CC Labs

Detect alarm systems with your cellphone: LOL when dinner becomes physical security testing: https://lnkd.in/dNJVEfAh #redteam #blackteam #consolecowboys #cclabs #alarmbypass

Rex Blaster Testing.. Testing out some small canisters I can get at sporting good stores all over the country since you cant fly with compressed air containers. Seems you can get a solid 3-4 REX Blaster sprays for bypassing request to exit sensors with these 16g containers.. #redteam #blackteam #cclabs #consolecowboys #REX https://lnkd.in/eqKrZ7-8

''Open sesame'' - a real world example of access controls being pwned. Juicy ?? ?? Here is an amazing red team embedded recon example, where you can shadow a real professional looking at access controls, using a double glass door as an example. The video is PACKED with info, for such a short video - it's a damn treasure trove of useful information - tips, tricks, details and suggestions. Full vid here: https://lnkd.in/dt5Du7bj ??Suite doors - you can determine the access controls, confirm or deny assumptions while doing recon, you can then determine how to bypass them ? Here's a brief (not comprehensive) list of the things discussed on the walkthrough: ? What to look out for ?? ? Circles at the bottom of the doors, potentially thumb-turn lock on the inside ? Gap between the double doors - if there is no pole in the middle - things can be stuck through the gap ? Magnet at the top of the door - ? INSIDE: probably associated with an access control system (request to exit sensor or buttons on the inside) ''rex motion sensor'' ? OUTSIDE: keypad + intercom, propably disengages magnets on the door ? Low-tech ?? VS ?? High-tech Low-tech: ? Mess with ''rex motion sensor'' to trigger it and open the door, or door opening button on side of the door ? Listen out for a ''PIR-like click'' of the ''REX motion sensor'' being triggered may mean door is open High-tech: ? Snake Camera WiFi Borescope (https://lnkd.in/d24JPgEs) ? Use the camera to look up and see REX sensor or look down and see thumbturns or button for door release ? How do you attack and mess with a double glass door ?? ? J Tool for Thumb Turn Locks (https://lnkd.in/d6yZY37s) ? REX blaster tool: cold air can be used to trigger the ''rex motion sensor'' - an be used with little gas canisters (https://lnkd.in/dhpmWuZt) ? REX blaster canisters: can be bought at sporting good stores all over the country (can't fly with them) ? If you dont have those, can be used with a computer dust spray ? Request to exit button physical press - can potentially be pressed (reached) by a long piece of wire ? Request to exit button (RFID) - record the signal while someone presses it (Flipper?), then replay to open sesame ? If something (like a piece of plastic) can be put between the door magnets - may be easier and possible to open door from outside later on ? Can try the good old social engineering via intercom, need a pretext for why you are allowed and need to enter the building ? Useful sites to buy stuff ret team supplies: redteamtools.com Thanks to Olie B. from Console Cowboys (CC Labs) for this awesome free education! ?? Check out their YouTube channel for massively undervalued education on this and other topics: https://lnkd.in/dxHcc6Pr #cclabs #consolecowboys #redteam #blackteam #pentest

Want to Learn Physical Penetration testing? Black / Red team Live Shadowing... Assessing the Access Control System of a door while out and about today at an appointment... #consolecowboys #cclabs #accesscontrol #rex #physicalsecurity #penetrationTesting #blackteam #redteam View Video: https://lnkd.in/eQJjE8Cx

?? Black Teaming – A Rare Behind-the-Scenes Look at Real-World Recon Most security teams focus on firewalls, policies, and compliance… but what happens when an attacker isn’t behind a keyboard—but already inside your building? ???? That’s where Black Teaming comes in—taking Red Teaming to the next level by testing physical security, embedded systems, and real-world attack surfaces. ?? My good friend Olie B. from CC Labs just dropped an epic, over-the-shoulder walkthrough of a live Black Team engagement—and trust me, you don’t get to see this kind of thing often. ?? What’s in the video? ?? Live Embedded Recon – How attackers think and move inside a target environment ?? ?? Opportunistic Attacks – Spotting and exploiting gaps on the fly ?? ?? High-Frequency Card Cloning – Breaking into secured areas like it’s nothing ?? This is the stuff CISOs, security leaders, and teams need to see. Defending your network is one thing—but can your physical security hold up against real attackers? ?? ?? What’s your take on Black Teaming? Ever seen a real-world engagement like this? Drop your thoughts below! ?? #CyberSecurity #BlackTeam #RedTeam #PhysicalSecurity #CISO #vCISO #InfoSec #PenTesting #SecurityLeadership #CCLabs #HackerMindset

''Real hackers don’t knock — they bypass authentication and let themselves in." ?? It is said that if a facility security says ‘No Unauthorized Access’—hacker reads it as a challenge, not a rule. ?? ?? Here is an amazing red team embedded recon example, where you can shadow a real professional on a walkthrough of a facility. The video is PACKED with info, for such a short video - it's a damn treasure trove of useful information - tips, tricks, details and suggestions. Full vid here: https://lnkd.in/dUeTf7rx Here's a brief (not comprehensive) list of the things discussed on the walkthrough: ? Gain access: Interviews, appointments. Shared facility? Can you tail gate? ? Magic black box (outside the building) - Rapid Responder Box - full of goodies, same key for all the regional boxes? ? Camera locations - there may be cameras, but they may not be a problem. How do they work - PIR or visual ''movement'' recognition? ? RFID readers - Google Image Search - discover frequency (high/low) - understand how they work and can they be played with? ? Doors - crashbars, magnetic locks, can be hooked from side or underneath? ? Janitor's cart - the pot of gold at the end of the rainbow ?? ? Flipper - scan RFID cards - emulate - clone - use ? Back door - a door, but in the back. Same shings apply ? Elevator Keys - phase1, FEO-K1, Fire service elevator keys - your way to any lift's heart ? Duct Tape - The only thing keeping my car, my wallet, and my life from completely falling apart. Who knew it'll let you into buildings too Useful sites to buy stuff (universal keys etc): ? https://lnkd.in/dsK2SzmV ? https://lnkd.in/diR_6ukx Thanks to Olie B. from Console Cowboys (https://lnkd.in/dDT77nqk) for this awesome free education! Check out their YouTube channel for massively undervalued education on this and other topics: https://lnkd.in/dxHcc6Pr #cclabs #consolecowboys #redteam #blackteam #pentest

Live Embedded Recon Walkthrough... Shadow me on an explained Embedded recon for black / red team engagements.. Share, like subscribe.. And leave me a comment.. Cheers.. Also High Frequency card attacks / cloning.. #blackteam #redteam #consolecowboys #cclabs https://lnkd.in/eRf4RgQe

??? In the latest episode of the Layer 8 Podcast, Compass #cybersecurity expert Patrick Laverty chats with Olie B., a self-described #hacker and the founder of CC Labs. Olie shares some of the surprisingly simple yet effective #SocialEngineering techniques he has used, offers advice for those looking to improve their skills, and explains why continuous learning is key in this field. Tune in to hear his insights and real-world experiences! https://spoti.fi/3QOdm20

Simple SE Tactics that work.... #cclabs #consolecowboys #redteam #blackteam https://lnkd.in/ebPXMbmX

Hopped on this weeks Layer 8 Podcast