1. Datagram
  2. Matt "Huxleypig" Smith
  3. Logan Woods
  4. Luca Bongiorni
  5. Roger G. Johnston, Ph.D., CPP

Speaker details

  1. hackergotchi of Datagram Datagram

    Talk The Forensics of Lockpicking

    This talk discusses Forensic Locksmithing - the art of identifying microscopic evidence of various non-destructive, covert entry techniques: lockpicking, impressioning, bumping, and more! While you may not be able to see it from the outside, almost all entry methods leave evidence inside locks that can be identified! Time permitting, we’ll also cover inspection of keys, tools, and various “anti-forensics” tools.

    datagram is a physical and digital security expert from the USA that specializes in non-destructive entry, tamper-evident technologies, penetration testing, and cyber security.
  2. hackergotchi of Matt Matt "Huxleypig" Smith

    Talk Self Impressioning; the Locks That Pick Themselves

    “Can you imagine being able to pick a lock in seconds with your eyes closed? Can you imagine doing it in a manner so easy that a small child could do it just as well as you? Now imagine doing this to the most secure locks on the planet! Locks like Evva 3KS, Abloy Protec II or Bilock? Compared to picking, conventional impressioning is a rarely used method for NDE of locks. This is because it takes a lot of skill and time to master, as well as access to the requisite key blanks. Self impressioning is impressioning with the skill and time removed. This talk will go through the theory of self impressioning as well as its practical application. As with most techniques, they are only as good as the tools and self impressioning tools are often the most intricate, beautiful works of art ever seen in the locksmithing world. We will study some of these tools, such as the Turbo Decoder (for auto locks), Magic Keys (for lever locks), the tubular lock tool (that we all own) as well as some others that I promise will be a very nice surprise!

    Matt Smith’s history in security goes back longer than he cares to remember. Starting with socially engineering access to sporting events and music festivals (The Ashes, World Cup, Glastonbury) he then got into physec from circumventing the locks on (and subsequently emptying) vending machines. After realising that there might be a legitimate future in it, he went on to work as a locksmith for several years before settling into his current role as a locktool and lock designer. Specialising in disc detainer locks, he cut his teeth by breaking Abloy Classic (after 107 years!), going onto design and make tools for the whole of the Abloy family, as well as the Silver Bullet (universal disc detainer tool). He also has designed many other tools for magnetic locks, lever locks, dimple locks, slider locks and is currently working on a universal pin tumbler decoding system. Also, Bsc (hons) Computer Science.
  3. hackergotchi of Logan Woods Logan Woods

    Talk 8 ways to get past a door

    An important part of physical security red teaming is gaining access to restricted areas. Most commonly, organisations control access using the humble door, with some sort of mechanism to prevent it from being opened by unauthorised parties. This talk will cover eight non-destructive entry techniques, from incredibly simple to rather complex, that have got the presenter past an access control door, and some ways these vulnerabilities could be mitigated

    Logan is a security consultant at Aura Information Security. With a specialisation in physical security and red teaming, a large part of his job is getting into places he shouldn’t be, ideally without anyone noticing.
  4. hackergotchi of Luca Bongiorni Luca Bongiorni

    Talk ANP Catalog: The Adversarial Ninja Playset. How To Bring Your Red Teaming Arsenal To Next Level.

    During the last few years, Red Teaming engagements got more and more popular. This trend has pushed some hackers to R&D and release new opensource devices with the intent to make PhySec operations even more interesting. Smoothing the path to new TTPs and improving some old ones. During this talk will be presented five hacking devices developed from Offensive Ninjas, for Offensive Ninjas: * WHID Injector (a wifi-enabled Rubberducky on steroids and its mobile app, that allows to remotely inject keystrokes and bypass air-gapped environments). * P4wnP1 (a wifi-enabled BashBunny on steroids that allows a wide range of attacks, ranging from air-gap bypass to NET-NTLMv2 creds theft & crack a.k.a. Windows Lockpicker). * WHID Elite (a 2G-enabled offensive device that allows a threat actor to remotely inject keystrokes, bypass air-gapped systems, conduct mousejacking attacks, do acoustic surveillance, RF replay attacks and much more). * RFID-Tool (a wifi-enabled Wiegand bus implant that can sniff & replay data in order to steal & bypass RFID access control systems). * POTAEbox (a work-in-progress multi-purpose penetration dropbox that can be dropped over the “enemy lines” and bypass .1x NAC, act rogue AP and stealthy pwn an entire corporate LAN). For each of these devices, we will go through their technical specifications and operational features. Passing, of course, through some real case scenarios where you can apply them during an Adversary Simulation. Nonetheless, will be presented also some tips for Blue-Teamers on how to detect and mitigate them.

    Luca is working as Principal Offensive Security Engineer within the AppSec Team of Bentley Systems. He is also actively involved in InfoSec where the main fields of research are: Radio Networks, Reverse Engineering, Hardware Hacking, Internet of Things and Physical Security. He also loves to share his knowledge and present some cool projects at security conferences around the globe: BlackHat Europe & USA Arsenal, TROOPERS, HackInParis, DEFCON USA, HackInBo, DEFCON Moscow, OWASP Chapters, SAS, etc. At the moment is focusing his researches on bypassing biometric access control systems, ICS Security and Air-Gapped Environments.
  5. hackergotchi of Roger G. Johnston, Ph.D., CPP Roger G. Johnston, Ph.D., CPP

    Talk Three Decades of Defeating Physical Security

    “This fast-moving talk is a summary of lessons learned (both offensively and defensively) from 3 decades of conducting vulnerability assessments and defeating a wide variety of physical security devices, systems, and programs. Attacks and countermeasures for the following will be covered: tampering-indicating seals, intrusion detection, cargo security, electronic voting machines, “indelible” voter’s ink, general election security, electronic locks, biometrics, GPS, RFIDs, tags, product tampering/counterfeiting, and drug testing kits/protocols. We will also examine some of the most common design flaws in physical security devices and systems. The talk will conclude with be a brief discussion of general problems and recommendations concerning insider threat mitigation, psychology & security, layered security, nuclear safeguards, cryptography, and security management.

    Roger G. Johnston, Ph.D., CPP is head of Right Brain Sekurity, a company devoted to security consulting, vulnerability assessments, and R&D. Roger received his Bachelor’s Degree from Carleton College in 1977, and his M.S. and Ph.D. degrees in physics from the University of Colorado in 1983. Dr. Johnston was founder and head of the Vulnerability Assessments Teams at Los Alamos National Laboratory (1985-2007) and Argonne National Laboratory (2007-2015). He has provided consulting, training, vulnerability assessments, and R&D on security for over 70 companies, NGOs, and government agencies, including IAEA, DoD, DOE/NNSA, NSF, Department of State, and intelligence agencies. He or his team have defeated over 1,200 different security devices, and developed practical countermeasures. Roger has won numerous awards for his work. He holds 10 U.S. patents, has authored more than 200 technical papers and book chapters, and has given 90+ invited talks, including 6 Keynote Addresses at national and international conferences. Dr. Johnston has frequently been interviewed for his views on security by international bloggers and journalists. He serves as editor of The Journal of Physical Security.