 Our next talk is from Volta Bellegers. Volta works in security and particularly as a penetration tester on the IT side, but he's also a lockpicker. He's a very good lockpicker, a Dutch champion and president of the open organization of lockpickers and today he's going to be talking to us about the physical side of penetration testing. So please give him a warm welcome. Thank you, thank you. Wow, it's great to be here at SHA 2017. Actually I sent in two abstracts for talks and they were both selected. So tomorrow I have another shift even earlier than today. For me it's still a bit like early in the morning, this point in time maybe a few as well. I'm going to talk about physical penetration testing, but first of all let me say that I also collect old Sun Microsystem machines. So if you have any lying around talk to me after the talk. And yes, I do lockpicking with a tool and well this was already said. I'm president of tool and I have been lockpicking for many years. And the reason that this talk came about was that I thought in my daily work I do pentest stuff. So it's all about protection of data. So there's too much traffic in the air. So eventually in the end it's all about protecting your data. So companies are interested in keeping their stuff safe from falling in the wrong hands. So we're talking about data, personal data that is stored on all kinds of databases that we need to protect. And that data, those databases are of course bits on a disk. The disk is somewhere in a server and the server could be anywhere. It could be in your own data center. It could be in somebody else's data center. It's somewhere in a wreck. And if you talk to people about protecting the data in those databases in this wreck, many IT people will first think about IT risks, obviously. So I would also start thinking about how can we hack into those servers? What kind of vulnerabilities do we have in the database or in our operating system? But as I said, this talk came about by thinking about the physical expect. Being a log picker I thought about, well, if you get to this server and you get to the data on the database, it's probably game over. Maybe you can do real fancy encryption, but it's quite hard to encrypt your data in such a manner that if somebody has physical access and can actually take your server while it's still running to prevent those people from getting access. So I think it's a real attack factor to get physical access to the disk in the server in the 19-inch wreck in your data center. The data center can be anywhere. It can be your own data center. It can be shared. So that's the topic of this talk. I'm the attacker trying to get into your data center. Sometimes it's very easy. I've seen a lot of our customers in the pentest work where they had data in a shared co-location facility. So it's quite easy to become another customer of that same co-location facility, and then, of course, you're already next to the 19-inch wreck. Maybe your 19-inch wreck looks a bit different, but the goal is to get there. So I will be talking about techniques to get physical access, and actually what I'm talking about are some tricks to get past doors, locks, et cetera. And I have to disappoint you. I'm not going to tell you any zero-day stuff, no secret knowledge. In fact, what I'm telling you is all common knowledge. But still, I feel a disclaimer is in place. Please only use those tricks for ethical stuff. And I always have to disclaimer if I catch anybody doing this illegally, the kitten will get it, right? Actually, that's a joke. I really like kittens. But don't know it. So the idea is we have the data in a data center somewhere. This happens to be the data center of Facebook. I hope there's not too much data of me in there, but there probably is some. And we need to get in. So the first hurdle is how to get inside of this data center. Getting in. Now, actually, when we talk about physically getting in, there is one class of attacks that I won't go into today, which is using social engineering. And I think, in fact, in most cases, it's actually rather more easy to use social engineering than to use the lock-picking techniques I will show you. So just by using some kind of story to get in, you, in almost all cases, can get in. But social engineering would take me a talk in itself, and I'm not going in that, in this talk. So we need physical access, but without doing any social engineering. Now, if we are next to the data center, what we can do is we can look for possible entrances. So the main entrance, you possibly have a reception desk and people, and it might be a bit hard to get in there. But of course, there are different entrances to be found. And thanks to stuff like Street View, it's very easy nowadays to do all your reconnaissance without even being on the spot. So there could be back entrances, there could be an entrance for suppliers. Sometimes you have a parking garage with their own entrance that is less secured than the main entrance. And those might prove interesting ways to get in. So let's suppose we've walked around the building and we found a door that is, there's no reception or anything, but the door is closed. And there is no handle on the outside. So maybe this is an emergency exit. If it's an emergency exit, this means that the door is not actually locked with a bolt. So it can be opened from the inside without using a key or anything, but it doesn't open from the outside because there simply isn't a door handle. Now, if you are in that situation, there are tools that will help you. And in fact, I will show you in the next couple of slides a whole lot of tools that are used to open doors that are not fully locked. And this is one of them. I have it here in real life. The German name is a Türklingkangel. I don't really know how you would call it in English. A door handle fishing rod. Sorry? Underdoor tool. Okay, underdoor tool. That already explains what this does. You can put it underneath the door. So you need a tiny bit of space between the door and the floor, but normally you will have a bit of space unless it's highly secured. And you can then push it up on the other side and put the top part over the door handle. And then there's this nylon wire that you can pull on to operate the handle on the inside. So if you have a door that has no handle on the outside but will open with a handle on the inside, this will let you do it from the outside. And I can show you how this works by looking at this video. This was an ethical hack. I had permission to open the door. So thank you. So on the outside, I look where the door handle is and I can determine what angle to use to determine how high it should go. It's not that hard to do. And here you saw me do it at an inner hotel, and in hotels this works perfectly. Works great. Why? Because in hotels, because of fire regulations, normally the door must always be able to open a door from the inside by just turning the handle. So even in a hotel room, if you lock it, the handle will unlock it. Here's another video of the same thing, but this has a split screen where you can see the inside and the outside simultaneously. So this is actually quite fast. So again, this only works if the door is not locked. So here we have a door with a door knob that operates this part, and there's the lock with a bolt coming out. If the bolt is not out, there's only this part of metal holding it shut, and this will move freely. So if you can move it back, the door will open. Now in this case, it has a knob, but you can't use the under-door device. You could contract a device using a rubber band to do this. It's more difficult. But there are other ways to operate this bolt. And the most easy is by using a piece of plastic. So this is what you see in the movies with credit cards, but actually it's better to use a banded piece of plastic that you can make yourself out of a plastic bottle. So on the top right you will see somebody making such a tool, and then you can insert it between the door and the door post. Normally there's enough room. If there's not, you can just gently push on the door to create a little bit of space. Then you slide it down over the bolt, which will retract, and this will open the door. You can buy specialized tools for this as well. So these are special needles that are shaped in such a way that it's easy to insert them in the door between the door and the door post, and you slide them down to open the door. Now there is something you can do against this attack. And one of the things you can do is use a device like this. So you probably will notice if you open the door, it will only open for a bit, and you can't fully open it. Again, for this device, there is a device that will hack this. And here it is. Now the question is, is that me or is that somewhere? So it's a piece of metal, you smash it on the outside, and the force will open up the door. Now for this you need to buy the special device. It can be done even easier with a piece of paper or plastic. We can solve this by using a device like this. Well actually, if you take a look at this, it's not really sturdy, right? The screws are really tiny, the chain is really not very sturdy, so it will probably be quite easy to just use force to open the door. But I don't like force, I like to hack the door. So what do we do in this case? If we open the door, we cannot get the chain out because it needs to go all the way there. Well again, there are tricks. If you're really a hacker and you think about how can I do this, you probably will end up figuring out the following technique. So all that is needed is a rubber band. You can't see what you're doing, limited space. Sometimes people just don't understand how these things work and you get a freebie. So how do we solve this problem? What do we buy to prevent this attack? Obviously it's this. Another technique is where you have a door that is not locked again. Again, we have a door handle on the inside, but this time there is some kind of hole that we can put stuff through. So in the Netherlands there are a lot of doors that have a slot, a mill slot that you can use to insert a piece of metal to open the door. And actually this is maybe number one, a burglary technique to get into houses. And here you see a movie of this in action. So this is really quite fast and in fact burglars are using this on mass. They are going door by door to see which door is not fully locked, open it, steal some stuff and get out very quickly. So actually currently in the Netherlands there is this big campaign telling people to always lock their door. So if you leave your house for five minutes, really lock it and then this attack won't work anymore. If you have really old locks that use the big keys, you have a hole that is big enough to insert this tool that can actually operate the door handle from the inside. And the funny thing is that for any kind of opening or locking mechanism, there is somebody who's figured out a way to circumvent this and made a tool for it. An interesting one is this one. This is a window with hinges on the top and the side. It's not used in the USA for instance, but in the Netherlands it's quite popular. This window can be opened on those hinges and on the side hinges and on the side it opens fully, and on these hinges it opens just a tiny bit, not enough for somebody physically to get in. And the idea is that in this state the window is safe. Somebody from the outside cannot enter your house. But again you can buy tools, the tool is shown over there that will open this window. So here you see it in action. There is this metal device that clamps over the handle with wires attached. The wire is led to the side of the window. Then there is this suction cup that you use to close the window. And when it's closed, the handle can be used to go from one state to the other. So use the other hinges. And of course you can operate the handle from the outside on the inside. So there's quite a lot of techniques, some of the things you might find trying to enter the data center. And sometimes it's even much more easy than that because people make mistakes, and this is something that you will surely find quite often at facilities that you will try to enter. Doors that have been left open that should have been closed. And here's a picture from an actual assignment we did where we were already inside the building and somebody used sellotape to make sure the door wouldn't lock because it was too much of a hassle. Now this is all tricks without using force. If you are able to use force, there's a whole new load of attack techniques that you can use to get in. In fact with force it's sometimes quite easy. This is the number one burglar technique that is break off the cylinder, snap it off out of the door. When the cylinder is out, you can insert a piece of plastic to operate the actual locking mechanism. And this is possible because of a, well actually a design flaw, if you take a look at a standard cylinder that is being used in Europe, it has a hole for the screw that is used to attach the cylinder to the door and there's only a little bit of metal around this hole and that's all that keeps the two parts of the lock together. It's actually quite fragile. And if you apply force to the end of the lock by using pliers or a hammer, you can easily break it. And there's actually special tools like this one that fits very tightly on the lock and you can apply a lot of force to snap it off. As is demonstrated here. The tool can be used simply over the cylinder. Then you turn the key with the included input. When the tool sits down, you can move it slightly to the left and to the right. You can also move it down in the meantime, but be careful not to slip off the tool, because the side is shorter there. You can break out the cylinder like a mortise tooth. So this cylinder was actually just sticking out a few millimeters and that's enough for somebody with this tool to break it out of your door. And as you can see, this is all hardened steel, but the fact that the cylinder was sticking out a few millimeters, that is the problem. So if there's one advice I would like to give you for your own homes is to use a cylinder that does not stick out of the door. And there are actually quite a lot of solutions, the stuff you can buy to prevent this attack from happening. Another thing you can do to get into the data center is copying the key. And if you are talking about RFID keys, that's a whole talk in itself. I won't go into that. If you have the really simple RFID keys that have a static number, work on low frequency, there is copiers as small as this. So this will actually copy a 125 kilohertz RFID card and you're in. You can do the same with physical keys, of course. Copy them. And this is something I will go into in more detail tomorrow during the talk I will give them. But here is a guy that showed keys on television, in a television program, and I was able to use the screen grab from the television show to figure out what the key looks like, make a duplicate, and use it. So that's also an option. If you find somebody with a key, you only have to be able to look at the key and possibly copy it to gain entrance. All right, let's move on. Suppose we are in the building using the techniques I've shown you, and now we need to get to the place where the data is. So let's suppose there are several zones within the company and we need to go to the more secure zone. Of course, all the techniques that I've shown you, thus far, can still be used to gain entrance to the more secure zones. You can use the under-the-door device. Force, et cetera. But there are a few more techniques that you could use. In some buildings, there are these heightened ceilings, and there you have to be really careful that the walls are going all the way up to the actual ceiling. So if you are in a building where multiple tenants are, it might be the case that you can go from one tenant to the other by going over the wall, taking out the ceiling, going over the wall. This is a fact, a technique that's quite often used also by burglars. I have a movie of that here. Is it actually running? Inside, a cascade of ceiling tiles rains down. But the culprit's hope for an easy entry falls through. Booze and burglary just don't mix. You should be better prepared than this, but this shows you the technique. You can go over the ceiling to get in. So maybe on our way, we will see a sliding door. Those are also interesting because in many cases, as with the doors I've shown you before, those are doors that will open from one side automatically, but not from the other side. So if you want to gain entrance, you need to present some kind of ID card. But if you leave the building, leave the area, the door will just open. Of course, this depends. In some cases, you need ID badges on both sides, but in many cases, it's only on one side. So here I have a door with a... This is not working. On the top, you see the black box that's actually looking for movement, and this is a quite sophisticated one. This one is looking for not the presence of somebody, but movement of somebody towards the door. So if you walk away from the door, it does not open. If you walk towards the door, it does open. So we need to find a way to trick this sensor into thinking somebody is walking towards the door from the protected zone while standing on the other side of the door. Now, this can be done using, for instance, a tape measure. Well, first I will try a piece of paper. Sometimes this will work. The sensor on the inside might see the paper and open, but in this case, the sensor needs this movement coming towards the door. So I use a tape measure, and the room between the doors is normally big enough to insert something, and by retracting it up. Here's the same thing from the inside. So here we see the sensor. The piece of paper is detected, but does not qualify as a human being wanting to leave the secure zone. Then comes the tape measure. Going outwards doesn't trigger. Going inwards, it does trigger. So this is what is needed, which you could also use is some compressed air. If you hold it upside down, this will create a bit of smoke, and that will probably also trigger the sensor allowing you entry. So again, it's about hacking and thinking about how to operate devices, mechanism on the inside of the door from the outside. Okay, we're in. Next up we come to an elevator, and the elevator goes to the floor with the data center, but you can only go to the data center if you have the key to enable that floor. Now here's a fun fact. Elevators need elevator mechanics, and elevator mechanics normally don't have a key for every elevator in the country. So what happens is that if you buy an elevator, you get a standard key from the elevator manufacturer. So there's maybe a handful of manufacturers, so if you have a handful of keys, you have all the keys for all the standard elevators. Of course, if you are a high-profile facility, you could ask the vendor to supply you with a specific key for your facility. But if you have... Where are they? Here I have a few elevator keys, so that will open quite a lot of elevators. So you only need to get those. By the way, those are not the actual keys because it will be too easy for you to copy, but you get the idea. Okay, we've taken the elevator to the floor with the data center. We are now inside of the room, and we are faced with the 19-inch rack. And now, in most cases, it becomes really easy because, again, the 19-inch racks are only from a few suppliers, and if you buy a standard 19-inch rack, you get a lock supplied by that vendor. And if you buy a Rital cage, for instance, you get a standard Rital lock. Maybe they have a few of those, but those are all standard keys. Again, if you are in a high-security facility, you could ask for your own specific cylinders in there, but in many cases, it's just the standard stuff. So here are a few standard keys for 19-inch racks that will open many of them. These are the actual keys, but these are easy to find on eBay or wherever, and you can buy them. And if you have a set with them, that's really easy. And in fact, most people that work in data centers and go to a lot of places do have a key ring with keys like these. But suppose we are in a facility where they put in a different cylinder, so we can't open the 19-inch rack with these keys. So we're stuck. And then we need to use lock-picking techniques to enter. So let me show you how a lock works. This is an opened-up lock. So if you take a standard lock and cut out a slice, you will see that inside there are pins. Actually, they consist of two pins, the top pin and the bottom pin. There's a spring that pushes them up. And the dark yellow round thing, that's the plug. And that's the thing that actually needs to rotate to operate the mechanism and open the lock. It doesn't open when there is no correct key, because this pin is blocking right here at what is called the shear line. So to open a lock, you need to make this free, free up this space so it can open. Now I'm not going to give you a complete introduction into lock-picking. This is by the way how the lock opens with the correct key. So the key matches, the depth of the key matches the size of the pin. The shear line is free and the lock will open. Of course, there's not one pin, but there's a couple of pins in there, maybe five. And the key is made to match the length of the five pins. They line up perfectly and the lock will open. Now you can use lock-picking techniques. That's quite difficult to do. You need to push all the pins one by one and feel exactly what's going on inside. If you master this technique, you can open almost any lock. But let's suppose you're new at this. Then there are some shortcuts. And one of them is using jigglers. So what you can do is you can insert one of these tools. They're a bit shaped like a key. You insert them in the lock and you apply the turning force that you would normally do with your regular key. But of course, it doesn't open because it's not the correct key. But you go back and forth and up and down and this will move all the pins up and down and they start vibrating a little bit on the springs. And if you're lucky, you will open the lock. And with high-security locks, this doesn't work. But with cheaper locks, this actually does work. There's different sizes. So these are actually for car locks. These are suitable for 19-inch rack locks. And I have a picture of a movie here of somebody opening a lock with these things. So he's applying turning force and at the same time going up and down. They work pretty good. You could say that. So normally it will take you a little bit more longer time to open this than what's shown in this video. But this is actually quite good technique for the locks that you will find in many 19-inch racks. And this slide should have been in my presentation of tomorrow so I'm just going to slip, skip that. Another thing you can use is a pick gun. It uses a different technique. Here you see again the lock with two pins and the shear line, which needs to be freed. Now the pick gun uses the phenomenon that if you smash one billiard ball to two others, the energy is transferred and this ball will move while the middle one will stay put. And we can use the same technique with the pins in the lock. So we have two pins that are next to each other. If I apply force to the bottom pin, just as with the billiard balls, this pin will stay put and the other one will go up in the lock, creating a gap. And the gap allows us to open the lock. The problem is that the gap will quickly disappear because the pin bounces back. So you have a very short amount of time in which the pins are away from each other and in that time you can open it. So we need a device to smash all the pins. That's the pick gun, which is something that looks like a gun. That's why it's also really difficult to get this in your checked-in baggage. Trust me, I know. But it is actually a needle that will go up and if you position it right on top of the pins, you smash all the pins and if you at that moment turn the lock, it should open. So you need a second device to do the actual turning so the lock doesn't turn because the pins are blocking it. I need to insert a needle, smash a few times, and the lock opens. Again, thank you. It is actually a little bit more difficult than I make it look because you need some experience in when to apply the force and how to hold the tool. But it is still quite easy to do. There are ways of protecting your locks against this so if you are a high-secure facility, you could buy locks that are not susceptible to this attack. Now you can buy pick guns on the internet. You can also buy electronic versions of it, an electric pick, which is just a vibrating needle, and there's even people who make them themselves using an old toothbrush, nine-volt battery. Perfect. One more thing. I don't know about other countries, but here in the Netherlands, if you are in a building, especially if you share the building with other companies, the fire brigade needs to be able to gain entry to your building in case of an emergency. It is not feasible to give the fire brigade the keys to every company in the city. So what they do is they use this trick. They have this thing over there, which is a tube that is in the building and is marked with a B and a key sign. And this actually is a little vault that holds the key to the building. So this is inside of the wall. Inside is a key, and that's probably the master key that gives access to any part of the building. And that's what the fire brigade needs. To get access, they use their own key. So the fire brigade has a key that fits this vault. And what's interesting is that the key is obviously the same for all buildings within the city. So if you are able to figure out what the key looks like, you have the key to get the keys of all the buildings in the city. So that's a risk. Another risk is that you have no control over this key normally because that's from the fire brigade. So there was this one assignment where I did some tests for physical security at critical infrastructure in the Netherlands and they had just upgraded their locks and physical security was really secure. They had really good locks, but they had this device in the wall. And their own keys were really, really great, but this one was actually... Of course, these are not the actual keys, but they were comparable. I was able to use the simple pick gun to get access. Well, actually, I'm rather a little bit ahead of time, so let me just add some more slides. Just a second. So I will explain a little bit about lock picking. There is actually a lock picking village, but the problem is that everybody with tool Netherlands is so busy doing other stuff at this excellent conference that there is not much going on over there, but there is a village. If you like, I can also teach you some lock picking. Where is it? It is opposite of the food hacking base. Opposite area 42, that area. So I've shown you some tricks using the pick gun. That will work on the cheaper locks, but if you master real lock picking, you can open almost any lock. But the learning curve is quite steep, so that is why lock picking is, as far as I know, almost never used to actually gain entrance to a facility. Maybe Secret Service will do this, but a regular burglar will not. So again, this is how a lock works. We have several pins. Actually, double pins with springs underneath, and the key will make sure that the pins are all aligned at the shear line, enabling the plug to rotate. Now, what you do is you use a tensioner, which is just a flat piece of metal, that you insert in the lock to apply turning force, because the key actually does two things. The key, when inserted, places the pins all at the correct position, and then you use the key to turn. So we use one tool to do the turning, which doesn't work because the pins are in the incorrect position, and we need to use a different tool to move the pins around. But here is the problem. What pin do I need to move and how far? Now, the fun thing is that if you buy a lock, a lock is never mechanically perfect. So there will be always a pin that's a little bit off to the side more than the other pins, or it's a little bit thicker or a little bit thinner. So you might think that if you apply a turning force, that all the pins will block, but in reality it's only the thickest pin that will block, in this case, this one, and prevent the lock from opening. And you can actually figure out which one that is by pushing on it, because if you push on one of those pins that are not blocking, you will only feel the spring tension, but if you push on this pin, you feel quite a lot of resistance, and you know you have the pin that is blocking. Now, if you push that pin down, and you are at the correct position, and something magical happens, the lock will turn just ever so slightly. And this will be something that you can actually feel, so you know that you are at the correct depth. And also because it rotates slightly, the pin is now kept in position. So as long as you keep this turning force on the lock, the pin will be in the correct position, and you can try and find the next thickest pin. And when you've done all five, you've opened the lock. So you apply the turning force, you use a second tool to feel which pin is binding, so these are not binding, but there's one with a lot of resistance. You push it on the correct position, you feel this, and you find the next one. And you don't know what the order is, the order is always different, but this can be felt, and once you've done all five of them, the lock will open. So if you master this technique, then you can open almost anybody, any lock. So to conclude, I think it's important to understand that, well, IT security is very important, and you should really protect your valuable data, but securing the data is not just about IT, it's also about social engineering attacks that you need to prevent, but also about physical security. So if you do proper risk management, you have to consider all the risks. And it's quite hard in most organizations to combine IT security risks and physical security risks. In most cases, the IT security people are completely different from the people responsible for the physical security. But you need to have a communication between them to understand where you need to apply physical security and how much. And that actually concludes my talk, but we have 50 minutes time left for questions, so if there are any questions. And thank you. Thanks, Walter. If you do have questions, please come up to the microphones. There's two in the middle here. Hi. Thanks. Really interesting talk. I have a question about the elevator keys. Yes. You mentioned the ones on the slide were not the real keys, but the ones you actually showed in person here. Those were the real keys or not? They might have been. I first have to check how good the HD video here is. I was going to check with the organization. This is being recorded, I think. Yes. Okay. That was my question. Okay. Hello. Hi. We have swapped out our retail standard locks with the number locks, the analog three-wheeled, not three-wheeled number locks. Is there a way to open them? Is there a way to open the locks that have those three rotors or four? Yes. But then we go into lock-picking techniques. I can show you in the tool tent. But in short, what you can do is you can rotate the discs and feel on the shackle if something happens. And the second one is that in the wheels have a notch, and if you insert a very thin piece of metal while turning, you can feel where the notch is. And if you do this with all three wheels, you know the relative position of the three wheels, and then you only need to figure out which position the all three should go. So those are quite easy to open. Yes. If you are leaving, please do so quietly. Thank you. What lock do you have on your home? I have a lock that is better than the one that my neighbor has. I get a lot of questions. A lot of people ask me, what kind of lock should I buy? But it really depends what you are afraid of. There are different risks. There's a risk of somebody picking your lock. There's a risk of somebody breaking your lock. There's a risk of somebody copying your key. And it depends on what kind of risk you're most afraid of, what kind of lock you need to buy. So you can buy a lock for which the key cannot easily be duplicated, but maybe it's easy to pick. Well, there are combinations that are possible. So it depends on what you're... So as a follow-up, electronic versus mechanical locks. Do you have any general impression of what is better or worse? At this point in time, there are a lot of companies starting building locks that combine mechanical stuff with electronic stuff. And those companies are not companies that have been doing electronics and software for a long time. So we see the same mistakes being made there that have been made in the IT world for a long, long time. So many of those cases, the locks will have vulnerabilities. So recently, with the blackhead, there was this gun with a lock that could be opened with a magnet. So I will go more into that in tomorrow's talk. But I think that you have to be careful with electronic locks to see if they're really secure. You said that you can lockpick any lock. Aren't there any locks that they're harder to pick or impossible to... You showed some keys that I have more than one-dimension bins. Or will it only protect against picking guns? So the question is, can you really pick all locks? No, not yet. There are some locks that are really, really hard to pick. There are some locks that I only know one or two people in the world that have ever picked one of those locks. There are locks that I have never heard of somebody having actually picked those locks. So they can be found. But that's not the lock you would typically see in use. That's really a high-security lock. Thank you. Unless you're in Finland, because in Finland they have... Yeah, the Finns are really, really good locks. Once you're in, do you have something against video surveillance and alarm systems, or is it just get out before they can catch you? Well, it depends on what your goal is. If you just want to steal the data and you don't care about video surveillance, then that's not really a problem. Otherwise, you go into red teaming, you need to figure out where the alarm system is, maybe hack the alarm system from the internal network, maybe you break in physically, gain entry to the network, disable the alarm system, then go further. It depends. Okay, so there are also tools once you're in for those systems. Yes, there are tools, yeah. Okay, thank you. So you show this fire brigade key tube. Does the fire brigade in Netherlands really force you to use such a key tube? Yes, they really force you to use such a tube. I mean, if you have a high-security critical facility, they force you to put that on the wall. This means you're still going to have an alarm system and stuff? Well, I don't know if in this instance the owner of the building has actually discussed with the fire brigade if they could do something different. But the default is that you get such a device. And of course, what you can do with the fire brigade will ask you for your master key, and if you give them some other key, then that risk has gone. But that's not really... I mean, like in Sweden, for example, there's no such system. Instead, the fire brigade are very, very good at breaking down doors. Yes. In most cases, breaking down a door is the fastest way to get in. Yes. I just want to add something to the fire brigade keys. As far as I know, at least in Germany, if your facility has an automatic fire alarm, this alarm has to go off when you take a key out of it. And I think this is probably enough so the booklets don't steal something at the time. Okay. Any more questions? We do have time. I live on a country where most doors are open out to the outside instead of the inside. Are there any other tricks that works better on those? I didn't get that. I live on a country where most doors are open in the other direction, outwards instead of inwards. Are there any other tricks that works better on those? You can't like shim the bolt and stuff. Yes. Well, if the door goes open, it doesn't matter what direction, but if the hinges are on your side, you can remove them. Yes. So there are more tricks. I don't know what your actual, if that's an answer to your question. Yeah, maybe. It's just like shimming with the plastic and stuff doesn't work. Shimming with the plastic. Yes, I showed you shimming with plastic from a plastic bottle. You can buy special shimming plastic. Yeah, the mixture. But if you can reach the mechanism, that'll work. Yeah, but you have to reach it from the other side? Yeah, but that can still work. It depends on how the door is in the door post. And there is also stuff that you can install to make sure that such a piece of plastic cannot enter. Yeah. Thanks. What would you advise people travelling in hotels, especially females, to guard their door? Because I was really terrified about what you showed in the beginning of your talk. That's a good question. I haven't really thought about that. It's the other way around. No, but I would advise not to leave valuable stuff, but of course you are there yourself. Exactly. And you are very valuable, yeah. I wouldn't know. Well, you could screw off the door handle, but... Sorry? Oh yeah, that's an idea. You can push a towel, a good one. Take a towel and push it really hard into the slit underneath the door. So if there's no room left to insert the tool from the outside, that will help, yeah. And you can do that while you're inside. Okay, thank you. Okay. How's the mechanics behind the elevator door switch? Is it just a switch or is there something behind it? It's just a regular cylinder lock, but the thing does not operate a whole locking device, but it operates a switch. Okay. Do you advertise the fact that your lock is better than that of your neighbour, and if so, how is your relationship with your neighbour? Yes, I do. You heard me do it. I have a really good relationship with my neighbour, and I told him I was upgrading my locks, and he said that his locks were still fine. So I can live with that. If you're inside a building, are there any techniques to find a server room? Do you just stroll around? Well, the server room is... Well, it depends a little bit. In most cases, it's on the bottom of the building, or it is somewhere where it's dark, and there are no windows. Otherwise, you just have to try and find it. It's easier to find the room where the managers are in, because in most cases, it's the nicest room in the building, but the server room is a little bit harder. In one of your early studies, you showed an American door with a latch, and this latch had a tiny little bolt, actually, to prevent the credit card technique. Do you know any techniques that bypass this? Not on the top of my head. If it should be secured, then, in that case, against this credit card? I'm not going to say yes, I need to investigate if that's really the case. It is at least more secure. More questions? Okay, thanks again, Walter, for a really great talk.