Training Class Formats

Covert Methods of Entry
5-Day

Day One Day Two Day Three Day Four Day Five
  • Introduction
  • Covert Entry Concepts
  • Pin Tumbler Locks
    • Operation
    • Manipulation
    • Tools & Techniques
    • Hands-On Lab
  • Ethics and the Law
  • Pick Resistant Locks
  • Lock & Key Decoding
    • Key Decoding
    • Lock Removal
    • Lock Decoding
    • Specialized Tools
    • Hands-On Lab
  • Wafer Locks
    • Hands-On Lab
  • Warded Locks
    • Hands-On Lab
  • Tubular Locks
    • Hands-On Lab
  • Cruciform Locks
    • Hands-On Lab
  • Tamper-Resistant Fasteners
  • Lock Bumping
    • Hands-On Lab
  • Producing Keys
    • Duplication
    • Origination
    • Disabling Keys
    • Key Control
    • Restricted Keyways
    • Hands-On Lab
  • Combination Locks
    • Multi-Wheel Decoding
    • Hands-On Lab
    • Pushbutton Decoding
    • Key Storage Boxes
  • Padlock Bypassing
    • Shimming
    • Hands-On Lab
    • Sesamee Bypassing
    • Hands-On Lab
    • Comb Overlifting
    • Hands-On Lab
    • Unshielded Padlocks
    • Hands-On Lab
    • Bypass Drivers
    • Hands-On Lab
  • Door Bypassing - Latches & Boltwork 
    • Loiding Tools
    • Commercial Deadlatches
    • Commercial Deadbolts
    • Hands-On Lab
  • Door Bypassing - Handle Controls
    • Magnetic Bypassing
    • Euro Turner Bypassing
  • Door Bypassing - Egress Controls
    • Under Door Attacks
    • Panic Hardware Triggering
    • Hands-On Lab
  • Door Bypassing - Residential Considerations
    • Windows
    • Mail Slots
    • Garage Doors
  • Key Impressioning
    • Hands-On Lab
  • Master-Keyed Systems
    • Hands-On Lab
  • Elevator Security
  • RFID Access Controls
    • Hands-On Lab
  • Sensors and Alarms
  • The Proxmark Device
    • Hands-On Lab
  • Credential Simulation and Cloning Attacks
    • Hands-On Lab
  • Wiegand Backhaul Interception
    • Hands-On Lab
  • Weaponizing Commercial Readers
  • PIN Codes
  • Access Control Systems in the Field
  • Telephony Access Control Systems
  • Keyed-Alike Systems
    • Reconnaissance & Surveillance
    • Fences & Barriers
    • Covert Photography
    • Drones & UAVs
    • Hands-On Lab
    • Photographic Key Decoding
    • Social Engineering
    • Locksmith Software and Tools
    • Default Codes
  • Destructive Entry
    • Hands-On Lab
  • Mold & Cast Attacks
    • Hands-On Lab
  • Field Expedient Tool Fabrication
  • Forensics
    • Hands-On Lab
  • Covert Entry Process & Target Approach
  • Security in the Field
  • Conclusion & Review

 

 

 

 

 

 

Day Five includes an extra block of free, unstructured time where students may re-visit any of the previous modules from the class or ask additional questions for deeper dives into topics.

This block of time also serves as a buffer in case any previous module ran long, to ensure that nothing needs to be dropped from this course due to time constraints.


Practical Hacking and Defense of RFID PACS
2-Day

Day One Day Two
  • EPAC System basics and sequence of operations
    • Design intent
    • Sequence diagram
    • Topology
  • Credential Storage Methods
    • Magstripe
    • Wiegand Wire
  • Credential Data Handling
  • Decoding "Standard" 26-Bit Formats
    • Low-Level Data "Raw Binary"
    • Parity & Preamble
    • H10301 & Other Common Formats
  • Setup and Operation of Essential Tools
    • RTA RFID Door Simulator Kit
    • Sample Credentials
    • Proxmark3 RDV4 Kit
    • ESPKey Kit
    • Client Setup & Firmware Update
    • Hands-On Lab
  • Credential Chameleons
    • Atmel (T55xx)
  • HID® PROX
    • Memory Structure
    • Hands-On Lab
  • Indala
    • Memory Structure
    • Hands-On Lab
  • EM4102
    • Memory Structure
    • Hands-On Lab
  • Securing The PACS Payload
    • Credential authentication
    • Credential encryption
  • NXP MIFARE Classic
    • Memory Structure
    • Hands-On Lab
  • HID® iCLASS
    • Memory Structure
    • Hands-On Lab
  • HID® SEOS
    • Transition and migration readers
    • Downgrade attack
    • Hands-On Lab
  • DESFire credentials
    • Memory Structure
  • Credential Interception methods
    • WMD weaponized long-range readers
    • ESPKey
    • Hands-On Lab
  • Electronic door locks
    • Strikes
    • Maglocks
    • Clutched Handles
  • Identifying Hardware in the Field
  • Conclusion & Review

 

Practical Hacking and Defense of Alarms and Intrusion Detection
2-Day

Day One Day Two
  • History of Alarm Systems
  • The Modern Alarm System
  • Design Principals
  • Alarm Hardware Details
  • Honeywell Vista 50P
  • Alarm System Zones and Wiring
    • Hands-On Lab
  • Common Sensor Types & Details
  • High Security Sensors
  • Sensor Placement and Installation
    • Hands-On Lab
  • Building Out Your First System
    • Hands-On Lab
  • Bypassing Alarm Systems & Sensors
    • Triple Reed Balanced Switch
    • High Security Sensor Wire Bypass
    • Hands-On Lab
  • Security Systems & Radios
    • RF Weaknesses & Bypasses
    • Control Panel Weaknesses
    • Hands-On Lab
  • Installation Weaknesses
  • Alarm Bypass Rumors
  • Mitigations for Defenders
  • Conclusion & Review

 

Safe Lock Manipulation & Servicing: Mechanical Edition
2-Day

Day One Day Two
  • Introduction
  • Safe Design & Safe Ratings
  • Mechanical Safe Lock Components and Function
  • Operation
  • Disassembly
    • Hands-On Lab
  • Servicing
  • Reassembly
    • S&G 6700
    • Hands-On Lab
    • LaGard 3330
    • Hands-On Lab
  • Manipulation Training
    • Hands-On Lab
  • Methodology & Process
  • Specialized Tools
  • Changing a Combination
    • Default Combinations
    • Hands-On Lab
  • Manipulation Aids
    • Hands-On Lab
  • Group 2 vs Group 2M vs Group 1 Locks
  • Autodialer Overview
    • Hands-On Lab
  • Electromechanical Locks
  • Conclusion & Review