Physical Penetration Testing (Introduction)

The CORE Group july 23-24


Ends February 1


Ends June 1


Ends July 20


July 21-24


Physical security is an oft-overlooked component of data and system security in the technology world. While frequently forgotten, it is no less critical than timely patches, appropriate password policies, and proper user permissions. You can have the most hardened servers and network but that doesn't make the slightest difference if someone can gain direct access to a keyboard or, worse yet, march your hardware right out the door.

Those who attend this session will leave with a full awareness of how to best protect buildings and grounds from unauthorized access, as well as how to compromise most existing physical security in order to gain access themselves. Attendees will not only learn how to distinguish good locks and access control from poor ones, but will also become well-versed in picking and bypassing many of the most common locks used in North America in order to assess their own company's security posture or to augment their career as a penetration tester.

Who should attend

Penetration testers, security auditors, IT professionals responsible for infrastructure oversight

Student Requirements

This course begins at the complete novice level, no prior knowledge of lockpicking is necessary

Students will be introduced to the scripting capabilities of Ida Pro, including the use of IdaPython as well as IDA's plugin architecture. The course concludes with coverage of IDA's debugger. Throughout the course students will be presented with techniques for dealing with statically linked, stripped, and obfuscated binaries.


Only yourself. If you have any lockpicking tools, that's fineā€¦ but tools and practice locks will be provided


We provide a full kit of tools and instructional locks. The students are allowed to keep all such materials after the course concludes.


Deviant Ollam: While paying the bills as a security auditor and penetration testing consultant with his company, The CORE Group, Deviant Ollam is also member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers. His debut book "Practical Lock Picking" became one of Syngress Publishing's best-selling titles. At multiple annual security conferences Deviant Ollam runs the Lockpicking Village workshop area, and he has conducted physical security training sessions at Black Hat, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, CanSecWest, ekoparty, and the United States Military Academy at West Point.

Babak Javadi is a noted member of the physical security community, well-recognized among both professional circles (due to the work of his consulting firm, The CORE Group) as well as in the hacker world (as the President of TOOOL, The Open Organisation Of Lockpickers.) His first foray into the world of physical security was in the third grade, where he was sent to detention for showing another student how to disassemble the doorknob on the classroom supply closet. Babak is an integral part of the numerous lockpicking workshops, training sessions, and games that are seen at annual events like DEFCON, ShmooCon, DeepSec, NotACon, QuahogCon, HOPE, and Maker Faires across the country. He likes spicy food and lead-free small arms ammunition.