DeepSec 2025 Training: Fundamentals of Covert Entry: Intensive Training – Babak Javadi, Jiri Vanek, Chris Cowling

Step into the world of covert entry with **Fundamentals of Covert Entry**, a 2-day hands-on training designed to instill penetration testers, red team operators, and security professionals with the foundational skills required for bypassing physical security systems. Designed and taught by industry-leading Red Team Alliance instructors, this course provides an engaging, technical, and accessible overview of key techniques, tools, and strategies for understanding and exploiting mechanical and electronic access control systems.

Mechanical Lock Systems – The Foundations of Entry
Delve into the mechanics of locks to understand critical design elements, uncover overlooked weaknesses, and exploit how they can be defeated. Understand lock components, popular European mechanisms, door assessment, and common vulnerabilities. Get hands-on with techniques for Picking, disassembly, decoding, bumping, bypassing, impressioning, master-key privilege escalation, and photographic tele-duplication. Analyze real-world mechanical lock systems to identify and exploit weaknesses

Electronic Physical Access Control Systems (PACS)
Grasp the fundamentals of PACS design, common components, peripherals, and RFID credential technologies including RFID and smart card technologies. Get your hands dirty with the Proxmark3, Flipper Zero, and Chameleon Ultra while exploring techniques for optimal tool selection, understanding system vulnerabilities, and exploiting design flaws to attack readers or clone RFID cards. Gain insight into mitigation strategies to improve electronic security defenses.

Who Should Attend?
This course is perfect for cyber penetration testers, red team operators, security professionals, and anyone passionate about elevating their covert entry skills. Those who are new to covert entry will build a rock-solid foundation of understanding and skill to build upon, while seasoned operators will be challenged to approach systems in pragmatic and holistic ways. In any case, this training provides the knowledge, tools, and skills to execute physical security assessments with confidence and understated professionalism that will help set them apart. There are no pre-requisites for this training.

We asked Babak, Jiri and Chris a few more questions about their training.

Please tell us the top 5 facts about your training.

1. Uncommon Teaching Style – Our approach to teaching technical topics is different than most. We are relentless about helping students understand the why, not just the how.
2. Refreshing Practicality – RTA focuses heavily on heavily curating topics, teaching methods, and examples to make sure the time spent in the classroom is as rewarding and as practical as possible.
3. Hands-On, Hands-On, Hands-On – Most of us in security are not wired for consuming content passively. We love to get our hands dirty, and we know our students do as well. Our training focuses on hands-on exercises and instruction wherever possible.
4. Universal Value – In every class we teach students with a diverse range of experiences. In every class we have been successful in making sure even the most seasoned students come away smiling.
5. Unmatched Quality – For 15 years, our trainings have consistently rated in the top 5% of student feedback year after year, event after event. We have the receipts to prove it.

How did you come up with it? Was there something like an initial spark that set your mind on creating this training?

We have an unsatiable passion for learning and helping others learn. More than anything we know that student don’t just want the technical skills, but also the deep understanding of “why” as well. When starting in security, it can be easy to presume that no one cares about security or understands it. In class, we demonstrate the reality that everyone contends with and help bring context to what may at first seem confusing.

Why do you think this is an important topic?

Almost 15 years ago I came to my first DeepSec conferences to teach people about lockpicking. Since then, the field has grown and matured in ways I could not have imagined. Over time, I’ve learned the subtle nuances that drive the security industry and we take pride in sharing those nuances with our students. We know that in order to understand where we are heading, we need to understand where we came from.

Is there something you want everybody to know – some good advice for our readers maybe?

Yes! One of the key concepts that I ask disciples of security to always consider is that of “Chesterton’s Fence”. In imagining a fence in a field; a reformer who doesn’t see its purpose should not tear it down without first learning why it was built, and the implications of its removal. Similarly, in security we often run into what seem to be inexplicable decisions that are made, and we are too quick to make changes before understanding why they are there in the first place. The puzzle of security may be what first brings us in, but it’s historical operational and business factors that molded the framework to begin with.

A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your training in particular?

I can see that current advances in AI are going to drastically change how Physical Security is handled. For surveillance, it is a HUGE game-changer. AI’s don’t get tired, bored, or sick. For passively monitoring video streams, it is extremely difficult to beat the value it brings. That said, I think the world is sprinting so fast towards trying to “AI All the Things” that we don’t yet fully appreciate the mistakes that are being made. For as amazing as AI technologies can be at quickly identifying crime or unauthorized access, we are already seeing far too much trust being placed in their capabilities. If anyone reading this finds me in class, ask me about defeating AI cameras by hiding in a box!

Babak Javadi is the Founder of The CORE Group and Co-Founder of the Red Team Alliance, a covert entry training and certification body. As a professional red teamer with 15 years of field experience, Babak’s expertise includes a wide range of disciplines, from high security mechanical cylinders to alarm systems and physical access control platforms. Babak’s community contributions include the co-founding of The Open Organisation of Lockpickers (TOOOL) where he served on the Board of Directors for over 13 years. As a professional penetration tester and security consultant, he has trained and spoken at conferences around the world, including Black Hat, DEF CON, RSA, ShmooCon, DeepSec, HITB, ekoparty, and many others.

Jiri Vanek is an security consultant with over 20 years of experience encompassing IT, Management, and Ethical Hacking. He has led Red Team engagements, relishes in physical intrusions, and has first-hand experiences of successful intrusions and successful detections for clients. Jiri founded and let a security team at Unicorn, one of the largest software development houses in the Czech Republic, and helped transform it into one of the top three information security service providers in the country. Today, Jiri works as an independent consultant conducting physical security engagements across Europe, and providing consultancy services for large companies.

Chris Cowling is a Red Team Operator and Physical Penetration Tester with over 20 years of experience. Starting his career as a Unix DB Admin before being lured to world of Enterprise Solutions, he spent years working for blue-chip companies in IT before discovering his true passion: security. He has experience working with Industrial Control Systems and supporting a diversity of industries including telecommunications, pharmaceutical, and even Formula 1. For the last 15 years, Chris has been a part of the Nullsecurity collective. He is passionate about RF-related hacking including Wi-Fi, SDR and RFID. Whilst performing engagements across Europe, he has built a euro-centric community to meet the ever-growing demand in the market. Chris is a BBQ Pit Master, retired Rugby Player, and the proud father of 2 amazing children (just don’t let them near your locks)!