DeepSec2020 Talk: The Art Of The Breach – Robert Sell
The Art of the Breach is designed to be a journey for anyone interested in physical security. Robert takes the audience on a trip from the public sidewalk outside a target organization all the way through to the executive filing cabinet in the President’s office.
While many physical security talks focus strictly on the information security aspect of breaching, Robert will combine this with techniques used by first responders to enter a building. While social engineering and lock picking will be discussed, Robert will also outline the third option of forced entry.
During this adventure, Robert discusses everything from successful reconnaissance to ensuring an easy exit afterwards.
Robert spends time at each step to go over the various options for moving forward. Some of these options are easy and straightforward while others require preparations and planning. Since every business is different, Robert brings in many different options a physical penetration tester might face. This includes steel doors, cameras, armed guards and aware employees.
If you want to up your game on physical security or at the very least bring back some ideas for improving your company’s defenses, this talk is for you.
We asked Robert a few more questions about his talk.
Please tell us the top 5 facts about your talk.
- Takes you from sidewalk to inside a filing cabinet.
- Includes an overview of many different tools including forced entry tools.
- Takes the position of the attacker/bad person, however also discusses how we would defend
- Takes into consideration all ways a criminal could breach your building (nothing is off the table)
- Shows two ways to get God Mode for your entire building which will permit intruders to free range in your building.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
The initial spark was watching my fireman friends breach a steel door that was supported with a brick wall.
Why do you think this is an important topic?
Criminals are usually not very sophisticated. Crimes of opportunity are common. Forced entry is something we don’t discuss very often but is a huge component of physical security.
Is there something you want everybody to know – some good advice for our readers maybe?
Two trained professionals can breach most doors within 2 minutes. Multiple locks, deadbolts, steel door, reinforced barriers, etc. take up to 5 minutes. Watch No Country for Old Men before you see my talk.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
Automated forced entry tools are becoming more popular and affordable. For under $300 I can buy a tool that removes padlocks in a second. Expect growth of that industry.
Robert is the founder and president of the Trace Labs which is a non profit organization that crowd sources open source intelligence (OSINT) to help locate missing persons.
He has spoken at conferences and podcasts around the world on subjects such as social engineering, open source intelligence, physical security and other topics.
Robert primarily works in the aerospace industry where he assists newly acquired organizations to secure their environments. This includes all aspects of security in regions around the world.
In 2017 and 2018 he competed at the Social Engineering Village Capture the Flag contest. He placed third in this contest (both years) and since then has been teaching organizations how to defend against social attacks and how to reduce their OSINT footprint. In 2018, he actually ran a CTF while participating (and placing 3rd) in the SECTF at Defcon Vegas.
Robert is also a ten year volunteer with Search and Rescue in British Columbia, Canada. In his SAR capacity, Robert specializes in tracking lost persons.