26 February 2019
Anti-picking Features of High Security Locks
I’ve spent the last few years messing around with the UK branch of TOOOL, trying to design a lock which is highly resistant to picking. Along my journey, I’ve learnt many things about how lock manufacturers have tried to thwart lockpickers, both good and fruitless, and I hope to provide some insight into an area of security which is rarely covered.
In this talk I’ll cover the basic principles of picking any lock, and the various and varied ways high security locks have attempted to prevent them being abused.
Client-side Still Hot
Alex K (@_alxk)
When it comes to remotely breaching a corporate network, client-side attacks are generally thought of as less sexy and direct than phishing or attacking external infrastructure.
In this talk we will cover three old-school browser tricks that can be chained to obtain a detailed map of an internal network:
- Get the internal IP address space
- Port scanning from a browser
- Exfiltrating HTTP responses across origin
By chaining these together, attackers can obtain enough information to plan client-side attacks against internal infrastructure, with the objective of breaching the perimeter and getting a shell.
Note Dr Helen Thackray is unavailable to speak at February’s event and her talk on “Hackers gonna hack: Research Conclusions” will be rescheduled at a future date.
We’re always happy for more talks, so if you’ve implemented Meltdown on your smartwatch, want to walk us through the highlights of a CTF, or have some insight into upcoming privacy regulations, we’re interested!
Drop a message to email@example.com with a title, synopsis and rough length, and don’t worry if you haven’t spoken before.