Red Team Operations: Lock Picking and Physical Security

Introduction

In this article, we discuss the amazing art of lock picking, exploring the different lock types and tools that Red Teamers can use in order to make it happen. We will finally discuss a practical walk-through on how to successfully pick the famous pin tumbler lock.

Overview

Locksmiths have over the years defined lock picking as the manipulation of a lock’s components to open a lock without a key. This is an art that is practiced as a career for both locksmiths and security professionals, as well as criminal entities.

Before we explore the different types of locks and how to pick them, we’ll try to understand why one would even want to learn this skill as a Red Team member.

Why Should Red Team Members Learn How to Pick Locks?

In Red Teaming and penetration testing, physical security is generally an underappreciated area. Security professionals tend to focus more on the other affected areas such as vulnerable applications, networks and social engineering. This need not be the case, since physical security also poses a significant attack vector to many organizations.

It is due to this that picking locks is studied and implemented into the numerous multi-layered attack simulations incorporated within Red Team exercises.

Different Types of Locks and Their Common Functionality

There are many different lock types that malicious attackers and Red Teamers meet during their engagements. Locks can be classified generally into two broad categories:

Locks With Physical Keys

These locks require that a correct key be used to unlock them. Various techniques have been developed over the years and the result has been a number of implementations of locks. Let’s discuss a few:

  • Pin tumbler locks: A pin tumbler lock has a set of pins which prevent the movement of the lock unless a correct key (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Lester Obbayi. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/yfCB2mT4HIM/