Day #1: My Physical Hacking Experience in Brian Harris’ Covert Access Specialist Training

I wrote this review to give more awareness to people who see physical hacking as a mystery since very few detailed reviews are seen online. In here, I will discuss some of my experience that I had with the covert access training from Brian Harris that is currently ongoing in Denmark this August 5–9, 2024 and some overview of what kind of practical hacking techniques you will encounter and of course, at the last day, to tell you some of the story of our exciting physical penetration test in a real organization.

Here’s their training page: https://www.covertaccessteam.com/

Photo taken by Covert Access Team and we are not this team, I just don’t have a team picture yet with them, (maybe on our last day though :D )

Day #1:

In here, there is a strong emphasis that this physical hacking training will go beyond the typical tailgating, flipper and good luck. I felt this thing right on the day one. The structure of the day one is like this:

1. Fundamental Theories
   - In here, it helps me know what to expect in a physical pentest engagement and what to do in certain situations. These things are very important since it will save you in a lot of bad situations that can happen within your engagement.
2. Locks, locks, locks!!!
   - We actually bypassed lots of locks in day one! We tackled a lot from normal to highly secured padlocks that we use everyday to key boxes that we usually use in AirBnB’s and other places to combination locks, tubular locks, word locks, wafer locks, cross locks, cabinet locks, elevator bypass, old car key bypass, telephony boxes, construction equipment, TSA locks and many more!

Some of my personal pictures I took when I am doing the lock picking

Photo taken by Covert Access Team just for me to emphasize the other locks that I didn’t took a picture of that we also interestingly hacked in Day One!

This little guy here are the ones you see mostly in the movies where a certain agent goes in and insert this into a lock and in few minutes, they are unlocked! This tool is being used in what they call “Kinetic Attacks”.

These are the ones we used to disassemble and assemble locks and know the inner workings of it. I sucked at this section but hey this is still day one! haha

This type of attack is my favorite one since some of the locks that we are picking for minutes can be unlock by this method in few seconds which is amazing :)

This is the second favorite of mine since I don’t have to pick it but mostly feel it which I like more.

What I like about these training is its practicality where most of the time we are just there picking locks all the time, again and again. The trainer, Brian, allows us also to do multitasking where while we are looking and listening to him regarding the fundamental theories, experiences, tips and tricks that he has for a certain lock, our hands is moving on its own doing the hacking of locks again and again. Doing these things helped us saved time and get quicker in hacking numerous locks even the locks that I didn’t even know exist!

Conclusion for Day #1:

From zero knowledge in physical hacking, I gained a lot in day one! From this day, the trainer clearly gives us some glimpse of what will happen in the last day where we will do our realistic physical hacking in a real organization by asking the right questions to ourselves like, “is this lock worth hacking for?” or “what’s the easiest way to bypass a certain lock?”. For now, most of those ideas revolve with locks but in the next days, we will be moving forward and add to our strategies the topics like bypassing alarm systems, planting bugs, social engineering and mission planning.

Exciting time!!!