Reddit reviews Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks
We found 6 Reddit comments about Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks. Here are the top ones, ranked by their Reddit score.
Wow, 24 hours and no replies?!
Fine, you know what? FUCK IT!
Alright, first off - While you can concentrate on physical, understanding the basics of the digital side of things will make you more valuable, and arguably more effective. I'll take this opportunity to point you at Metasploit and tell you to atleast spend an hour or so each week working to understand it. I'm not saying you have to know it backwards or inside-out, just get a basic understanding.
But you said you want to go down the physical path, so fuck all that bullshit I said before, ignore it if you want, I don't care. It's just a suggestion.
Do you pick locks? Why not? Come on over to /r/Lockpicking and read the stickied post at the top. Buy a lockpick set. You're just starting so you can go a little crazy, or be conservative. Get some locks (Don't pick locks you rely on!) at a store, and learn the basics of how to pick.
Your fingers will get sore. Time to put down the picks and start reading:
That reading list right there gives you over 2000 pages to read. Read. Read More.
Tired of Reading? Have you been listening to the Social-Engineer.org Podcasts? 53 quality podcasts right there. Time to catch up!
Tired of listening? Take a break! And by "Take a break" I mean grab your lockpicks, a lock, and start picking while you relax with a Jayson Street video. He's fun to watch, and will hopefully distract you while you try picking a lock. Also, he highlights how you don't have to be a computer-genius to be good at PenTesting. Go watch more of his videos while you pick locks - It's entertaining at least, and informative/educational at best. Now go watch Deviant Ollam's videos if you're done with Jayson Street.
Sounds like a lot? It's not. You'll spend a bit of money getting started with picks, locks, and books. It's the nature of the game, no good way around it. It's time-consuming. You may have to give up playing your favourite games for a while. But the things you learn and skills you develop will pay more than that game did. By the time you're halfway through any one of those books you'll have a much better idea of what questions you want or need to ask in order to progress further and faster every day.
Go to Security Cons. DerbyCon is awesome, and happens in late September, plenty of time to start saving money and making reservations. Talk to people, ask questions, and make connections. You will learn more in those 4 days than some people learn in months or years and you'll have tons of fun.
If you can swing it, attend Deviant Ollam's "Physical Security Skills for Penetration Testers" class. The things you will learn in that class will make it worth every damned penny, and you'll feel like a bad-ass at the end of it.
Is this what you wanted?
There's some older stuff, too!
Shoes and I gave a talk in 2010 that focused specifically on ways to attacks locks just with key blanks and non-working keys. The first 20 minutes focuses on features of keys, photography, molding, casting, and other related topics.
Deviant's second book Keys to the Kingdom (2012) focused on procedures for many key/blank-based attacks, as well.
There is a ton of info in the sidebar. The wiki is your friend on free materials.
I highly recommend Lockpicking - Detail Overkill. The Author /u/derpserf used to poke his head in this sub a while back. Really in depth shit. (he would want me to use an expletive)
As far as printed media, I am a huge fan of Deviant Ollam. (Disclaimer: I have hung out with him at Defcon and have a bit of a man crush). He is a super nice guy who is very passionate about teaching what he loves to do. His two books (one about [picking and how locks operate(http://www.amazon.com/Practical-Lock-Picking-Second-Edition/dp/1597499897) and another on impressioning & bypass methods) are awesome.
Hope that helps.
Edit: added links
From this Amazon listing stating "Publication Date: October 8, 2012", and talking with Deviant on Twitter.
This, his second book (on bypassing locks WITH a key) on "the topics of impressioning, master key escalation, skeleton keys, and bumping attacks", also comes out shortly.
These books combined with the eBooks / resources in the stickied post will keep you busy for the next 10 years or so.
http://www.amazon.com/Keys-Kingdom-Impressioning-Privilege-Escalation/dp/1597499838/ref=la_B005TCK66M_1_2?s=books&ie=UTF8&qid=1410827606&sr=1-2
See this link. What you are talking about is privilege escalation. Attack the key, own the lock.