Lockpicking - by Deviant Ollam

slides resources videos picks & gear availability games press bio

Videos of Presentations & Advisories

 

Locks and Physical Security
by Deviant Ollam
Ohio ISEC
2013/07/13

Deral Heiland invited me to speak about locks at the Ohio Infosec Forum and I was glad to make the trip. This is also the first place where Marton Bos and I debuted the Uhm Gunner speaker challenge game. ;-)

 

Locks and Physical Security
by Deviant Ollam, Babak Javadi, & Keith Howell
Positive Hack Days
2013/05/23

On our first trip to Russia, we were astonished at how much the attendees were wowed by basic lockpicking and lock-opening topics. These kinds of attacks seem to have not been discussed publicly a great deal when the country was more restrictive, and ours was one of the first such talks that many in the audience said it was their first time seeing these kinds of tactics demonstrated.

 

Advanced Handcuff Hacking
by Ray
HOPE Number 9
2012/07/13

Ray is a good friend of ours from SSDeV in Germany and he gave a terrific presentation at HOPE regarding advanced handcuff hacking. If you've ever been curious about the kinds of cuffs they use in other countries across Europe, this is a great talk to watch!

 

Mastering Master-Keyed Systems
by Deviant Ollam
HOPE Number 9
2012/07/13

This was a tal at the ninth Hackers on Planet Earth conference where I gave a detailed explanation of Matt Blaze's Privilege Escalation Attack and introduced the new TOOOL contest called "Escalator Action"

 

Physical Security on the Front Lines
by Deviant Ollam
ShakaCon V
2012/06/19

This is a more business-world-focused talk, with lessons for management and policy-makers... with lessons culled from many pen testing engagements. I used tactical and military analogies to make direct connections between INFOSEC and any other engagement where assailants must be kept at bay for as long as possible using the resources you have available. Remember the "Three R's" of Physical Security? How about the "Three B's" of tactical defense? If you don't, you'll learn them this time.

 

Why Physical Security Matters
by Deviant Ollam & Jos Weyers
GovCERT NCSC
2011/11/14

I had the terrific opportunity to address a large room of government folk at the GovCERT conference in Holland. Individuals from TOOOL.nl were there with me, demonstrating various lock attacks and running a great Lockpick Village to give the attendees some hands-on fun! Big thanks to Jos Weyers for his incredible on-stage impressioning attack and also to Barry Wels and Han Fey for running the hands-on area with me each day!

 

Distinguishing Picks
by Deviant Ollam
DerbyCon 1
2011/10/01

This was the first time i ever presented my "Distinguishing Picks" presentation in English. While seen earlier at ekoparty, i was looking forward to showing an updated version of this talk to US audiences, and there was no better or more American a venue than the first DerbyCon in the heart of Kentucky. Bourbon was involved.

 

Safe to Armed in Seconds: A Study of Epic Fails of Popular Gun Safes
by Deviant Ollam
DEFCON 19
2011/08/06

This talk is an in-depth evaluation of some of the most popular small firearm lockboxes in-use today. Some rely on mechanical locks, others on biometric locks, and some offer a combination of both. But overall, they tend to fail miserably in the face of any dedicated attacker. Your favorite gun lockbox might be preventing your toddler from having an accidental discharge, but it's probably not at all likely to repel a criminal or even perhaps a curious teenager. Means of both attacking as well as improving upon the lockboxes you already may own are demonstrated, and audience members were invited to participate in all sorts of attacks... live and on stage.

 

Here's to Fail
by Deviant Ollam
Secure360
2011/05/11

Officially this was the latest incarnation of my "Ten Things You Need to Know About Lockpicking" talk, but at the end i threw a change-up and tried making some more big-think points for all the high-level types in the room. It's important to remember that all security is doomed to fail eventually, and it's simply a matter of how well your defenses can Resist, Recognize, and React to threats that makes all the difference.

 

How Secure are Electronic Locks
by Deviant Ollam and Babak Javadi
DeepSec
2010/11/25

Babak and i filled in at the last minute when one the speakers at DeepSec canceled. They had been expecting a talk about electronic locks, and we did our best to put a talk together with little prep time in order to show the attendees the state of most research and attacks regarding electro-mechanical locks on the market today.

 

Why Physical Security Matters
by Deviant Ollam and TOOOL.nl
GovCERT Symposium
2010/11/15

In November of 2010 i had the terrific opportunity to address a large room of government folk at the GovCERT conference in Holland. Individuals from TOOOL.nl were there with me, demonstrating various lock attacks and running a great Lockpick Village to give the attendees some hands-on fun! Big thanks to Jos Weyers for his incredible on-stage impressioning attack and also to Barry Wels and Han Fey for running the hands-on area with me each day!

 

The Four Types of Locks
by Deviant Ollam
SecTor
2010/05/11

I gave my "Four Types of Locks" presentation to the Fed and Suits was up North in Canada in the hopes of getting decision-makers in our neighbor to the North to think critically about physical security and infrastructure protection.

 

The Four Types of Locks
by Deviant Ollam
SUMIT Conference of UMichigan
2010/10/19

It had been years since my last visit to Ann Arbor and i was very pleased to return. The folk at the SUMIT conference thought that the inclusion of some Physical Security content made a great addition to the other talks about policy, cyberwar, and the cloud.

 

Distinguishing Picks
by Deviant Ollam
ekoparty
2010/09/15

Perhaps my favorite conference in South America, ekoparty is always a great time. This year i tried a new topic, a discussion about the wide array of tools on the market, how to best categorize them, and how we might work together to name them consistently. NOTE - this talk was presented in Spanish.

 

Master brand Anti-Shim Padlocks
by Deviant Ollam
advisory video
2010/08/30

Lately, the Master Lock company has been adding shim-resistant features to the retaining latch inside of their combination dial padlocks. While this does indeed make the process of shimming much harder, it is not impossible. This video shows how the new features work and how to try to bypass them. For proper security, your best bet is still some manner of double-ball mechanism.

 

The Search for the Perfect Handcuff Key
by Deviant Ollam, Dave P, and Dr. Tran... featuring Ray
DEFCON 18
2010/08/01

Did you know that although there is a “standard” size and shape for basic handcuff keys, every manufacturer has variations, special features, and sizing issues that make creating a single, universal key quite difficult? In our talk, we explain how to create this type of "ultimate" key that opens all major brands of handcuff, both in the United States and elsewhere around the world. We have the math, we have the means, and we demonstrate to everyone how to obtain the best handcuff key they might ever own!

 

Hacking Hotel Locks
by Deviant Ollam & Babak Javadi
at The Next HOPE
2010/07/16

This was the replacement talk that Babak and i put together at the last minute when Barry and Han could not attend the HOPE conference in 2010. Everyone was very kind to us and we had a lot of fun sharing some of our Dutch friends' material as well as some new interesting content of our own.

 

Wicked Cool Shit About Handcuffs
by Dr. Tran, Dave P, and Deviant Ollam
at CarolinaCon 2010
2010/03/19

This is the first version of TOOOL's biggest and best handcuff talk, given by Dr. Tran, Dave P, and Deviant Ollam at CarolinaCon 2010. In it we demonstrate a number of fun handcuff escape tricks, explain weaknesses in various models of restraints, and showcase the new TOOOL "Universal Cuff Key" while offering detailed instruction for the attendees on how they can fabricate one...
    
... all this, plus lots of porn mixed in. It really is a perfect talk for this sort of con.  =)

 

Kwikset Smart Series Smasher Tool
by Deviant Ollam
at the bar in his house
2009/08/21

People like valanx have already done a pretty thorough job of demonstrating how vulnerable to attack is Kwikset's latest design... the "smart series" door lock. However, an attack about which i recently learned is one which simply crushes the plastic "re-keying" internals... it's destructive, unsophisticated, and outside the scope of what i do with TOOOL and the sport-picking community. It also is much more effective on early generations of this lock... Kwikset has revised things and uses harder materials in newer models. Still, the implications are pretty staggering, and i felt it prudent to describe and demonstrate the issue, given that the attack tool is commercially-available.

 

Schlage Primus Bump Key Attack
by Ed and the NJ TOOOL members
at our local TOOOL meeting
2009/06/24

Everyone thought it couldn't be done. Most authorities and references you care to consult on the matter actually recommend Primus locks to protect you from bumping. Hell, even i would mention them all the time in my presentations. Well, as it turns out, you can bump a Schlage Primus lock. In addition to being a terrific (and fun) proof of concept, we were able to determine a terrific way of preventing nearly all conventional bump key attacks... and that is with the use of new anti-bump pins being developed by ilco. (secondary link here)

 

Better Uses for Your Basement than a Meth Lab
by Shane Lawson featuring Deviant Ollam
at NotACon 6
2009/04/17

At NotACon 6, Shane Lawson of the FOOOLS gave a terrific and entertaining presentation focused on inspiring people to use the simple and inexpensive things around them in order to create tools, projects, and fascinating results on a hacker's shoestring budget. I also did a segment on "lockpick alchemy" in which i explained how to take inexpensive picks made of cheap spring steel and heat treat them in order to yield tools of higher quality as well as greater durability and stiffness.

 

Kwikset Smart Key Decoder
by Shane Lawson
at ShmooCon 5
2009/02/10

Shane Lawson, an expert in many fields of security technology and one of our fellow lockpicking enthusiasts in the sportpicker/hobbyist community, was inspired by my Gringo Warrior setup to inspect the newest design of the Kwikset brand of locks. What he discovered was astounding... practically none of us could believe him when he said how simple their "security" mechanism was and how it operated. This is a talk that he prepared to show us just how easily the new Kwikset Smart Series locks can be compromised.

 

Handcuff WTF
with Babak Javadi & Deviant Ollam
at The MetaLab
2008/11/15

Babak and I wanted to say thanks again to the MetaLab crew for such a great time while we were in town for DeepSec. I had rolled footage of our talk about handcuffs and even shot some great clips of people picking and bypassing such restraints after we had finished our presentation. I edited everything together into a pretty sweet little

The talk runs about 20 minutes or so and the 5 to 6 minutes of hands-on footage at the end is, if i do say so, pretty fucking spectacular. It really captures the mood and style of people at the MetaLab. Thank you all, we'll see you again soon!    (secondary link here)

 

DEFCON Lockpick Village
featuring TOOOL, LI, the FOOOLs, and more
at DEFCON 16
2008/08/03

This is some footage of the various lessons, contests, obstacle courses, and other fun activities that we had going on in the Lockpick Village at DEFCON. The staff gave us a double-skybox and damn if we weren't packed full of people for the whole weekend. It's really wonderful to see everyone come out to have a fun and educational time!

 

Military Padlocks
by Han Fey
in the Lockpick Village at The Last HOPE
2008/07/19

Han Fey shows off some of the finer specimens in his collection of high security locks by demonstrating the ins and outs of the locks that secure tanks, munitions, and other materiel.

 

Paper Padlock Shims
by Deviant Ollam
at LayerOne
2008/05/18

Many of you have seen footage and instructions concerning my famous "beer can padlock shim"... but how many of you have ever tried shimming with other materials? I've successfully used items like plastic drink cups, and as this video will show... even paper can work if the lock is of significantly cheap construction.

 

Gringo Warrior Closing Ceremony
by Deviant Ollam & crew
at ShmooCon 4
2008/02/17

This was the prize ceremony for the very first version ever of Gringo Warrior which made an appearance at ShmooCon Four in 2008. We had a lot of good participation and it was tremendously fun to do this. I'm so pleased with how well this game was received and what it has grown to become.

 

The Latest on Bump Keying
by Deviant Ollam
at ShmooCon 4
2008/02/15

This was a talk i put together in order to summarize the latest news on the issue of bump keying, which was getting a lot of attention in the popular press at the time. Hoping to dispel some rumors and also let people know of the fixes that were being implemented by a number of manufacturers, this was a short talk but one that i enjoyed. There was also quite an enjoyable plug at the end for the first ever appearance of Gringo Warrior.

 

Lockpicking Workshop
by datagram
at ToorCon 8
2006/09/30

This was a talk that datagram put together (mostly using my slides and animations) in order to showcase how relatively insecure the majority of locks in circulation are. He discussed both picking and bumping as well as methods of achieving better security than what you'd typically find with off-the-shelf solutions.

  

HOPE Lockpick Village
featuring TOOOL and friends
at HOPE Number Six

2006/07/22

For all those who've never attended a con where TOOOL has set up a public area, this is what goes down at a Lockpick Village. While this wasn't quite as kickin' as what we tend to do at DEFCON (see the other Village video linked on this page) it's still always a fun and educational experience at HOPE.

 

Exploits for Mechanical Locks
by Barry Wels & Marc Tobias
at HOPE Number Six

2006/07/21

Barry wells gives a presentation at Hope Number Six about the insecurity of mechanical locks. Marc Tobias is also on hand to discuss the latest attacks which he has developed, totally shattering the notion of "high security" from Medeco.

 

Lockpicking, Safecracking, & More
by Deviant Ollam & renderman
at ShmooCon 3

2006/01/15

For the first time on the same stage together at ShmooCon, renderman and i give a funny and informative presentation about lockpicking using much of my traditional material as well as a whole load of new content that my favorite Canadian demonstrates. In addition to his all-around general badassery, renderman even opened up a locked safe on stage... one that he had never seen before and was simply given by an audience member. That took fucking balls.

 

Lockpicking & Physical Security
by Deviant Ollam
at DEFCON 13

2005/07/30

My first major con presentation. Technically, i gave my first talk ever at ShmooCon earlier in the year, but it was in the super early morning slot on Sunday and only about 50 to 100 people attended that short session. This talk at DC13 ran for over three hours and was one of my best times ever on a stage. I covered more material in this presentation than you'll see in any other video. Nowadays, much of this content is only discussed in my private training sessions which cost a some serious money to attend.

 

What The Bump
by Barry Wels & Han Fey
at What The Hack

2005/06/29

One of the first presentations to address the issue of bump keying, Barry & Han give a wonderful summary of this exploit and the many ways in which it can be attempted as well as mitigated.

 

Physical Security - The Good, the Bad, and the Ugly
by Barry Wels & Mark Seiden
at Chaos Communication Congress 21c3

2004/12/28

A terrific presentation at CCC by Barry & Mark, two of the world's best and also most intelligent security testers, this talk covers loads of content concerning how to keep unauthorized people out of your facilities.

 

Lockpicking & Physical Security
by Barry Wels & Mike Glasser
at H2K2

2002/07/14

This is the talk that started it all for so many people. A packed room, a popular con, and a wonderful multimedia setup made for one of the most talked-about events that hacker cons had seen in a while. While lockpicking had always been an aspect of the hacker culture, this talk (in my opinion) is what really thrust it into the forefront for a whole new generation of folk.

 

Lockpicking
by Barry Wels & Hans
at H2K

2000/07/16

One of the first popular and talked-about lockpicking presentations of which i am aware, this was a great addition to the H2K schedule... and it was, possibly, the first time that our friends from across the pond came to the US and totally blew the doors off of a room with their wonderful and informative presentation style.