- Adam Jon Foster
- Alex Hogue
- Andre Vornbrock
- Chris Prevost
- Connor & Emily Morrison
- Daniel Underhay & Matthew Daley
- Dina Jalkanen
- Jaakko Fagerlund
- Jek Hyde
- Jos Weyers
- Logan Woods & David Tredger
- Peter Field & Lucas Zhao
- Matt Smith
- Oliver Clayton
- Peter Field
Adam Jon Foster
Talk The ALC Galaxy Lock: an in-depth look
The Australian Lock Companies Galaxy Lock is a pretty cool lock, and has been said by quite a few to be hard to pick, is used in quite a few new commercial installations, especial in high security areas, but not much beyond marketing and 1 bosnianbill video talk about how it functions and how it can be attacked. In this talk I will cover most of the design and function of the Galaxy Lock, how it works, and how you can attack this lock.Adam Jon Foster is an undergrad at Edith Cowan University, is usually happy to teach what he can to those who will listen, has broken more toys on accident than most would believe, and has a huge draw to cybersec and physsec (especialy pentesting).↑ Return to top of content
Talk Cognitive biases and how to be less wrong
Alright so y’know how Microsoft Windows 95 is full of vulnerabilities? How it’s easy to make it do the wrong thing?
Humans are also easy to make to the wrong thing. Cognitive biases are predictable ways in which we’ll make the wrong choice.
Ever spent your plane-trip coming up with your plan to swim to safety if the plane crashes, even though you’re more likely to have identical twins on your flight than crash?
Come along and learn about the mistakes we make, why we make them, how to weaponise them against your enemies, and how to defend yourself.
If the stars align there will also be a special event for some lucky audience members.Alex is a small boy trying to be a hacker. It’s difficult because sometimes your arms get all stuck when you’re trying to put on a hoodie y’know? Alex is your best pal, a five-time celebrity MasterChef winner, your local Luigi technician, and your sweet mango boy. Critics have called him “aggressively wonky”. He works on the Blue Team at Atlassian, doing incident detection and response. On the side he writes childish and frankly destructive blog posts at mango.pdf.zone.↑ Return to top of content
Talk High Security Lockpicking
Practical applications for how to pick nearly any high security lock with a sidebar.
The main focus of the talk will center around the legendary MCS lock and it’s newly published vulnerabilities.Discovered MCS vulnerabilities — background in high security NDE.↑ Return to top of content
Talk How to disappear completely
If you’ve ever wanted an invisibility cloak, this talk is for you.
Cameras peer at us from street corners, from phones, from the dashes of passing cars, and from shopping mall advertisements. Even when you’re not posing for a selfie, you might end up in the background of someone else’s picture while you’re out at dinner — and if that photograph is uploaded to a social media site, facial recognition can pick you out of the lineup.
Machines are getting better at recognising our faces — but if you want to sneak through the streets of your city like a young wizard in the corridors after midnight, there is still hope.
This talk provides an overview of the latest urban camouflage technology and how to deploy it in order to foil facial recognition. During this session you’ll learn the ways machines “see” us, and how to play with them in order to become invisible. We’ll dive into the ethics of biometric identification. And, if you’re feeling adventurous, you can have fun with reflective tape and face paint to disguise yourselves from the algorithmic eye.Attacus was born 1757 during a full moon. She is currently an internet gremlin at Assurance and in her spare time enjoys licking poisonous wallpaper and patting dogs.↑ Return to top of content
Talk Spying into the Design: Making Cutaway Lock
Have you seen pictures of cutaway locks floating around online and wondered how they are made? Or have you ever wondered what it would look like if you could peel away the layers of a lock to see what’s going on inside?
This presentation is an in-depth look at how cutaway locks are made primarily using manual Milling machines. You don’t have to be a machinist to enjoy this talk. Afterwards join the speaker in a live demo where you can watch locks being turned into cutaways.Chris Prevost has nearly twenty years experience in the security industry. He picked his first lock out of curiosity, but his curiosity wasn’t satisfied with just being able to pick locks he wanted to see how they worked, he wanted to see inside the locks. After taking a machining course he did just that. From this endeavor Anarchy Won Metalworks was born. Currently focused on lock cutaways Chris hopes to branch out into custom metal work soon.↑ Return to top of content
Connor & Emily Morrison
Talk Tamper resistance bypasses
Be prepared to delve into the realm of tamper resistance by-passes with this interactive presentation.
Having discovered tamper-resistance by-passes over a year ago, Connor and Emily wish to share their enthusiasm and experiences in bypassing a variety of tamper resistance devices. In doing so, demonstrarting that tamper resistance really is just child’s play.
The presentation will demonstrate the use of a number of solvents and their application to tamper resistance by-passes and as well basic hand-cuff and cable tie removal. A must-see presentation for those wanting to get into tamper-proof by-passing.This brother and sister duo are all about learning new ‘life skills’. Having discovered lock picking and tamper evident at a really early age, they have made it their mission in life to bypass all the controls. When they finally make it to high school, if the pool on the roof has a leak, that door wont stop them getting back down.↑ Return to top of content
Daniel Underhay & Matthew Daley
Talk Project Walrus, an RFID and Contactless Card Cloning App
Walrus is an Android app that supports several existing contactless card cloning devices. Walrus is designed to simplify and streamline card cloning during red team engagements and physical security assessments.
It offers a common interface and database for storing cloned cards. Currently Walrus supports the industry standard Proxmark 3, Chameleon Mini, Tastic RFID Thief, and more to come. Cloned cards are written to a blank card or emulated on another device such as the Proxmark, instantly granting the attacker privileged access to restricted areas.
Our presentation demonstrates how Walrus is capable of tapping into the power of the ‘Tastic RFID Thief’ long range card reader, enabling walk-by cloning of access cards in seconds, as well as how cloned cards can be integrated across multiple devices.Dan: Pentester by day, walrus developer on the weekend. Enjoying life. Matt: Security consultant and general weirdo. I may not have sweet paper from bug bounties, but I have some exciting mailing list posts… ;_;↑ Return to top of content
Talk Back in time: Finnish lock industry
This talk goes back to the roots of physical security, Nordic lock industry and Abloy in particular. We will also take a look at Finnish medieval locks and some interesting yet irrational beliefs that pushed their development forward.Friendly geek, lockpicking beginner. Master’s degree from Helsinki University and Aalto University School of Business, where she studied computer science, mathematics, networking and English. Member of CCC Amsterdam and Amsterdam hackerspace TechInc.↑ Return to top of content
Talk Manipulation aids in opening safe locks
An analysis of weaknesses present in typical mechanical safe combination locks and how to exploit them to gain knowledge of the combination by using electronic measuring tools and PC software.Tool/die maker by profession, lockpick designer, safe cracker as a side job and very much into electronics and coding and combining all these to make whatever comes to mind.↑ Return to top of content
TBAJek is an analyst specializing in physical infiltration and social engineering for the Walmart Red Team. She enjoys spreading the InfoSec gospel by sharing stories of how access controls can be bypassed by exploiting the weakest link in the security chain: You. When Jek isn’t burgling, she lifts heavy things, eats sweet potatoes, and jumps in mud puddles with her kids.↑ Return to top of content
Talk post-its, post-its, post-its everywhere (and how they relate to physical keys)
A password shouldn’t be on a post-it note.
In plain view.
On the console.
The password to a locked door is called a key.
So if a reporter wants to get the point across that certain people shouldn’t have access to a particular key, would it be wise for said reporter to show that key to the world? This talk will show how not to run this story, why we should care and maybe make you rethink your physical security a bitJos Weyers is a world-record holder in the field of lock impressioning and a mainstay participant at LockSport events around the world. A long-time member of TOOOL in the Netherlands and a key figure at the Hack42 hackerspace in Arnhem, Jos recently became the Vice-President of TOOOL.nl and now helps to oversee that organization and the LockCon conference. Jos is the mastermind behind the beehive42.org initiative. Some people know him as the Dutch Kilt guy. Featured in the New York Times. Voted #2 in the category “Hackers and Security” of the Nerd101-list of VrijNederland June 2015.↑ Return to top of content
Logan Woods & David Tredger
Talk Drinking Tea and Holding Meetings: How to do a bad job of PhySec Redteaming and still pwn your target
Imagine doing a Physical Security Assessment where the client tells you all the cool stuff like wearing fake uniforms, card cloning, and lockpicking are out of scope. You have to try and gain access to the organisation’s buildings with essentially nothing but your (limited) wit and charm. But they didn’t say the kitchen is out of scope. Big mistake. We’ll share a story of how a cup of tea is like an invisibility cloak, your target’s meeting rooms make an impenetrable base of operations, and how people are inherently so helpful they will literally go out of their way to help you break into their organisation.David is a Senior Security Consultant at Aura Information Security. He’s been accessing things he shouldn’t since he was a schoolboy, which was approximately a week ago (actually more like 5 years…) David has a broad infosec skillset with a special focus on password cracking and OSINT. Logan is a Security Consultant at Aura Information Security. Coming from a g-man ops background, he’s been pretending to pentest for about 18 months now. He has a particular interest in physical security and lockpicking.↑ Return to top of content
Peter Field & Lucas Zhao
Talk Interesting Chinese Cylinder Innovations
Many of the locks that have been manufactured and sold in China represent significant cylinder inventions that areoften overlooked. Using photographs, illustrations and video animations, we will evaluate several clever cylinder ideas and see how they have been manufactured, modied and incorporated into other models. We will also introduce some new products recently developed in China.
→ Twitter: @TheUrbanHawkPeter is Director of Research at Medeco Security Locks & Lucas is a Chinese and Asian lock researcher and aficionado.↑ Return to top of content
Talk Adventures in Discworld
Disc detainer locks form a small, but fascinating area within the locksport world. This talk will shed some light on the operation and vulnerabilities of several high security mechanisms in use today, including locks made by Abus and Abloy. It will also cover several techniques on how to NDE them and some of the NDE countermeasures employed by lock makers.
This talk will draw on my limited but useful experience as a lockpicker and toolmaker, specialising in disc detainer locks.Security subversionist, inveigler, finagler, blaggard, 7th gen locksmith, toolmaker, goalkeeper. Physical 0-days. Abloy NDE training. BSc (hons) Comp Sc. Fin.↑ Return to top of content
Talk Challenge locks
Are you a bored (and masochistic or sadistic) locksport enthusiast? Maybe you have your eyes set on achieving your “Lock-picking Blue Belt” but aren’t sure how to go about it. This talk will offer some tips for creating challenge locks with some DIY security pins and pin chamber modifications.Pentester, researcher, physical security enthusiast.↑ Return to top of content
Talk Low Tech Answers To High Security Solutions
This talk aims to pick apart the Lockwood V7 including details on picking, key duplication, and impressioning.Oliver is a Security Analyst from Canberra with a love for all things security. High security locks and key duplication are of particular interest.↑ Return to top of content
Talk Elements of Lock Cylinder Design Cylinders & Keys made with Moveable Elements
Update: sadly due to health problems Peter will not be able to attend.
Elements of Lock Cylinder Design is an overview of the parts or elements that make a lock cylinder, and the comparison of how variations in the individual elements can increase or decrease the security of the lock.
By analyzing the components in a cylinder, it is possible to develop a summary of the security rating of the lock. We will use illustrations and photographs of the cylinder to understand how various locks operate.
Cylinders and Keys made with Moveable Elements is a historical study of locks that are operated by keys with moveable components. In the late 1900s there was a rapid development of locks with mechanically complex keys.
We will use illustrations and photographs to see what the lock and keys look like, how they operate and estimatewhat security they provide.Director of Research at Medeco Security Locks.↑ Return to top of content