On 2-3rd of June 2018 I attended OzSecCon in Melbourne. I'm not really a locksport enthusiast by any stretch of the imagination, I'm happy to fiddle with a lock and pick during social night - but I don't go out of my way to find the locksport village at a conference. However - the atmosphere at OzSecon was overall amazing. Notwithstanding, it is hosted by Topy - the Australian who has lugged his locksport stores up, down, east and west across Australia, at his own personal expense, hosting the locksport villages at AusCert, Ruxcon, PlatypusCon, BSides Canberra and probably many more I'm forgetting. He is the drive behind growing Locksport in Australia - so if you are remotely into Locksport, OzSecCon is where you should be.
I've done a brief writeup of the talks and workshops I attended below.
‘Keynote: Red Teaming’, by Jek Hyde
Jek works on Walmart Red team. She made it clear that her position on the red team is to achieve physical access - not work on computers. She referred to herself as a “Professional burglar”. She discussed secure facilities syndrome - in which facilities tend to be very hard to get into but once in, is all soft and squishy on the inside due to wanting to promote a good culture. She did a walkthrough of a pentest she did in Canada. Started with dumpster diving. Found out about meeting, made a fake pass, wore fake pregnant belly, used a Bose cloner to clone a pass and got in.
Installed keyloggers, Dropbox, rubby ducky & listening devices. Heard a lady going out for lunch and used her office to gain access to systems. Key takeaway point was that physical and logical are treated separately when they affect each other so much and should be looked at together.
‘Manipulation aids in opening safe locks’, by Jaakko Fagerlund
Discussed through the techniques of cracking dial combination safes. The wheels within the dial can be different shapes and graphing (turning the wheel through each number). Right contact point (sloped) is the one that is most useful to measure. Showed graphs on the non-roundness of wheels - 0.5mm deviation at some points. Exploits are based on dialing tolerances, cheap electronics, reading wheels in the order W3, W2, W1.
Advanced exploits use electronics to graph the wheel pack, ultimate way is a manipulation robot (autodialler with a microphone - softdrill)
‘Cognitive biases and how to be less wrong’, by Alex Hogue
Alex discussed base rate rejection. He explained that people are more likely to look at the evidence without looking at the base rate. Eg. creaks in a plane == evidence of impeding crash despite base rate of crashes being low
He also discussed confirmation bias. Eg. Verifying your hypothesis only with tests that will result in positive confirmation. This can be beaten by using null hypothesis - proving yourself wrong.
Availability Heuristic - if there are more examples in public media, then people assume it is more common eg. Ransomware. Leads to “after a disaster we prepare more”
Others: scarcity bias, loss aversion, sunk-cost fallacy, the halo effect, outcome bias, inattentional blindless, bias bias, cognitive dissidence creates more bias.
Alex concluded with a very entertaining slight of hand routine done to a volunteer from the audience.
‘Tamper resistance bypasses’, by Connor and Emily Morrison
‘How to disappear completely’, by Attacus
Second part of talk moved to techniques of avoid facial recognition. Talked about how facial recognition worked and old school mitigation techniques include, wearing a balaclava, wearing sunglasses or pulling weird faces to avoid facial recognition.
cvdazzle.com - Adam Harvey, ahprojects.com provides solutions to avoiding facial recognition.
‘Back in time: Finnish lock industry’, by Thomas Covenant
Karelian locks (a region ceded to the Soviet Union from Finland) date back to medieval Finland.
She talked through wooden locks, development of metal and ornamental locks and the spiritual beliefs around locks keeping people safe.
1920s industrialisation heralded Abloy locks in Finland. Designed by Finnish man who repaired a cash till, and saw the rotating disks. 1918 patent registered, sold in 1919 for 34 euros
‘The ALC Galaxy Lock: an in-depth look’, by Adam FosterAdam talked about how he bought and disassembled a galaxy lock, released by the Australian Lock Company (ALC). He discussed how it worked and possible ways to attack it. He stated that he had managed to pick it but he hadn't recorded it and couldn’t replicate.
‘Challenge locks’, by nullwolfNullwolf started off explaining reasons why you would build challenge locks - Reddit lock-picking awards profile flair for building challenge locks. He covered off on the rules for building a challenge lock eg. At least 6 modifications, working key
Covered shopping list required.
Using a dremel to do pin sculpting
Impressioning WorkshopI attempted the impressioning workshop... twice! I was terrible at it. But I learnt a lot about the technique and skill involved to impression a key.
Milling your own cutaway lockThis is when I realised the value of OzSecCon being run at Melbourne Polytech. Access to all the machining tools allowed a live demo of creating cut away locks (plus many more machining demos that I missed). @anarchy_won did the demo and was patient and willing to answer any questions we had on mill types, techniques and other hints. It was fantastic seeing his passion and knowledge.
As well as the talks and workshops, OzSecCon had an inclusive and welcoming environment. I was greeted with friendliness and helpfulness the whole conference. I attended the female lunch and the Friday night party - both were really enjoyable. The party was catered with Turkish and a neverending bartab!
Overall, I've heard the locksport community likened to what the computer hacker community was 20 years ago. A little edgy and considered borderline inappropriate. However, like the trailblazers that made computer hacking mainstream, OzSecCon is breaking down barriers and making this important topic visible and accessible to everyone. Well done Topy & the OzSecCon Crew!!