Video

Without a backup of the keychain... minimal unfortunately. Do you have any time machine backups of the OS prior to formatting?

LOL we've had this comment a lot on this video. Chalk it up to a young editor that learned proper mixing...after...we published this video. Thanks for the feedback though!

LOL

3 times to make sure 😂

Unfortunately, this tutorial does not apply to encrypted disks. You pretty much need the decryption key, and write-blocked hardware to image the drive the usual way.

Check your DMs ;)

Really the least you could do for the steadfast support she seems to offer.

Please check your mailbox in 3-4 business days... just sayin....

They calling your name to do the interview!! =D abt time!!! haha

Amazon to the rescue.... www.amazon.com/EASTBULL-Novelty-Flash-Memory-Cartoon/dp/B07R4RJWGV/ref=sr_1_3?crid=EXRNNU0AKD04&keywords=rubber+duck+usb&qid=1691168503&sprefix=rubber+duck+usb%2Caps%2C81&sr=8-3

It is recognized by the OS as a human interface device (HID) and like any HID, it has a controller, that controller, in usual cases, will wait for "human" interaction (interfaces) before sending keystrokes along, but in a Rubber Ducky's case, it consults the ducky script on the device and uses that as the "human input" automatically.

LOL you definitely ...could.... but it would be stored on the device in plaintext so if you ever lost it / left it... it's gameover.

We actually have a few coming out soon, stay tuned. Thanks for the feedback!

Our red team is working on a few new videos. I like the Discord idea, I'll pass the suggestion along to our operators. Thanks for the feedback, Cheers!

I don’t believe so. Do you know what frequency the key is on?

@@sevnxsecurity I don’t know if this would tell you anything, I’m not an expert. This is what’s in the key fob fro Schlage S26A13258848005661 9651 My intention is to have a copy and use it instead of the original, because if the original breaks or damaged or if I loose it; I have to pay $250.00 ridiculous dollars for it.

First, I'd check with the property manager to see if 1) they do any testing of their own and 2) if you have permission to conduct testing within their space. If you can and they don't, then it's likely a worthwhile exercise to know your attack surface and vulnerabilities.

@@sevnxsecurity Thank you, I will check with the property manager and go from there. Great information in this video!

Without any exaggeration, I have used every single one of those techniques you mentioned (minus the padlock shims and plug spinner in the last 6 months) on everything from banks, to corporate buildings, schools, and entertainment venues. Full disclosure: the thumb turner got used to tigger an RTE button so not the exact purpose but it's staying in my kit. We may like to imagine most companies on to these techniques by now, but I assure you, it's just a dream. The world is still very much broken.

@@mattbarnett8265 Thanks for the reply. I wasnt putting shade on you, I love all of these kind of videos. Let me make it clear that I dont work in the security field, I am an enthusiast and groupie, my field is Engineering Consultancy, mainly civil and structural. If I was 30 years younger Id look to physical assessment as a career, it sounds exciting and it is important. Where I live and work, Canberra, Australia, the CBD has gone through massive 'renewal' with a lot of the old buildings being knocked down and rebuilt. Who ever is doing the security assessment and recommendations is doing it right. The few buildings I have worked in over the last 3 years (hopefully Im not doxxing myself are the 2CA building, which has the Australian Protective Services as a tenant so security and monitoring is TIGHT, and the CQ building which is one of the newest 6 star office spaces in Canberra, check them out on street view and let me know if you see any obvious weaknesses, Id be very interested) are top notch. All of the Pubic Service departments are also moving into these modern buildings in the city. As a physical security enthusiast....and a reformed juvenile burglar, all the high security buildings I see, and I do a mental assessment, are not susceptible to most of the methods of attack. I would be interested in hearing about the type, not location or client, of the businesses or US Gov that you assess. More around things like, when were these buildings built, if they have upgraded their security etc. One other thing Id like to ask, you say you have used most of the methods in the last 6 months. How many physical assessment have you been involved in in those 6 months? My very limited understanding is that Security Assessing companies do maybe 2 to 4 physical penetration tests per year (from what Ive gleaned from Deviant and the Core Group), that most engagements are digital, phishing, wifi and remote access attacks rather than actually physically getting to the server room? Sorry for the looooooong reply, and have a good one.

@@markotb All good on the reply. Reading it, I realized something. All of the techniques we cover (or tools more accurately) have two sides to them (no pun intended). There is the 1) what it was made to do and 2) what it can do. I think in some ways you're right, the tools, as designed, don't always work, but they are the right size, shape, flexibility, etc. to "work" in different ways. It's no different than hacking really. A buffer overflow is a buffer overflow, sometimes it works right out of the box, and sometimes it needs modification. Being good at this field requires a high degree of creativity and o-o-t-box thinking. Cheers!