Day #2: My Physical Hacking Experience in Brian Harris’ Covert Access Specialist Training

Alexis Lingad
4 min readAug 6, 2024

--

This is a continuation of my physical hacking experience with Brian Harris’s Covert Access training. If you want to read my Day #1 experience then you can read it here: https://alexislingad.medium.com/day-1-my-physical-hacking-experience-in-brian-harris-covert-access-specialist-training-5626353e5525

I am too early so I just reviewed my lockpicking skill making sure I was faster than before while waiting for the start of the Day #2.

Highlights of Day #2:

  1. Cloning Keys
  2. Bypassing of Manual and Digital Door Security
  3. Infiltrating a Target Building
  4. Elevator Fundamentals and Hacking

Cloning Keys

Photo taken by me when I’m doing the cloning of these new keys

This part is very fun and we spent half of the day practicing our key cloning skills (and by correcting our mistakes along the way). We went outside of the building and set up these things since this includes melting metals. It took most of us several times before we produced a key that is functional and can be used to unlocked the target. This looks weird with the people who passed by though since it looks like we’re cooking something we should not cook haha

Usually we put clay in the holder and then put powder in it before putting the key in the clay. This is a very important thing because without this, after you open your holder, it will just stick to the other side and you need to repeat again.

Spreading the powder within the clay

The result that I have is not that eye catchy and has some hole in it but it is a functional key that can unlock the target so it is still a win. I just need to polish the front since it has some excess melted metal in it.

Bypassing of Manual and Digital Door Security

Yesterday, we tackled about bypassing locks. Today, we tackled how we can bypass the security mechanism of most doors regardless if it is manual or a digital one.

There were lots of techniques that we’re discussed and shown but what I enjoyed the most is the used of shimming in the side and hooking the door knob under.

This is the one I used to shim the door in the sides. It seems impossible at first but once you became used to it, you will get a feel of it and became faster I guess.
Hooking under door to bypass the smart lock of the door.

Aside from those techniques, there are more that was discussed like bypassing the motion sensor, temperature sensor etc that was connected to the doors.

Infiltrating a Target Building

In here, we discussed a lot of strategies how we can get inside the target building and some of the backup plans if the original plan didn’t pan out. We discussed some social engineering tactics here and some common strategies to make our lives easier in the final real physical pentest engagement on Friday. There are part here that is too physical like climbing the wall without attracting too much of an attention to how you can tie a knot to make sure you won’t fall when climbing to the top floor or some fences. There are also some part here that is psychological like some of the common employee in a building and what they usually want to build rapport and gain information to observing some patterns to curate a more sophisticated plan for the engagement.

Elevator Fundamentals and Hacking

We literally studied about how to take advantage of the elevators in a physical pentest engagement. In here, we discussed the different kinds of fundamentals that we need to know about the elevator such as the Independent Mode that can really help us in the engagement. I remembered an experience of some other guy that there are times that they put an “Out of Order” notice sign in some elevator and make it really not functional so the hacker can make it as their office and portal within the engagement while hacking the main elevator itself to get us in a floor that is restricted and might help us gain more access for the penetration test.

Conclusion for Day #2:

I didn’t took notes today so I just put all of the things that I remembered. And as you can see, the things that I remembered are mostly the practical and demonstration ones since it sticks to my head more. The good thing about this training or this specific day is we are given a chance to do most of the things that we are discussing. That can help the students to retain more the knowledge that they gathered in this training.

--

--

Alexis Lingad

CRTO | OSWP | eCPPT | eCDFP | eWPT | CEH | Author of Cyber Defender | Creator of Hackuna Anti-Hack | WTH Hacker Games Champion 2015&2017 | alexislingad.org