Deviant Ollam, a physical penetration specialist with over a decade of experience in lockpicking and covert entry, shares thrilling tales from his high-stakes profession. He recounts a bold bank heist in Antwerp, drawing parallels between heists and storytelling. Listeners will be captivated by humorous anecdotes of navigating security systems, including an elevator escapade that showcases his quick thinking. Ollam also highlights the intricate dance of social engineering in security testing, emphasizing the need for awareness in everyday security practices.
The Antwerp diamond heist demonstrated the importance of securing not just the vault door, but also the walls surrounding it.
Physical penetration testing requires a unique skillset and deep understanding of locks, doors, and security measures.
Elevators pose significant security risks that can be exploited through techniques like exploiting magnetic locks and triggering motion sensors.
The engagement at the highly secure facility highlighted the importance of defending in depth and conducting regular red teaming exercises.
Deep dives
Accessing the Vault through a Concrete Wall
In a daring heist in Antwerp's diamond trading district, criminals drilled through a six to eight-foot thick concrete wall to access a bank vault. They crawled through the bore holes and spent an entire weekend inside the vault, robbing the bank undetected. This event highlighted the importance of securing not just the vault door, but also the walls surrounding it.
Physical Penetration Testing and Lock Picking
Deviant, a physical penetration specialist, shares his journey into the world of lock picking and physical security testing. With years of experience, Deviant has mastered the art of bypassing locks and breaking into buildings. He emphasizes the importance of specialization and the unique skillset required for physical penetration testing, which includes a deep understanding of locks, doors, and security measures.
Elevator Hacking and Exploits
Deviant highlights the vulnerabilities and exploits associated with elevators in a captivating talk at a hacker conference. He discusses different techniques to gain unauthorized access, such as exploiting magnetic locks and triggering motion sensors to unlock doors. His insights shed light on the often overlooked security risks associated with elevators and the need to assess and strengthen their security.
Testing Security in Small Town America
Deviant recounts a challenging penetration testing job in a small town company. Despite the tight-knit community and close-knit company culture, the team successfully demonstrated access to sensitive equipment and areas. Their plan involved compromising card readers and replicating employee badges to gain entry. They managed to navigate the situation gracefully, using storytelling and attention to detail to convince suspicious individuals of their legitimacy.
Infiltrating a Secure Facility
Deviant and his team successfully infiltrated a highly secure facility by tailgating behind employees and exploiting weaknesses in access control systems. They conducted thorough surveillance and used social engineering to gain entry into sensitive areas. They managed to evade detection and set off alarms to test the response of security personnel. The engagement showcased the importance of defending in depth and revealed areas for improvement in the facility's security measures.
Pushing the Limits of Security
Deviant and his team pushed the limits of security by attempting increasingly bold tactics, such as propping doors open and drilling locks. They tested the response of the guards and the effectiveness of security systems. Despite causing alarm and confusion, they were not apprehended and were even mistaken for authorized personnel. This emphasized the need for more vigilant and proactive security measures.
Lessons Learned and Building Stronger Defenses
The engagement provided valuable insights for the facility's security team, highlighting the importance of regular red teaming exercises. The collaboration between the red team and security personnel allowed for immediate identification of vulnerabilities and the chance to strengthen defenses. By embracing a culture of continuous improvement and investing in employee training and awareness, the facility aimed to enhance its security posture.
Deviant Ollam is a physical penetration specialist. That means he’s paid to break into buildings to see if the building is secure or not. He has done this for a long time and has a lot of tricks up his sleeve to get into buildings. In this episode we hear 3 stories of him breaking into buildings for a living.
You can find more about Deviant on the following sites:
https://twitter.com/deviantollam
https://www.instagram.com/deviantollam
https://youtube.com/deviantollam
https://defcon.social/@deviantollam
https://deviating.net/
Sponsors
Support for this show comes from ThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthen your infrastructure from the ground up with a zero trust posture. ThreatLocker’s Allowlisting gives you a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level. Learn more at www.threatlocker.com.
This show is sponsored by Packetlabs. They’ve created the Penetration Testing Buyer’s guide - a comprehensive resource that will help you plan, scope, and execute your Penetration Testing projects. Inside, you’ll find valuable information on frameworks, standards, methodologies, cost factors, reporting options, and what to look for in a provider. https://guide.packetlabs.net/.
Support for this show comes from Drata. Drata streamlines your SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR & many other compliance frameworks, and provides 24-hour continuous control monitoring so you focus on scaling securely. Listeners of Darknet Diaries can get 10% off Drata and waived implementation fees at drata.com/darknetdiaries.
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
