Reddit Reddit reviews Practical Lock Picking: A Physical Penetration Tester's Training Guide

We found 18 Reddit comments about Practical Lock Picking: A Physical Penetration Tester's Training Guide. Here are the top ones, ranked by their Reddit score.

Business & Money
Books
Information Management
Business Management & Leadership
Practical Lock Picking: A Physical Penetration Tester's Training Guide
Syngress Publishing
Check price on Amazon

18 Reddit comments about Practical Lock Picking: A Physical Penetration Tester's Training Guide:

u/MrAristo · 26 pointsr/realsocialengineering

Wow, 24 hours and no replies?!

Fine, you know what? FUCK IT!

Alright, first off - While you can concentrate on physical, understanding the basics of the digital side of things will make you more valuable, and arguably more effective. I'll take this opportunity to point you at Metasploit and tell you to atleast spend an hour or so each week working to understand it. I'm not saying you have to know it backwards or inside-out, just get a basic understanding.

But you said you want to go down the physical path, so fuck all that bullshit I said before, ignore it if you want, I don't care. It's just a suggestion.

Do you pick locks? Why not? Come on over to /r/Lockpicking and read the stickied post at the top. Buy a lockpick set. You're just starting so you can go a little crazy, or be conservative. Get some locks (Don't pick locks you rely on!) at a store, and learn the basics of how to pick.

Your fingers will get sore. Time to put down the picks and start reading:

u/CuriousLockPicker · 13 pointsr/lockpicking

Random thoughts:

  1. Some locks require 3 tools to open: a pick, a tension tool, and lock lubricant.
  2. Thinner picks (<0.025") are not exclusively for Euro cylinders. They're useful for American locks, too.
  3. TOK tension tools should fit perfectly, especially if you're picking dead cores. I struggled with Master 570 and Master 410 until I filed down a Sparrows Heavy Bar for each.
  4. This book misled me, and made me believe that pins are set by lifting the entire pick upward. It took me a while to realize that it's easier to set pins by levering your pick off warding or another part of the lock.
  5. For some reason, it took me 2-3 months to learn that over lifting pins is detrimental =/
  6. Finally, I wish that I had gotten less angry while learning. My mood was ruined dozens of times because I couldn't pick a lock. I wish that I had believed in myself and taken it easy.
u/norwoodgolf · 7 pointsr/lockpicking

Deviant Ollam has a great book that explains everything.

http://www.amazon.com/Practical-Lock-Picking-Second-Edition/dp/1597499897/

u/wraith303 · 5 pointsr/lockpicking

Either this or this make a good starter set.

For books, I highly recommend Practical Lockpicking; Deviant Ollam. Read that cover to cover, and you'll have a strong foundation to start on.

If you want a good re-keyable practice lock, I like this one, personally. Get the 6 pin, non-cutaway, Kwik-set version.

u/LarenF3D5 · 3 pointsr/lockpicking

You can get a really basic pick set from a site like SouthOrd.

My first set was their Pagoda set: http://www.southord.com/Lock-Pick-Tools/Lock-Pick-Set-Pagoda-Metal-Handles-BPXS-12.html

What that made me realize was at my skill level I only really use the short hook and S-rake.

Beyond that I was having issues getting my head around the theory of the inner workings, even with the videos available. I tend to learn really well academically so I picked up "Practical Lock Picking": https://smile.amazon.com/Practical-Lock-Picking-Second-Penetration/dp/1597499897/ref=sr_1_1?ie=UTF8&qid=1501560843&sr=8-1&keywords=practical+lock+picking

From there I picked up a few padlocks at garage sales, then ordered some specifically tiered towards the belt ranking setup here, and I've found them very progressive and enjoyable.

I actually reached out to some friends about 3D printing gear so I can do tear downs (I've got my Master 931 picked pretty well, I just need to tear it down for my next rank and don't want to lose everything).

Spend what you're comfortable spending (you wont be pick bound for fun or skill initially, at least I haven't been thus far), and follow the progression theories posted here, they've done really well by me.

Most importantly:
Don't fiddle with locks that aren't yours, even if you start realizing how much of the world is barred merely by a Master No3.

Don't fiddle with locks that you rely on for protection.

If you plan on carrying around gear verify your local laws.

Good luck and have fun, I'm really enjoying it so far.

u/Sideonecincy · 3 pointsr/sysadmin
u/wat_waterson · 2 pointsr/lockpicking

Honestly, this book is a bit basic. I bought it a few weeks ago on RiftRecon's site because it was only $14 and I wanted to see if I was missing a technique or tactic. I wasn't. It's really meant to supplement their red team kit and comes across as such.

That being said, if you are unfamiliar with alternative entry techniques beyond lockpicking, it could be worth it, though Deviant Ollam's book is just a tad over double the amount for this little book and covers some other entry techniques besides lockpicking. http://www.amazon.com/gp/aw/d/1597499897/ref=mp_s_a_1_1?qid=1395334556&sr=8-1&pi=SY200_QL40

u/pancaaakes · 2 pointsr/EDC

I would recommend picking Master locks to start - Like this They're ridiculously easy to pick, and you'll be able to get a good handle on manipulating single pins and even basic raking.

ITS Tactical generally has some pretty informative posts on lock picking/locksport from time to time. I would recommend these to get started:

u/notonredditatwork · 2 pointsr/lockpicking

His book looks pretty good too. (I haven't read it, but I've heard from others that it's very helpful, explains things in plain english, and is pretty humorous, which makes sense if you've ever met him or listened to one of his talks):
http://www.amazon.com/Practical-Lock-Picking-Second-Edition/dp/1597499897/ref=sr_1_3?ie=UTF8&qid=1345646056&sr=8-3&keywords=deviant+ollam

u/onionsman · 2 pointsr/lockpicking

There is a ton of info in the sidebar. The wiki is your friend on free materials.

I highly recommend Lockpicking - Detail Overkill. The Author /u/derpserf used to poke his head in this sub a while back. Really in depth shit. (he would want me to use an expletive)

As far as printed media, I am a huge fan of Deviant Ollam. (Disclaimer: I have hung out with him at Defcon and have a bit of a man crush). He is a super nice guy who is very passionate about teaching what he loves to do. His two books (one about [picking and how locks operate(http://www.amazon.com/Practical-Lock-Picking-Second-Edition/dp/1597499897) and another on impressioning & bypass methods) are awesome.

Hope that helps.

Edit: added links

u/slickwillytfcf · 2 pointsr/lockpicking

This one was mentioned in another post a week or so ago: https://www.amazon.com/Practical-Lock-Picking-Second-Penetration/dp/1597499897.

SouthOrd offers one called Easy Pickings with a few of their sets too. I've seen that one and it gives a very basic overview of locks and techniques to pick them. Much less information than can be found in the PDFs.

u/dadoftwins71309 · 2 pointsr/lockpicking

From this Amazon listing stating "Publication Date: October 8, 2012", and talking with Deviant on Twitter.

This, his second book (on bypassing locks WITH a key) on "the topics of impressioning, master key escalation, skeleton keys, and bumping attacks", also comes out shortly.

u/darksim905 · 2 pointsr/lockpicking
u/IamTheGorf · 1 pointr/lockpicking

After your picks,here is your next purchase :)

Practical Lock Picking, Second Edition: A Physical Penetration Tester's Training Guide https://www.amazon.com/dp/1597499897/ref=cm_sw_r_awd_6qXLub1VB4HEA

u/Vetches1 · 1 pointr/cscareerquestions

> Fully patched. For Linux, this means the latest version of the kernel and the latest version of all critical software (e.g. web browsers, FTP, SSH, etc.)

So you make sure to update your device before entering the con? Is that because hackers have found exploitations in previous versions?

> The certificate allows you to do two things: 1.) authenticate the network, so you know for sure that you're on the network you think you are, talking to the router/access point you expect. 2.) Exchange a cryptographic key with that endpoint to ensure that all of your communications are free from tampering and eavesdropping. Key exchange mechanisms and certificate validation are huge topics. If you're interested, a good (though heavy) text to start with would be Schneier's "Applied Cryptography". There are also a number of good introduction to crypto courses, most of which will cover key exchange and cert authentication, available on Coursera and other online lecture sites.

That makes sense! So it's a security blanket for your device to make sure you're not on an unsafe network where who knows what could happen.

I did learn a bit about cryptography and cert/key exchange mechanisms in an AP computer science class, but forgot most of it, haha.

Is Applied Cryptography meant for those who already have a background/knowledge in cryptography?

> If this leads to binding while a tool is in there, then it can be a bad time. Your tools can also sometimes bend or break small springs or other internals on certain kinds of locks.

Gotcha, definitely gonna use clear locks first so I can at least get a feel for when something is mucking up.

> Other good beginner guides: I like Deviant Ollam's "Practical Lockpicking": https://www.amazon.com/Practical-Lock-Picking-Second-Penetration/dp/1597499897/

> The MIT Lockpicking Guide is also pretty good (available free online).

I'm curious, do these do a good job of both explaining the mechanisms behind the locks, terminology, and how to pick a lock for beginners? I just want to make sure before I start reading them (or at least when I do start reading them).

> Other than that, if you can get old locksmithing manuals or references, they can really help fill in knowledge once you get the basics. New ones are HEINOUSLY expensive (the economics of rare, valuable knowledge get super weird),

I think I have one locksmith nearby me, so I might stop by and see what they have lying around.

Is there a reason new ones are notoriously expensive?

> Hacking is a huge topic and means different things to different people. It has a huge number of specialties, so it's hard to get a start sometimes. It also helps to learn by doing. Hackers often develop their skills by doing wargames and "CTFs" that pose hacking related problems. A couple of good intro ones are OverTheWire (especially the "Bandit" set of problems) and HackThisSite.

So would these websites introduce me to the world of online/computer hacking (apologies if that's the wrong terminology)? I'm somewhat spoiled/misguided by media sources like Mr. Robot, so I don't know what's true and what's fictitious/common in today's world.

> Expect that when you're starting out, you won't know a lot. Google is your friend. Other hackers are your friend. Most of the WarGame sites have IRC channels, so you can ask questions and get help.

If you don't know the answer to this, totally understandable: are most hackers willing to help out new-to-the-scene hackers? I know some communities (not related to hacking, but in general) are very quick to judge and ridicule newcomers to the scene.

> There's also some introduction courses, but be wary of any of them that aren't oriented to hands-on doing. Hacking is about messing with things and breaking them in creative ways. Watching a lecture about hacking is a little bit like reading a recipe when you're hungry: a good start, but it won't do you much good unless you act on it.

Knowing me, watching a lecture wouldn't be the worst thing in the world. I'm fine with watching and learning concepts as long as it's interesting, y'know?

> Where you can, try stuff out that you see (learn how to set up a virtual machine to play with so that when you break your box (and you will, if you're doing it right) you can just restore and not actually lose anything important.) Over time you'll learn more. If there's a particular area you get interested in, ask other hackers that you know or people you've met how to learn more.

I do have a Virtual Box set up for both Linux and Windows 7 (I think), so luckily I already have a playpen set up. I just hope that I can find some way of starting out hacking, since it does seem fun.

> It's too chaotic and creative and fast-moving, so you really have to find your own way in it. As a result, hackers (the decent ones anyway) tend to be pretty good about helping each other out.

When you mean chaotic and fast-moving, do you mean that there's always new techniques and ideas coming out? I'm always a little nervous to step into a fast-moving scene in fear of focusing too much on something that has the potential to be outdated by the time I've finished learning it, y'know?

> And if/when you fall down the rabbit hole and learn a bunch and someone else is looking for more information and comes to you with questions, then it'll be your turn to help them out.

That'll be the day; I'd love to help someone in the future who's in my shoes today.

u/rublind · 1 pointr/gifs

I believe this might be from, or related to "Practical Lock Picking" by Deviant Olam.

Edit: Amazon

u/cybergibbons · 1 pointr/WhatsInThisThing
u/TheTarquin · 1 pointr/cscareerquestions

> When you mean fully patched, do you mean fully updated, fully protected, or something else?

Fully patched. For Linux, this means the latest version of the kernel and the latest version of all critical software (e.g. web browsers, FTP, SSH, etc.)

> So DefCon, in laymen's terms, gives you a cert that allows you to protect yourself from people messing with your traffic and eavesdropping (through microphones and cameras?), and lets you use the secured wifi? This sounds super interesting, but I have no clue how any of it works, haha.

The certificate allows you to do two things: 1.) authenticate the network, so you know for sure that you're on the network you think you are, talking to the router/access point you expect. 2.) Exchange a cryptographic key with that endpoint to ensure that all of your communications are free from tampering and eavesdropping. Key exchange mechanisms and certificate validation are huge topics. If you're interested, a good (though heavy) text to start with would be Schneier's "Applied Cryptography". There are also a number of good introduction to crypto courses, most of which will cover key exchange and cert authentication, available on Coursera and other online lecture sites.

> Are clear-body locks commonly sold/available? If so, they sound right up my ally!

Yep. Easily available on Amazon. Here's a set of 6 different styles for <$40: https://www.amazon.com/MICG-Transparent-Practice-Training-Locksmith/dp/B01H1MM1O2/

Here's the most common kind of lock (basic pin-tumbler) in a padlock form-factor on sale for $10 right now: https://www.amazon.com/BESTOPE-Professional-Practice-Beginners-Locksmith/dp/B00UF76C1Y/

> Is it normal to have stuff fall off and start messing with the internals of the locks?

Not as such, but most lockpicking tools are steal or titanium. Very often the internals of the lock are a copper alloy of some kind which is softer. Harder metal scraping on softer metal leads to flaking and pitting. Over time, the pits lead to binding and the flakes stick in the lock body and gum up the works. So things don't just break usually, but it can mess up the lock over time. If this leads to binding while a tool is in there, then it can be a bad time. Your tools can also sometimes bend or break small springs or other internals on certain kinds of locks.

Other good beginner guides: I like Deviant Ollam's "Practical Lockpicking": https://www.amazon.com/Practical-Lock-Picking-Second-Penetration/dp/1597499897/

The MIT Lockpicking Guide is also pretty good (available free online). Other than that, if you can get old locksmithing manuals or references, they can really help fill in knowledge once you get the basics. New ones are HEINOUSLY expensive (the economics of rare, valuable knowledge get super weird), but sometimes you can find old ones for cheaper on eBay. Some people have also had lock with going-out-of-business sales for locksmiths or even just walking in and asking if they have any they'd like to get rid of. (Also sometimes works for old busted locks to practice on.) But at least in my area the locksmiths tend to sell their manuals online and junk their old locks for scrap, so I haven't personally had much luck there.

Hacking is a huge topic and means different things to different people. It has a huge number of specialties, so it's hard to get a start sometimes. It also helps to learn by doing. Hackers often develop their skills by doing wargames and "CTFs" that pose hacking related problems. A couple of good intro ones are OverTheWire (especially the "Bandit" set of problems) and HackThisSite.

http://overthewire.org/wargames/
https://www.hackthissite.org/

Expect that when you're starting out, you won't know a lot. Google is your friend. Other hackers are your friend. Most of the WarGame sites have IRC channels, so you can ask questions and get help.

There's also some introduction courses, but be wary of any of them that aren't oriented to hands-on doing. Hacking is about messing with things and breaking them in creative ways. Watching a lecture about hacking is a little bit like reading a recipe when you're hungry: a good start, but it won't do you much good unless you act on it.

A lot of the talks from hacker cons are available for free on YouTube. Search for DefCon talks and just watch a few and try and follow along. Google terms or concepts you're not familiar with. Where you can, try stuff out that you see (learn how to set up a virtual machine to play with so that when you break your box (and you will, if you're doing it right) you can just restore and not actually lose anything important.) Over time you'll learn more. If there's a particular area you get interested in, ask other hackers that you know or people you've met how to learn more.

> Before I forget, I want to thank you for all of your help. This is all really informative and great stuff, and I really appreciate taking the time to answer all of my questions!

Happy to help. I got a ton of help from random hackers when I was getting started and I still do even now. Hacking isn't like other disciplines. It's too chaotic and creative and fast-moving, so you really have to find your own way in it. As a result, hackers (the decent ones anyway) tend to be pretty good about helping each other out.

And if/when you fall down the rabbit hole and learn a bunch and someone else is looking for more information and comes to you with questions, then it'll be your turn to help them out.