What to bring:

Only yourself! If you have your own lockpicks, you are welcome to bring them, but this is not necessary. A set of lockpicking tools will be provided to you as part of the course.

Black Hat USA 2010 Weekday Training Session

July 24 - 27

Physical Penetration Testing: From Beginner to Expert

Deviant Ollam

Register Button

Listen to what previous Black Hat Attendees said about this training:

  • “Physical Security is a topic that's overlooked and this class was great”
  • “Everything was excellent”
  • “This topic is an excellent addition”
  • “It was awesome”
"" "" "" ""


Physical security is an oft-overlooked component of data and system security in the technology world. While frequently forgotten, it is no less critical than timely patches, appropriate password policies, and proper user permissions. You can have the most hardened servers and network but that doesn't make the slightest difference if someone can gain direct access to a keyboard or, worse yet, march your hardware right out the door.


This class will cover:

  • The Basic Pin Tumbler Design - 90% of your doors are unsafe
  • Combination Locks - open in 30 seconds with a beer can, or in 10 minutes with no tools at all
  • Warded Lock Bypassing - yes, skeleton keys DO exist.
  • Tubular Lock Picking - does your elevator restrict access to specific floors? Think again.
  • Wafer Locks - is there anything of value in your desks, access panels, & cars?
  • Handcuffs & Gun Locks - physical security at its most basic.
  • Bump Keying - the newly-publicized threat... who is addressing it and who is only paying lip service.
  • Picking High Security Pins - with a steady hand, this is possible. You will learn how.
  • Advanced Sidebar Functionality - how PROPER high-security locks function.
  • Concerns for Large Institutions - master keying, fire codes, and emergency access... comply with the law without sacrificing security.
  • Electronic Locks - just because there are wires and circuits doesn't mean there's security.
  • Electronic Access Control Systems - how to tell a robust and strong RFID/Prox/SmartCard HID system from a poor one.
  • Infrastructure Security - augmenting your physical locks and access controls with proper building design.
  • Forensics After a Break-In - don't make mistakes that can result in denial of thousands in insurance coverage.
  • Cost/Benefit Analysis - make certain that your spending is rational and justifiable.
  • Acquiring Your Own Tools - we'll give you a starter kit in this course, but in case you want additional tools, we will also cover the best (and most economical) sources for hardware.

You'll Learn:

Those who attend this session will leave with a full awareness of how to best protect buildings and grounds from unauthorized access. Attendees will not only learn how to distinguish good locks and access control from poor ones, but will also become well-versed in picking and bypassing many of the most common locks used in North America... convince management that a new investment is necessary by showing them yourself how the server room door can be opened without a key in under a minute!

Prerequisites / Required Materials:

None. If you have your own lockpicks, you are welcome to bring them, but this is not necessary. A set of lockpicking tools will be provided to you as part of the course.

Course Length: Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered.


Deviant Ollam

While paying the bills as a network engineer and security consultant, Deviant Ollam's first and strongest love has always been teaching. A graduate of the New Jersey Institute of Technology's "Science, Technology, & Society" program, he is always fascinated by the interplay that connects human values and social trends to developments in the technical world. A fanatical supporter of First Amendment rights who believes that the best way to increase security is to publicly disclose vulnerabilities, Deviant has given lockpick demonstrations at ShmooCon, DefCon, HOPE, HackCon, HackInTheBox, and the United States Military Academy at West Point.

Register Button

Super Early:
Ends Apr 1
Ends May 15

Ends Jun 15

Ends Jul 23