here. Been very common in the US uh for a long time. They're really a convenience feature. So, if you don't have a requirement for people to badge out when they go through a door, you can just put a ref sensor by the door and it unlocks as people approach. Uh, again, it's a P sensor, but as it's on the secure side of the door, you need some way of getting a temperature differential. Nobody said it had to be a positive temperature differential. You take a can of compressed gas and you

turn it upside down and it and spray it, you get a cold differential that will open the door. And that's before we even start talking about windows. So this tilt and turn type of window. Um incredibly common. Um there are a number of tools. Uh this is just one of them on the left where you can somehow get it through the that small gap in the door over the handle, pull the window closed, and then you put on strings. um or you're using some kind of mechanism to then basically turn the handle that allows the door to open fully rather than it ventilation mode. And then we have social engineering. So a lot of people when they say oh yes I

do physical friend testing what they actually mean is they do social engineering. Um we find that the you know some clients ask us to do it because they want to test the processes and procedures um as well. uh but it's generally something we're doing later in an engagement after we've already completed the what we call the cobalt methods of entry. So testing the the technical capabilities of the uh the site to see whether we can get in uh what about AI? Anyone play with deep fakes? They're fun, right? So um very large insurance company not million miles from here uh where as kind of our uh social engineering stuff towards the end of the week we found the

the CFO had given an interview on YouTube. So we sampled about a minute of his voice turned it into 11 Labs um texted speech where we just said um hi this is whatever his name was uh we have two auditors coming from the central bank uh Mr. Cowing Mr. panic. They're going to be here at 1:00. Um, they've been here before. Just issues them a card and send them to the executive floor. We rocked up an hour later in suits looking officials. And sure enough, having just paid that down the down the phone to the reception uh an hour previously, they were there ready and waiting this car to move. So, here's a another interesting case

that may not crop up um too too often, but if you have people who don't necessarily work in the office, um AI's ability to do lip reading is much better than mice.

And this video is about 3 years old. It's probably improved even more by now.

As you can see, it's it's pretty accurate. It's like Q4 and the letter Q4 is still pretty uh still going to be pretty close. So we do see a lot of um AI coming in place in CCTV cameras uh for detecting us. Um but we actually just ran our expert training course uh for the first time uh last week in Vienna and it was quite surprising the number of ways that you can actually bypass the AI for CCTV cameras. Uh the guys got pretty inventive. Um but we said about two. Yeah, if you've uh if you've not come across them before, everyday objects can be given cameras um that are very very useful for doing your close target recon. So we

tend to use coffee cups. Uh water bottles. You have a whole set of water bottles that have cameras in them. Uh baseball caps. Um anything that looks kind of everyday is going to be uh really useful for that. Any questions, I guess. >> Yeah. Go ahead. >> Yeah. Were you ever uh attacked by security guards? >> Um not attacked. Uh we've been certainly stopped by um security guards whenever we go on a job. Um the one non-negotiable is that we have what we call a letter of authorization or an out of jail letter. Um and if you are in a situation where you're presented by security guard depending on what you've agreed with the client up front, you may even put out a

breakout of jail letter uh that has like a phone number of one of your teammates around the corner and you know if they want to test their procedures of oh no, they're supposed to go and check the phone number in the directory of the person and this kind of stuff. Um, but most of the time we'll try a little bit of social engineering to kind of get our way out of it. And if we can, great. If not then >> yeah, >> do us out of jail letter. And uh, >> congrats. I actually catching you. Um, my question was um, how does a person get uh to um do the physical pen testing? Uh, it's not like there's

schools for it. Uh, how does a how does a person start working? Um, so we have two businesses. We have our consultancy business and we actually have our training business. So we have a uh a three-day operator course um where we come and teach you how to run a job. Um, we teach you how to pick locks, we teach you how to bypass locks, we teach you how to bypass doors. Uh, we teach you a little bit of the physical social engineering rather than uh like the stuff you're going to use in fishing emails, etc. Uh and then we have our expert course where we do the bypassing um CCTV cameras, bypassing alarms, perlet surveillance photography,

um a whole bunch of physical access security uh training in there, and then we top that off with a two-day exercise where you actually go and get to break into a building and and put it all um to the test. uh more uh how big is the ask on the market for these kind of uh services and uh the competition? >> Sure. So in Europe there's not a lot of competition. Um the demand is definitely growing. It's huge in the US. Um and it's starting to make its way over here. Um give you an idea between now and the end of May I have one and a half weeks while I'm not on a job.

Yep. >> How often you run into into sites when they have like proper RFID so it's not gone that easily? >> Um generally when we've gone back to a place so we go we break in the first time we tell you you need to upgrade your pack system and then they upgrade the pack system we go back and go. >> Um but yeah like we said there's you saw there's so many different ways that that we can get in um before we even start thinking about social engineering and stuff. So if pax isn't an option for us then yeah we have just have to work around that. >> Yep. >> Does company after your penetration

testing apply this uh some fixes about how to manage this. So ne next time you have harder task to come and explore. >> Yeah that's pretty typical. So the um when clients coming to us they're generally coming to us for for one of three reasons. One is a compliance thing. So this two, Dora, these things that are starting to come through, it it's starting to appear on people's radar more and more that they need to have a physical element to their testing. Um secondly, they're looking to get budget for something. They know that their pack system is outdated and they they need proof to go to the board and say, "Yeah, give us the money to

actually upgrade it." Um or it's one of those things they're more worried about the other threats like corporate espionage. Um there's actually like a 42% increase in attacks on executives uh 60% increase in activism uh causing damage to uh people's properties things like this. So, um there's a whole ream of uh reasons behind um sort of the non-compliance and they're trying to get budget stuff that there it's all on the increase unfortunately a lot of >> yeah with the failure rate for you or do you >> um good question trying to think I think we've had one job in the last three years that we've not been successful. >> Um, so >> yeah, and that was a site that we've been to

several times before and they've improved stuff to a point. Yeah, we were really struggling with that really. >> Do you often use AI for uh fishing for engineering in this game? And if yes, do you find it effective? >> Uh, yes. >> Um, yes. Yes, we've used it a few times. Um, typically when we get to the look of that social engineering stuff, but it tends to be like the the boy sleep fakes rather than uh fishing. >> So, um, yeah, it's you you want to in that case, we're kind of targeting the you want to say the easiest targets because the receptionist is designed their whole role is designed to be helpful. So, if you can use AI to

manipulate them um into allowing you access, then yeah, it's a muret. Do you use it to u the voice of a employee or to the voice like pro language or stuff? >> Uh we haven't done foreign languages yet. Um but I've got a job in Italy next week so we'll see. >> Yeah. >> Yeah. Uh you said you can copy lots like the keys you can pick them but obviously all of us have logs at home. So you know give us a recommendation which lock to you. >> Yeah. I wondered how long it was going to take. This question Chris always comes up. So, um yeah, it depends on your threat model. So, who who's going

to be actually kind of break into your hand? It's not generally going to be somebody that is going to try and pick your lock. Um burglars are known for picking locks about 2 to 3% of the time. The rest of the time they're literally smashing the lock open, smashing a window, getting in. So, yeah, they're they're obviously better quality locks that are out there. Um, we like a lot of the Eva locks. Um, but you know, if you want a a lock that nobody's really going to be able to get through, like a Abloid Protek 2, if you want to spend €300 on a lock, um, is pretty difficult. There's probably a handful of people in the world that were

able to pick that off, especially for me. So, >> yep. >> Have you ever found one of your tools in the trash? because uh when I walk in the city and I see abandoned trash, I just, you know, pick it up and throw it to the building. >> Yeah. Very, >> um so so not so much these. We tend to keep hold of these cuz they're quite expensive. >> Um in fact, I need to put a new Apple tag on the bottom so it keeps us traffic. Um but actually using trash for tools and being able to improvise tools is a very useful skill. So, you know, finding a a plastic bottle in the trash,

you know, being able to cut that and use that to to load a door open. Um, you'd be surprised where you find bits of wire, uh, coat hangers that, you know, you bend it the right way, you can turn it into a tool for pretty much anything. >> Yeah. I'm just wondering when you're doing the locking, why not just simply have a tool bag in the yellow vest? I mean when I had to go when I I used to work in telecom and when I go on site almost when you draw my ID do it used to be a lot >> um yeah works less or less surprisingly it used to be the case certainly years

ago yellow vest or walking in with a ladder just demig you in every time um but yeah there's people are kind of cing on to that one um yeah the I'm here to inspect your fire extinguishers is the other one that kind of worked really well. Um, but yeah, like we said, the you're always going to be able to get past uh a human being. Um, so you know, just doing that and saying, look, we got in um provides less value to a client than going in saying, look, we've managed to bypass these technical measures and then also we were then able to social engineer as well. So that's why we tend to split it in terms of do

your covert entry work first and then um you still got time to do social engineering stuff again. Uh what time do you usually do the entry like working counts or after work? >> So it depends on the on the situation. Um I prefer it when nobody else prepare because they'll be going to come and start asking questions particularly if you're doing it in a foreign country which we work all over Europe. So you know I speak five languages but not all of them and not all of them that well. Uh but the yeah it's going to really depend on on the situation. Sometimes if there's a really good alarm system that's in there, um it makes more sense

for you to kind of go in at a time where okay, some of the people are leaving and maybe the cleaners are going in, so there's less people, but the alarms haven't been switched on yet. So yeah, it really comes down to a sideby-side basis as to when you want to go in. >> Is it typical to buy these different gadgets? >> Not at all. Um most of them are available from a number of places online. Uh like locally in Czech Republic uh lock tools.cz um has has a full range of stuff on there. Um you know covert instruments is a very famous one in in the states uh that has seen quite nice tools. Um yeah

you can pick them up in lots of places or make them yourself. Um, a lot of them tend to get quite pricey, so sometimes making them yourself is a is a lot of them. >> No more questions. Yeah, >> ladies first. >> Maybe. Was there ever a door or lock or or some place where you really could not get in? >> Um, we have had a couple of times. Yeah. But we we got there and there's been a door and it's tends not to be like oh look they put like this really expensive lock on. It's like it's a really old fat 50 that's so gun tough and stuff that you actually can't make it work.

So yeah, that that tends to be a bigger problem than um you know oh it's a high security lock cuz you know if it's a high security lock and you've got 10 other ways to get through the door then you just pick one of the other 10. Um, but yeah, if you're really struggling and you're down to like, I have to pick this lock and it's an old gun thing and it's broken, then yeah, different route. So, the, you know, when when you do all your recon, you you're going to build multiple ways that you you're going to be looking to get in. So, if that particular attack chain isn't going to work for you, then you

have to switch to normal. Uh do you also work for theater? >> Not only the company but need people asking >> uh yeah so tends to be executives of people that we've done stuff for on their their company. Um but yeah, we have a number of people who have quite substantial properties that will go out and um not so much in a pentest kind of but more in a collaborative auditing uh more approach to it and say okay this is where the blind spots are on your cameras. This is what you need changing your alarm maybe up to 30 locks. So yeah, >> how much time does it take to prepare an operation like top to bottom from the

recon from fatal award to over the end? >> Depends on the size side of the site. Um but typically you're talking got a couple of days of oent work beforehand. Um if the client's good at doing all statement of work and out of uh jail letters and all that side of stuff, it wouldn't take too long. Um but then I say typically it's a week on site. Um, so you're going to spend two to three days doing refund. Give yourself maybe the end of the third day a chance of of getting in. Uh, if not, you'll try again on the Thursday and you still got Friday as a kind of backup day. And if you get

in on the Tuesday or the Wednesday, then you just try multiple different social engineering scenarios to let's provide the value to the campaign. But I mean if it's a really huge site and your objective is you must find this server room and get this hard drive at the left on the side for you. Sometimes the biggest problem is finding where the server room even if um yeah we have had a job where we were sat sell reception and there was this cony metal desk on the table uh and we found a bunch of keys in a drawer. tried the first one, worked, tried the second key, opened it. It was the system for programming all the cards in the access

system and sat on top of it was a um ser a guest server room access label badge on top. We're like, "Oh, there's a server room here. Great." Spent the next two hours trying to find it cuz we knew that we had the car to get in. So, >> anything else? >> Yeah. Uh, with all the expertise you have, do you still enjoy watching Mission Impossible? >> I know. I just wish I was thin enough to be able to hang on one rope and do it. >> Yeah. >> Do you work as a team on how many operator usually? >> Yeah. So again it depends on the the size of the uh site that we're going to

um with work a team of three to four uh something like that. Um sometimes a bit bigger. Um so we do have uh people that we call padawans we bring in who are kind of looking to learn and grow in the industry um that we we kind of try and use the because it's still a growing area growing market in Europe. Um we tend to have contacts all over Europe. So we like next week we're going to Italy but we're bringing in a guy from Belgium to come and work with us. Um you know you have guys in Germany, France um that we can call on if you have to obviously know places to go. It's always

useful to have a native speaker with you. >> Have you ever seen traces of previous breach >> of positive? >> Yeah. You've literally been faces where they had like a combination pad lock that um was appearing something and somebody had written like do not leave unlocked and it was just hanging off. >> Yeah. Sometimes there stuff a lot of the time it's the way you're going to get in as well is not even somebody deliberately breaching the security for like needing the convenience. So smokers popping the door open so they can get back in easier and that go ahead. >> If you have like something like destroying but then you they go over the budget are you paying it from your

pocket or >> I wouldn't know. We've never done it. I mean to us I think of all the times that we have had that opportunity to do something productive it's maybe 10% of the time that we're actually do using it and so it's it's pretty rare that we actually get around doing something disruptive. Yeah. >> Company and be somebody else like structure worker or something while you're >> favorite role to play. >> My favorite role to play is the guy controlling everybody else with the phone back in the hotel room. Um but if I have to do the social engineering stuff then uh tends to be the the IT worker. um or you know you've got the

t-shirt on the the supplier that company um purely because you know that's my my background. I come from doing cyber red teaming uh originally. So you're always going to be more comfortable when you've got that background knowledge and if somebody comes to ask questions you got to be able to um talk about something which is why you know when you're building a team it's useful to bring in people with with different backgrounds to uh help supplement that. >> Yeah. >> Which inline do we have? um all homemade. So we have we generally have two implants that we deploy. One is a open dot base. We tend to use more as a kind of a sock gateway um in there that we

can probably use that more for if we we're interested in what we're getting out of key loggers. So we it's somewhere where it can be within Wi-Fi range of kind of three or four key loggers and then we just connect to it to extract the data from them. Uh and then we have a much more comprehensive one that's part of paradise um that sits there as a bump in the wire type approach sticking uh everything that's going on. Obviously a lot of people are doing things like 802.1x on the network now. So if you can stick it behind a printer or something you disguise it as a network princ uh or some such device that means you

can do the the MAC address bypass uh stuff for it when you switch it to being active mode. >> Thank you for your answer. How about uh body implants? >> See him? >> Body implants. >> Oh, so they're the fist ones. So yeah, I just got the one. Um that's a combination of a a T-5577 and a magic >> uh no it's a dangerous things one. >> Yeah. S magic or uh next >> uh next >> next. >> Yeah. >> The uh yeah well in Germany seems the place to to go in Europe to get in. We have some people that do it in Czech Republic. >> Um, have you thought about getting the the X-Magic clone um more like NFC

chipsy stuff? >> Um, no. We tend not to see NFC chips being used so much and the the way that kind of pack stuff is going as people using more and more credentials, we tend to start using relay attacks now. Um, so that that seems to be what the way that kids are heading. >> So, how how often do you use the implies? Um nowadays it's not that common that we're coming across things like my uh classic out there. So if it's low frequency then yeah it's a really >> yeah it's uh it doesn't hurt too much if you do want to get an implant >> spark I I do have a slight fear like you know

the ones that are very flat and sit under the skin. Yeah. But I'll give you something solid a you know graph capture please. >> We done. >> Yeah. >> Cool. Thank you.