Skip to content

Repository containing useful links for all things Physical Security. Please contribute!

License

Notifications You must be signed in to change notification settings

LiveGray/awesome-physec

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Awesome PhySec Awesome

Repository containing useful links for all things Physical Security.

alt text

💻 Videos & Conference Presentations

The following videos and conference talks contain information that can land you in serious trouble. These are provided for education purposes only.

Video Description
A to Z of B & E: Part 1 Part 1 of an 80's tactical entry tutorial for first responders.
A to Z of B & E: Part 2 Part 2 of an 80's tactical entry tutorial for first responders.
Travelers Hook in Action Demonstration of the most useful tool you can carry; the travelers hook!
Copying Keys from Photos and More! Conference talk about key duplication from pictures and imprinting.
Distinguishing Lockpicks Fascinating talk on use-cases for varius lockpicks.
A Hackers Guide to Physical Access Conference talk full of useful information on physical penetration testing.
I'll Let Myself In Must watch conference talk from Deviant Ollam.
The Search For the Perfect Door Another must watch from Deviant Ollam.
The Silver Tongue vs the Iron Fist Deviant Ollam on the wonders of Social Engineering.
Breaking in BAD Useful onference talk on physical security.

Useful Disguises

Warning

It is unlawful, and unethical to impersonate police, fire rescue, emt, military, or medical personnel. Unless otherwise specified by the client within the SOW, these can land you in serious trouble.

Idea Description
Fire Extinguisher Technician Many oragnizations don't inform their employees about such maintenence. If the target is wise to the trick, simply mention you are auditing someone elses previous work.
ISP Technician Internet problems happen... be there to help!
Building Security Helps when recon reveals this information ahead of time. Act as a new employee. Unless you encounter the real deal, no one will know!
Lighting Technician Walk in, and just start counting the lights on the ceiling. Look for ones that are out. Once complete, begin ruse with situation encounters.
HVAC Technician Similar to the above.
Resume Guy If the ruse requires you to test whether or not the company follows their "No Outside USB's" policy, spill some coffee on a resume. Bring it in and ask real real nice if they will print a new one you have conveniently accesible. You might get lucky.
Locksmith This one is difficult, but can sometimes pay off in a less modern setting. Mention being new to the area, and offer a free inspection to drum up new business.
An Old Friend If OSINT provides enough information to fake a relationship, do so. Mention previous experiences doing whatever you are doing, or that so an so has authorized it. Works especially well when the selected "friend" is out of the office so it seems a plan was miscommunicate. Maybe...

🧰 Recommended Backpack - Everki Titan

The aforementioned backpack successfully fits all of the following (30+ lbs including laptop):

Item Description
HackRF One & Porta-pack One Wide-band software defined radio that always comes in handy.
Parani UD-100 Long-range bluetooth dongle that works upto 300 meters.
Proxmark V3 RDV2 Badge cloner
Wifi Pineapple Nano Evil access point and so much more!
USB Endoscope/Boroscope Camera on a cable that goes under doors, around corners, etc.
Alfa Card Powerful wifi dongle
TL-WN722N x2 Burner wifi dongles.
RJ-45 -> USB adapter RJ-45 to USB adapter for when an extra connection is needed.
TL-WR802N Router Compact travel router useful for myriad tasks.
D-Link Go 5-port Gb Switch Un-managed switch with endless uses.
Pi Zero (Poisontap) HID mimicing autopwn device built from an Raspberry Pi Zero W
Cat-6 Cable Self-explanatory
Usb-C Cables Self-explanatory
USB Adapters Self-explanatory
Performance Tool W9041 Micro Bit Set Compact hardware and repair toolkit
Mechanix Wear - Impact Gloves Keep your hands safe while dumpster diving!
Sparrows - Under the Door Tool Useful for breaching locked doors if there is adequate space.
Thumb Turn Flipper Tool Bypass deadbolts on double-doors.
300lb. Air Shim Useful for creating space in combination with the above two tools.
Lockmall 81 Piece Lockpick Set Robust, compact lockpick set with all the essentials.
Green Laser Pointer Great distraction, and can be used to blind cameras on 2+ person operations.
Flashlights x2 Self-explanatory
Sparrow Dimple Lockpick Set High-quality pick set meant for dimple locks.
Southord 14 Piece Lockpick Set Best pocket lockpick set for the money.
3 Piece Tubular Lockpick Set Tubular lockpick set for bypassing desks, file cabinets, vending machines, etc.
Firefighter tool Emergency responder entry tool
American Bypass Tool Padlock bypass tool.
Feather Tension Wrench High-sensitivity tension wrench.
Extra Tension Wrenches Make sure to carry various shapes and sizes.
Electric Trimmer Wire Used like travelers hook when there is a guard plate.
Mika Shims Credit card trick without ruining your own cards!
Measuring Tape Self-explanatory
Electrical Tape Self-explanatory
Thermal Blanket Can be used to walk right past infared cameras.
TSA compliant multi-tool Self-explanatory
Badge Holder Always helps to have a badge holder if employing custom badges.
Custom ID Badges Adds a layer of legitimacy if guised as a technician, or anything else!
Pilot G2 Pens The best pens ever. You won't regret it!
Pencil Self-explanatory
Notebook Paper always comes in handy
Clipboard Self-explanatory

🔑Keyring

:trollface: Example Badges

Intentionally made so you can see examples, but still have to do your own legwork. alt text

📄 Legal Documents

The following repository contains useful document templates to help with the verbiage necessary to make things legal. All credit goes to the person behind the following:

Legal Documents

🔒 Lockpicking

The following github repository contains an awesome list of all things lockpicking.

Check it out for specific information in that domain.

Awesome-lockpicking

🧙 Social Engineering

The following github repository contains an awesome list of all things social engineering.

Check it out for specific information in that domain.

Awesome-Social-Engineering

👁️ OSINT

The following github repository contains an awesome list of all things OSINT

Check it out for specific information in that domain.

Awesome-OSINT

🏴‍☠️ Contributing

Please contribute if you have more suggestions! My experience is too limited to be truly comprehensive. It takes a lockpicking village.