 The best kind of doors are the doors you have to explain. Welcome to Unhinge, where door hardware nerds get together and knock and slam on different doorfills. We learn, we laugh, and sometimes we even cry depending on how bad the install is, but most importantly, we have a little fun why we learn a little bit more about door hardware. Today, we do have a very special nerd, Gary. Hopefully it's okay, I call you a nerd, or I guess Gabby, Gary Gabby, whoever you're trying to scam or hack or social engineer today. Why don't you hop on and say hello, introduce yourself, tell us a little bit about what you do and a fun fact. Yeah, I don't know. Hi, I'm Gary or Gabby, and that's what I do. I read team social engineer, do any kind of logical hacking or human hacking, whatever you want to look at it as. Fun fact, man, I don't know. I was a helicopter pilot in the Marine Corps and I flew Hueys, and that's actually how I got my start into my current job is I built zipper bolts and my OIC officer in charge of the time asked me if I could break in and I said, well, of course I built it to spec. I can break in. I want to, I think it was a case of beer. I think it was a case of Sam Adams, October Fest, because he bet me a case of beer I couldn't break into the vault that I built. Well, you built it, of course. Well, yes, I know, but hey, I got the free beer. I'm not gonna argue with him. Yeah, no, can't argue with that. So red team, for those who don't understand that, can you give us a high level overview of what a red team does? It's funny you ask that question. In my previous employment, I would ask my teams what their definition of red team was but I never got the same answer twice. It's something in the industry that everybody thinks that they understand what it is but the basic idea of a red team is you're emulating an adversary and it's that simple. And typically during a red team you wanna give whomever is performing that red team the leeway to do whatever they think is the best avenue of attack just like a real adversary would and you don't wanna box them in per se and during that red team and again, this is a professional red team, right? Part of the red team is testing people, processes and procedures as well as any kind of facility or hardware in this case, whatever you're doing and you wanna test the whole thing not just breaking an injury. It's easy to break into a building very easy to break into building many times but what you get out of that from a red team perspective or an assessment perspective is you get to see how the people react what kind of policy that you have in place or maybe you don't have in place. If the people follow that policy what they do when they're confronted with contradictions to that policy do they err on the side of caution for the company or do they err on the side of humanity and just trust that the person in front of them is telling them the truth and I can tell you it's more often the latter than it is the former. Yeah, I'm really fascinated with your whole line of work I think maybe in another life I might have been a social engineer of some sorts. We'll see, maybe we'll see someday. It's not too late, Benji, it's not too late. It's never too late. Well, thank you Gary for hopping on the show and I'm looking forward to seeing your insights on some of these doorfells. Mia, you wanna hop on and say hello and another fun fact I guess. Well, yes, hello and Gary, I'm really pumped about this also. I love this kind of mystery and intrigue. So I think this will all be a good episode. I don't know if this is like a fun fact, but it's related. My husband is also a veteran Marine but he did not fly helicopters. He ran the gas chambers. So every year when you had to go through with your gas mask and test all your equipment that's what my husband did. So he was chemical, biological, nuclear defense specialist. I'm sure I forgot one more letter in there but yeah, so that's what he did when he was in. Well, then you're automatically good people. That's how that works. Awesome. Once a Marine, always a Marine, right? That's right. No better friend, no worse enemy. Mia and I jatted a little bit about this earlier today but my fun fact today is kind of random. I bought a house and the yard was really overrun and I could have paid someone to come in and re-landscape it, but I thought because I watched a couple hundred TikTok videos that I'd be like, I'm an expert now at landscaping but I'm getting really into like plants, which is weird because I've never really been into plants before. It's so weird that I'll be like driving down the road. I'm like, oh, there's a Russian siege over there. Oh, look at that rose garden over there and my wife will like yesterday actually were driving down this road and there was a garden center and she noticed that I was like looking over. She's like, I don't have to worry about you cheating on me. I'm worried that you're gonna like fall in love with plants or something. So I'm becoming a plant daddy. That's a thing, Greg, apparently. A plant daddy is a thing. I'll take your word for it. So there's my fun fact for the day but Gary, so glad to have you on the show. For those who don't know how Unhinge works I will share my screen with the different doorfills. We will knock and slam on the different doors give out any helpful tips or learning opportunities for these doorfills and then we'll give it a knocking score. One being not too knocking bad but 10 being pretty knocking bad I guess in this case, we wouldn't hire Gary's team to fix it but let's hire Gary's team to exploit all of the vulnerabilities of your facility. How does that sound? You guys ready to jump in? Ready? Very secure. I didn't even know what to say about this. There's a key in the lock. Sometimes people forget keys in the lock. I've seen it. Other times the lock gets messed up somehow and they end up putting a lock killer in there. Like I've seen people do that where the bidding on the lock, there's like a six and then there's a one and then you can't get the key out. Somebody could have been trying to break in and use the wrong bidding on the key and screwed up because they weren't very good at what they're doing. So it could just be stuck. There's that possibility but it looks like it was turned a little bit. What's interesting about this is you can get into that door just as easily without that key because it's a crash bar and you just put a little bit broad in there and pull and it opens the door wide up anyway. Am I missing something? I was gonna say a J hook would easily open this up pretty quickly, right? You don't even need that. We use our under the door tool to open stuff like that a lot. And if we don't even have any tools with us, we'll just go to Home Depot and buy, you know, they get the little metal rods that they've got sitting in the aisle ways. We'll just take that and we'll go take a pair of channel locks and just borrow them while we're in the store and bend it the way we need it. And then we'll show up and put it in our pants. You know, like right down the side of your pants like in there and just pull it out like this and open the door. We don't even touch locks, you don't even need to. There's so many ways to get into a door where you don't even need to mess with the lock. See what I would do in this instance, especially if it was during working hours, I would take a picture of the key or I would put it in my silly buddy and then I would go turn it in and be the good guy and then have a key of the building the whole time. Yeah, you like build the trust with them, right? Hey, oh no, I found this in the door. Oh yeah. I should be careful. I mean, I would do that anyway because, you know, that's kind of my job. I don't know how well you're familiar with keyways, but do you recognize this keyway by any means? I am not super good with keyways, but judging by the end of the key, maybe a Schlagg. So it's a Schlagg C keyway, which is probably the most used keyway out there. It's definitely not patented, not secure or anything like that. You can definitely go down to your local hardware store and get it copied or even like the Kemi machines, the little kiosks. Yeah, oh yeah. Or even just get the bidding off of it and, you know, buy one and file it down to the bidding that you have. You could even make your own key for, I don't know, these are pennies on the dollar. Like probably the least secure keyway, but apparently you wouldn't even need it. It's a crash bar, just open it up that way. Well, I mess with a key when you can just bypass. You're right, we've got the punchers, you know, or you can stick the key in and you can just punch it and be done with a key in like 30 seconds at the most. But it's great if you're looking for like persistent entry and you can come and go as you please and you can put it on a key chain and look like you're a janitor and walk through there and nobody's gonna say anything because you're like, I've got a key to the door and no one is going to argue with that. They're not gonna be like, how did you get a key to the door? Unless of course it's another janitor that knows that you're not a janitor. That's about the only way that it's gonna work, but nobody ever looks at the maintenance people, you know, they typically don't know them by name and they don't know the entire staff and they don't know the turnover of the staff. So, and not saying that it doesn't exist, but there is yet to be a key that I have found in a facility that I haven't been able to come. They're there, but nobody takes their security that seriously. Yeah, it's scary when you really think about it. Like if someone wanted to really do harm to someone, it's scary to really think about that. But I guess that's why they hire your team. They listen. Yeah, if they listen and actually implement, you know, like knowledge is power, but only when you have action to go along with it. Funny because like, say you get this door, for example, right? And say this was, I mean, it looks like it's a store, but who knows? Say it's something that's vitally important. And you say, hey, you've got to work on your gap so you can have tool insertion here, right? They put the crossbar down the middle and they say, well, we can't do that because X, Y and Z reasons and blah, blah, blah, blah. And you're like, okay, well then you need to make sure that that crash bar is locked at night so people can't manipulate it from the inside. Well, you know, then we got to replace the hardware on the door and blah, blah, blah. Like the excuses are endless on why they can't fix something, but yet you'll show them a video where you literally get a little piece of metal from Home Depot when you come in and you get in and it literally takes 10 seconds. It's almost faster with bypassing than it is a key many, many times. Yeah, because this is probably a night latch function. So it's harder to like hold back the latch and pull as opposed to just slipping in and pull crazy. So the lovely Kelsey Carnell, love her from access communication. She sent me this photo and it was actually at a wedding venue. So I'm sure there's not like a ton of proprietary information in there for you to get, but there's a lot of probably expensive equipment, probably a lot of, I don't know, a bunch of booze or something in this venue or I don't know, maybe people have their marriage certificates or I don't know what proprietary information you would be looking for, but you can do a lot with a little. You would be amazed at the things that organizations will do. You could make some large antennas for RFID readers, get people's credit cards and badges and everything and just set it up there while they're having their venue and you could come back to a plethora of information and items that you never had before. You could set up like they've got the wall of sheep at DEF CON where people leave their wifi and their Bluetooth open for their phones and you could collect the metadata on their phones and get way more stuff than they probably ever want you to have. Let's see, what else could you do? Oh, you QR codes everywhere, right? And like QR codes are just like somebody going to a website and we all know that if you get an email, you don't ever follow the link because it's malicious and so it's hilarious because you could just start putting QR codes everywhere and you could put someone like, hey, do this QR code and send us pictures that you take during the wedding and you're like, oh, and then you can set up a fake website where you collect all the pictures and everything and the whole time you're just owning everybody because they are happy to go to this website and upload the pictures and then eventually they would go to the Friday group and they'd be like, we went to your website and upload a little pictures that we don't have a website. Like people just don't realize how malicious people like us can be that are actually real bad guys. Everything is an opportunity to do something. Even if you got three or four different IDs out of there or cards or something, there's always a place to sell it on the dark web that people will pay good money for it. Wow, yeah, I was thinking like, oh wedding venue, there's not that much in there and then you just gave us five different examples of insane uses of what you could do in this situation. But yeah, it's true. Like every weekend it's a new batch of people showing up and you could just be copying and collecting a lot of new information. A key to this place is innocent as innocuous as it seems. You could put anything in there and again, it's a wedding venue. Like they're not gonna probably know what belongs there, what doesn't, could put stuff wherever you wanted to and collect all the information the day that you want. Wow, I'm really glad you're on here. This was the warmup, but this was the... And here we are, I think you're just gonna talk about a key. Yeah. It's not the key that's important, that's what's behind the door. That's why we do what we do, right? Okay, knocking score. I didn't think this was gonna be very knocking bad, but you make it seem like it could be really bad. Anytime someone has access to a place you don't want them to have access to, I mean that as far as I'm concerned, that's a 10. It's persistent access. You've given them the key to the facility and like we talked about, take a picture of the bidding, they can make their own key, they could use silly putty, they could just take it. If they just took the key and they didn't turn it in anybody, the chances of somebody changing those locks out is probably zero, and they're just going to assume they lost the key somewhere and then they're just going to go have another key made from somebody else's key ring. That's the reality of it is people are lazy and they're just like, oh, I probably misplaced it. It was a single key, it wasn't on a key chain, which begs the question, why is the key to their facility not on a key chain? Why is it just a single key? Which means they probably have it hanging somewhere, right? It's probably owned by some sort of facility management company or property management company and it probably sits in a lock box somewhere on a wall and somebody was opening it for somebody else and so they took the single key off of there and opened it up or whatever. I mean, who knows? There's a million different reasons, but yeah, this is bad. Persistent access is never a good thing. So from a security standpoint, you would say a 10. Absolutely, wouldn't you? What would you say from your standpoint? Yeah, I mean, I guess it defeats the whole reason why you have a door there. From code and compliance, like there's nothing life safety concerns here. So like, I couldn't give it that big of a knocking score from that side of things, but security-wise, yeah, this is a 10. It doesn't get worse than this unless you just had the door open. But even this is not the worst thing. It's much open, yeah. This is worse than just leaving the door open because then you can open up the door even when it's closed. That's right, I agree. It's worse than the door open. Maybe this needs to be an 11. We need to come up with a new scale. So we have vulnerability ratings, right? In cybersecurity and usually low, medium, high, and then some people will have a critical. And then we had an interview with a gentleman who came up with catastrophic after critical. And so that was his, his low, medium, high, critical catastrophic. So yeah, I think this might be in the catastrophic. Mia, any thoughts? Yeah, no, I agree, yeah. From a security standpoint, it would be a 10. This was like new construction. They used a Schlage C keyway. That's been out of patent for how long? I don't know, it's not secure at all. Climbing, when you think about it, what's that old saying? Locks are there to keep honest people honest without going to complete extremes and over kills with high security locks with six security pins or something insane to keep a normal person out. Like this is fine. It's gonna keep 99% of the people out. And the people who want in that aren't professionals are just gonna break the glass and go in through a window or, you know, the front door or whatever it is. If you wanna be featured on a future episode of Unhinged or if you have a picture to submit, you can email me at Mia at doorhardwarenerds.com. Thanks for watching.