Lockpicking - by Deviant Ollam
slides
resources
videos picks & gear
training
games
press
bio
Videos of Presentations & Workshops
 |
Getting the Right Rotation: Safe Locks and Sushi Rolls PancakesCon is a marvelous and interesting event wherein all participants give talks that are split into a "half industry" and "half interest" format. The abstract for my talk there this year is as follows... As a safe technician and security trainer, Deviant has not only manipulated open his share of safe locks but he also regularly educates other individuals on the topic of how to perform this clandestine entry tactic. However, increasingly we are seeing the market (at least, the consumer market) moving toward electronic safe locks as opposed to mechanical dials with wheel packs. How does one go about attacking electronic safe locks? What was all the fuss in the news a while back regarding Liberty gun safes and manufacturers like Securam? In the first half of his presentation, Deviant will discuss how electronic safe locks have their own unique vulnerabilities and showcase tools and techniques for attacking them. He will also demonstrate how to swap out an electronic safe lock with an old-school mechanical dial... which some of you might want to do after the presentation is over! If you follow Deviant on social media, you may have seen that he regularly posts photos of sushi either late Thursday night or early Friday morning. This is because during the pandemic he wanted to learn to make one meal as well as he possibly could and both Deviant and his wife decided, "If we are obliged to have the same meal once a week forever, it had better be Japanese food." This led to Deviant making a sushi dinner once per week for the past two years. |
 |
Penetration Testing & Emotional Intelligence This was a presentation I gave remotely at the BHIS event AwarenessCon, inspired by the friction that arose in Iowa when two penetration testers were taken into custody because of work performed during an engagement. In this talk, I speak about the importance of being mindful of how clients will feel about their security being breached and what important questions we must ask ourselves in advance of such jobs. This entry on my site is cross-posted over in the Emotional Intelligence and Human Hacking entry section because there is plenty of content discussing the ways that safeguarding people's emotions are as key as safeguarding their technology, but it also appears here because it covers my career and the kinds of challenges my team and I face on jobs. |
 |
Forged in Fire You've seen lockpickers open doors by manipulating pins. Such a tactic relies on ownership of pick tools and the knowledge of how to use them. You may have witnessed hackers demonstrate the art of impressioning. Such a technique requires a working blank key that can be hand-filed into the correct shape in order to facilitate entry. But have you ever seen a key fabricated before your eyes from nothing at all? With a raw ingot of metal ore, heat from a flame, and some subversive skill it's possible to re-create almost any key -- no matter how obscure -- via molding and casting. That is what this presentation enails: keys will be created using raw metal and fire. But not in a forge or foundry... this is a tactic that can be employed in the field by covert entry types who want a way to gain repeated access without having to carry around key blanks and specific tools specialized for every brand of lock. When you're casting a key from nothing, virtually any kind of mechanical lock becomes a valid target. |
 |
Copying Keys from Photos, Molds & More Most folk are aware that it's not a good idea to hand a stranger your keys... some very security-conscious folk are even wary of letting potential attackers SEE your keys. The risks of casting, molding, teleduplication, and quick decoding are real and such caution is merited. However, how many of you have ever actually performed an attack like this yourself? Have you ever witnessed it live and in person? |
 |
You're
Problably Not Red Teaming (And Usually I'm Not, Either) In a world where it seems everyone and their dog is doing “penetration testing” nowadays, many individuals have started attempting to distinguish themselves by referring to their work as “red teaming.” Heck, that’s wound up in some bios which have been written for me in the past. However, this term is over-used and often misapplied. In this talk, I offer up a straightforward metric for untangling these terms, and then share tips, stories, and advice on tools that can help you in future Pen Tests or (if you’re truly performing them) Red Team Engagements. |
 |
I'll
Let Myself In: Tactics & War Stories of Physical Pen Testing (Wild
West Hackin' Fest) This is, hands-down, the best version ever of my "I'll Let Myself In" talk. I had been giving this presentation to private audiences for a while now at this point, but I wanted to do something special for John Strand and his crew in South Dakota, so now I updated the talk with a series of real-world stories that illustrate many of the points we try to drive home about physical security and red teaming. Enjoy! |
 |
I'll
Let Myself In: Tactics of Physical Pentesters This is the first time that my "I'll Let Myself In" presentation really stood on its own. I love how it all came together and despite a harrowing series of flight mishaps, Tarah and I both made it to Orlando in time to present! :-D |
 |
How
Threats Are Slipping In the Back Door Another SANS presentation, in this talk we see the evolution of my "Perfect Door" material which is morphing into the "I'll Let Myself In" presentation... which starts appearing above. SANS is a terrific venue and their crowd of attendees is always on the ball. |
 |
Elevators
as Security Risks... What Goes Up May Let You Down SANS asked me to participate in a webcast for them and focus on the topic of Elevator Hacking, so I put together the latest and greatest update I had for this content. It was a new audience for me, so it was wonderful to see questions and feedback from so many folk who had not previously heard of this material at hacker cons, etc. The Q&A at the end was just as rewarding as the presentation for me! |
 |
What
Does The Perfect Door Or Padlock Look Like? The latest evolution of my "Perfect Door" talk now includes a section on padlocks, as well. Again, all of the simple and dumb ways to attack these mechanisms are not only shown but also mitigated with simple solutions in this talk. |
 |
This
Key is Your Key, This Key is My Key Another HOPE conference, and Howard and I again returned to a packed room... this time, discussing the myriad of lock systems which are keyed-alike from the factory. Want to open something but don't want to pick it? Perhaps the key that operates the lock you're targeting is available online and easy to acquire! |
 |
The
Search for the Perfect Door The emergence of a new talk of mine which I had been workshopping at private events the previous year, the "Perfect Door" talk gives direct, specific, actionable advice when it comes to finding flaws in some doors and showcasing how attackers can exploit them. I also discuss solutions to every single one of these problems. |
 |
Exploiting
Elevator Security Weaknesses My last time speaking on stage about elevator hacking, this was at ShakaCon. Sadly, Howard couldn't come to Hawaii with me, but I still had fun... especially when I included one scene from the conference hotel elevators. ;-) |
 |
Elevator
Obscura: Industry Hacks For CarolinaCon, Howard and I explored a different theme: the obscure, unexpected, and downright strange ways that the elevator industry will find hacky solutions to problems in order to keep the cars running up and down hoistways. Some are innovative and clever. Others are outright code violations. Learn the difference! |
 |
Putting
Out Physical Security Fires On my way down to CarolinaCon I stopped at Fort McNair in Washington, DC. I had been invited to address an assembled session at the National Defense University. My talk highlighted some of the ways that Fire Codes and other compliance rules for building construction can introduce security vulnerabilities in unexpected ways. |
 |
Elevator
Hacking Another elevator hacking talk, this time in Canada! SecTor is a great event, and they had a fun time with us showcasing our material. Sadly, of course, we did not bring a full elevator cab panel to the stage on this one. |
 |
Elevator
Hacking: From the Pit to the Penthouse The DEF CON main track roared with laughter at the very close of DEF CON 22 on Sunday afternoon (why is it, we wonder, that our Elevator Hacking material always seem to be restricted to the last day of a conference?) as we discussed movement in buildings, key switches, and why we weren't about to be removed from the stage by Goons who wanted us to stop early. Thank you to everyone in the audience who cheered us on as we kept presenting. ;-) |
 |
Elevator
Hacking: From the Pit to the Penthouse This was the elevator hacking talk that started it all. Howard and I presented on the HOPE main stage for two full hours in 2014 and had a wonderful time. Later elevator hacking talks would follow in the coming year, as you see above, and in their own way they all featured new and updated content... but this one was quite special. :-) |
 |
Locks,
Knots, & Seals This is a presentation that I gave at the HacKid Conference in San Jose. Please forgive the very shaky and vertical video... the audience member who so graciously was recording this had only that day bought a new tablet. So she gets a pass from me! I have posted this video here just to have a record of how the workshop and lecture went that weekend. I hope that there are many future HacKid events and that I get to return to them to teach more young ones and their families! |
 |
Locks
and Physical Security Deral Heiland invited me to speak about locks at the Ohio Infosec Forum and I was glad to make the trip. This is also the first place where Martin Bos and I debuted the Uhm Gunner speaker challenge game. ;-) |
 |
Locks
and Physical Security On our first trip to Russia, we were astonished at how much the attendees were wowed by basic lockpicking and lock-opening topics. These kinds of attacks seem to have not been discussed publicly a great deal when the country was more restrictive, and ours was one of the first such talks that many in the audience said it was their first time seeing these kinds of tactics demonstrated. |
 |
Advanced
Handcuff Hacking Ray is a good friend of ours from SSDeV in Germany and he gave a terrific presentation at HOPE regarding advanced handcuff hacking. If you've ever been curious about the kinds of cuffs they use in other countries across Europe, this is a great talk to watch! |
 |
Mastering
Master-Keyed Systems This was a tal at the ninth Hackers on Planet Earth conference where I gave a detailed explanation of Matt Blaze's Privilege Escalation Attack and introduced the new TOOOL contest called "Escalator Action" |
 |
Physical
Security on the Front Lines This is a more business-world-focused talk, with lessons for management and policy-makers... with lessons culled from many pen testing engagements. I used tactical and military analogies to make direct connections between INFOSEC and any other engagement where assailants must be kept at bay for as long as possible using the resources you have available. Remember the "Three R's" of Physical Security? How about the "Three B's" of tactical defense? If you don't, you'll learn them this time. |
 |
Why
Physical Security Matters I had the terrific opportunity to address a large room of government folk at the GovCERT conference in Holland. Individuals from TOOOL.nl were there with me, demonstrating various lock attacks and running a great Lockpick Village to give the attendees some hands-on fun! Big thanks to Jos Weyers for his incredible on-stage impressioning attack and also to Barry Wels and Han Fey for running the hands-on area with me each day! |
 |
Distinguishing
Picks This was the first time i ever presented my "Distinguishing Picks" presentation in English. While seen earlier at ekoparty, i was looking forward to showing an updated version of this talk to US audiences, and there was no better or more American a venue than the first DerbyCon in the heart of Kentucky. Bourbon was involved. |
 |
Safe
to Armed in Seconds: A Study of Epic Fails of Popular Gun Safes This talk is an in-depth evaluation of some of the most popular small firearm lockboxes in-use today. Some rely on mechanical locks, others on biometric locks, and some offer a combination of both. But overall, they tend to fail miserably in the face of any dedicated attacker. Your favorite gun lockbox might be preventing your toddler from having an accidental discharge, but it's probably not at all likely to repel a criminal or even perhaps a curious teenager. Means of both attacking as well as improving upon the lockboxes you already may own are demonstrated, and audience members were invited to participate in all sorts of attacks... live and on stage. |
 |
Maker
Faire Lockpick Village For all those who've never attended a Maker Faire where TOOOL is teaching the kids and families, have a look! |
 |
Here's
to Fail Officially this was the latest incarnation of my "Ten Things You Need to Know About Lockpicking" talk, but at the end i threw a change-up and tried making some more big-think points for all the high-level types in the room. It's important to remember that all security is doomed to fail eventually, and it's simply a matter of how well your defenses can Resist, Recognize, and React to threats that makes all the difference. |
 |
How
Secure are Electronic Locks Babak and i filled in at the last minute when one the speakers at DeepSec canceled. They had been expecting a talk about electronic locks, and we did our best to put a talk together with little prep time in order to show the attendees the state of most research and attacks regarding electro-mechanical locks on the market today. |
 |
Why
Physical Security Matters In November of 2010 i had the terrific opportunity to address a large room of government folk at the GovCERT conference in Holland. Individuals from TOOOL.nl were there with me, demonstrating various lock attacks and running a great Lockpick Village to give the attendees some hands-on fun! Big thanks to Jos Weyers for his incredible on-stage impressioning attack and also to Barry Wels and Han Fey for running the hands-on area with me each day! |
 |
The
Four Types of Locks I gave my "Four Types of Locks" presentation to the Fed and Suits was up North in Canada in the hopes of getting decision-makers in our neighbor to the North to think critically about physical security and infrastructure protection. |
 |
The
Four Types of Locks It had been years since my last visit to Ann Arbor and i was very pleased to return. The folk at the SUMIT conference thought that the inclusion of some Physical Security content made a great addition to the other talks about policy, cyberwar, and the cloud. |
 |
Distinguishing
Picks Perhaps my favorite conference in South America, ekoparty is always a great time. This year i tried a new topic, a discussion about the wide array of tools on the market, how to best categorize them, and how we might work together to name them consistently. NOTE - this talk was presented in Spanish. |
 |
Master
brand Anti-Shim Padlocks Lately, the Master Lock company has been adding shim-resistant features to the retaining latch inside of their combination dial padlocks. While this does indeed make the process of shimming much harder, it is not impossible. This video shows how the new features work and how to try to bypass them. For proper security, your best bet is still some manner of double-ball mechanism. |
 |
The
Search for the Perfect Handcuff Key Did you know that although there is a “standard” size and shape for basic handcuff keys, every manufacturer has variations, special features, and sizing issues that make creating a single, universal key quite difficult? In our talk, we explain how to create this type of "ultimate" key that opens all major brands of handcuff, both in the United States and elsewhere around the world. We have the math, we have the means, and we demonstrate to everyone how to obtain the best handcuff key they might ever own! |
 |
Hacking
Hotel Locks This was the replacement talk that Babak and i put together at the last minute when Barry and Han could not attend the HOPE conference in 2010. Everyone was very kind to us and we had a lot of fun sharing some of our Dutch friends' material as well as some new interesting content of our own. |
 |
Kwikset
Smart Series Smasher Tool People like valanx have already done a pretty thorough job of demonstrating how vulnerable to attack is Kwikset's latest design... the "smart series" door lock. However, an attack about which i recently learned is one which simply crushes the plastic "re-keying" internals... it's destructive, unsophisticated, and outside the scope of what i do with TOOOL and the sport-picking community. It also is much more effective on early generations of this lock... Kwikset has revised things and uses harder materials in newer models. Still, the implications are pretty staggering, and i felt it prudent to describe and demonstrate the issue, given that the attack tool is commercially-available. |
 |
Schlage
Primus Bump Key Attack Everyone thought it couldn't be done. Most authorities and references you care to consult on the matter actually recommend Primus locks to protect you from bumping. Hell, even i would mention them all the time in my presentations. Well, as it turns out, you can bump a Schlage Primus lock. In addition to being a terrific (and fun) proof of concept, we were able to determine a terrific way of preventing nearly all conventional bump key attacks... and that is with the use of new anti-bump pins being developed by ilco. (secondary link here) |
 |
Better
Uses for Your Basement than a Meth Lab At NotACon 6, Shane Lawson of the FOOOLS gave a terrific and entertaining presentation focused on inspiring people to use the simple and inexpensive things around them in order to create tools, projects, and fascinating results on a hacker's shoestring budget. I also did a segment on "lockpick alchemy" in which i explained how to take inexpensive picks made of cheap spring steel and heat treat them in order to yield tools of higher quality as well as greater durability and stiffness. |
 |
Kwikset
Smart Key Decoder Shane Lawson, an expert in many fields of security technology and one of our fellow lockpicking enthusiasts in the sportpicker/hobbyist community, was inspired by my Gringo Warrior setup to inspect the newest design of the Kwikset brand of locks. What he discovered was astounding... practically none of us could believe him when he said how simple their "security" mechanism was and how it operated. This is a talk that he prepared to show us just how easily the new Kwikset Smart Series locks can be compromised. |
 |
Handcuff
WTF Babak and I wanted to say thanks again to the MetaLab crew for such a great time while we were in town for DeepSec. I had rolled footage of our talk about handcuffs and even shot some great clips of people picking and bypassing such restraints after we had finished our presentation. I edited everything together into a pretty sweet little The talk runs about 20 minutes or so and the 5 to 6 minutes of hands-on footage at the end is, if i do say so, pretty fucking spectacular. It really captures the mood and style of people at the MetaLab. Thank you all, we'll see you again soon! (secondary link here) |
 |
Paper
Padlock Shims Many of you have seen footage and instructions concerning my famous "beer can padlock shim"... but how many of you have ever tried shimming with other materials? I've successfully used items like plastic drink cups, and as this video will show... even paper can work if the lock is of significantly cheap construction. |
 |
Gringo
Warrior Closing Ceremony This was the prize ceremony for the very first version ever of Gringo Warrior which made an appearance at ShmooCon Four in 2008. We had a lot of good participation and it was tremendously fun to do this. I'm so pleased with how well this game was received and what it has grown to become. |
 |
The
Latest on Bumping This was a talk i put together in order to summarize the latest news on the issue of bump keying, which was getting a lot of attention in the popular press at the time. Hoping to dispel some rumors and also let people know of the fixes that were being implemented by a number of manufacturers, this was a short talk but one that i enjoyed. There was also quite an enjoyable plug at the end for the first ever appearance of Gringo Warrior. |
 |
Lockpicking
Workshop This was a talk that datagram put together (mostly using my slides and animations) in order to showcase how relatively insecure the majority of locks in circulation are. He discussed both picking and bumping as well as methods of achieving better security than what you'd typically find with off-the-shelf solutions. |
 |
HOPE
Lockpick Village For all those who've never attended a con where TOOOL has set up a public area, this is what goes down at a Lockpick Village. |
 |
Lockpicking,
Safecracking, & More For the first time on the same stage together at ShmooCon, renderman and i give a funny and informative presentation about lockpicking using much of my traditional material as well as a whole load of new content that my favorite Canadian demonstrates. In addition to his all-around general badassery, renderman even opened up a locked safe on stage... one that he had never seen before and was simply given by an audience member. That took fucking balls. |
 |
Lockpicking
& Physical Security My first major con presentation. Technically, i gave my first talk ever at ShmooCon earlier in the year, but it was in the super early morning slot on Sunday and only about 50 to 100 people attended that short session. This talk at DC13 ran for over three hours and was one of my best times ever on a stage. I covered more material in this presentation than you'll see in any other video. Nowadays, much of this content is only discussed in my private training sessions which cost a some serious money to attend. |
 |
What
The Bump One of the first presentations to address the issue of bump keying, Barry & Han give a wonderful summary of this exploit and the many ways in which it can be attempted as well as mitigated. |
 |
Physical
Security - The Good, the Bad, and the Ugly A terrific presentation at CCC by Barry & Mark, two of the world's best and also most intelligent security testers, this talk covers loads of content concerning how to keep unauthorized people out of your facilities. |
 |
Lockpicking
& Physical Security This is the talk that started it all for so many people. A packed room, a popular con, and a wonderful multimedia setup made for one of the most talked-about events that hacker cons had seen in a while. While lockpicking had always been an aspect of the hacker culture, this talk (in my opinion) is what really thrust it into the forefront for a whole new generation of folk. |
 |
Lockpicking One of the first popular and talked-about lockpicking presentations of which i am aware, this was a great addition to the H2K schedule... and it was, possibly, the first time that our friends from across the pond came to the US and totally blew the doors off of a room with their wonderful and informative presentation style. |
