YouTube Channel Dump: Pen Testing, Alarms

Exchange the techniques and skills needed to walk the shadows. Post your guides and how-tos here.
Post Reply
User avatar
Psychlonic
Member
Posts: 1202
Joined: Mon Oct 29, 2007 2:30 am
Location: Earth
Contact:

YouTube Channel Dump: Pen Testing, Alarms

Post by Psychlonic » Mon Jun 28, 2021 3:11 am

Same idea as the lock topic, this one is meant to provide and curate a list of quality pen testing channels that deal in alarm systems the operator might encounter at night. The list will be updated over time and attention brought to specific videos that will be of interest to the forum at large. While most will simply opt to avoid alarms, at least understanding their basic nature and functions will help do so better if not embolden you to overcome them in certain situations.


Health Zenith - I'm choosing to place this link first as motion sensors lights are one of the most common concerns in the community and this channel while not necessarily pen testing oriented will give you a better understanding of how they work.

Code: Select all

https://www.youtube.com/watch?v=XOSyWFEe_m4
Pen Test Partners LLP - Note that this video also has a wealth of videos covering digital security. I'll be real, this is the only channel with any reasonable coverage on alarms.***

Code: Select all

https://www.youtube.com/user/PenTestPartnersLLP/videos?view=0&sort=dd&shelf_id=0
Magnasphere Corp - Great coverage of magnetic switches

Code: Select all

https://www.youtube.com/user/MagnasphereCorp/videos
EcologicalTime

Code: Select all

https://www.youtube.com/c/ecologicaltime/videos

***-The problem is that any properly installed system is very simple and the components on their own aren't very complicated. However, placement and other factors involved make this a beast. None the less, there are some good videos I'll be drawing attention to specifically soon.

Be sure to check out supplementary info personally written by myself over in this topic:

Supplemental Techniques for the YT Channel Dumps
viewtopic.php?f=3&t=2402
Last edited by Psychlonic on Fri Jul 09, 2021 6:23 pm, edited 2 times in total.
Knowledge alone is not power, it is the potential for power. That potential can only be unlocked through applying that knowledge and realizing the skill.

User avatar
Psychlonic
Member
Posts: 1202
Joined: Mon Oct 29, 2007 2:30 am
Location: Earth
Contact:

Re: YouTube Channel Dump: Pen Testing, Alarms

Post by Psychlonic » Wed Jun 30, 2021 7:10 pm

Today let's take a look at PIR sensors.

Code: Select all

https://www.youtube.com/watch?v=6Fdrr_1guok
This video does a fine job of explaining the basics of PIR components and how exactly they "see" your presence. Pretty simple device.
Take note of the lens which is Fresnel. These are pretty standard on sensors and as you can imagine they are generally made to be optimized for horizontal detection rather than vertical as this would seriously hurt their efficiency. Because of this and how a Fresnel lens focuses light, you can imagine that receives incoming heat radiation most efficiently in a series of "lanes" leading to the sensor. This is why they are more sensitive to being moved in front of laterally rather than moving to or from the sensor directly.
On your typical alarm system these sensors will read the ambient light levels and the control panel will consider this the normal condition upon arming. Any changes registered by that pyroelectric sensor will change the power sent to the panel during armed state. Significant, sudden changes are programmed to trigger the alarm condition.
Knowledge alone is not power, it is the potential for power. That potential can only be unlocked through applying that knowledge and realizing the skill.

User avatar
Psychlonic
Member
Posts: 1202
Joined: Mon Oct 29, 2007 2:30 am
Location: Earth
Contact:

Re: YouTube Channel Dump: Pen Testing, Alarms

Post by Psychlonic » Thu Jul 01, 2021 6:15 pm

We've got a double header for alarms today, and you're going to love this one.

Bypassing Basic Door Alarms

Code: Select all

https://www.youtube.com/watch?v=pPsSraQ3wlo
This video illustrates how a magnetic door switch works, how to detect the polarity on even a well installed system, and how to neutralize the switch from the outside. Note that the description also provides a link for creating your own Hall effect sensor to save yourself money on detecting switches and their polarity.

After playing with other electronic detectors, I highly recommend this become the new standard for magnetic switch detection over a compass, as basic magnetic field detectors can be had for right around $15USD. They won't tell you the polarity of the field, but for the novice operator you can't beat the utility. A compass required for a similar task is much more expensive, bulky, fragile, etc.
Knowledge alone is not power, it is the potential for power. That potential can only be unlocked through applying that knowledge and realizing the skill.

User avatar
Sicarius
Member
Posts: 428
Joined: Wed Mar 04, 2020 6:50 pm
Location: Possibly on a distant Mediterranean shore... one day
Contact:

Re: YouTube Channel Dump: Pen Testing, Alarms

Post by Sicarius » Sat Jul 03, 2021 1:11 am

I have not watched all of the videos, but I just watched the last one. Do you know of any way to bypass a door that opens outward? He used the shim to determine polarity but did not bypass with the magnet. Many doors here in Florida open outwards due to hurricanes busting inward opening ones. In fact, some are mandated by law depending on the building. I of course mean with a magnet, not with RF signals or something
"If one cannot be both, it is much better to be feared than loved" - Niccolo Machiavelli, The Prince

User avatar
Psychlonic
Member
Posts: 1202
Joined: Mon Oct 29, 2007 2:30 am
Location: Earth
Contact:

Re: YouTube Channel Dump: Pen Testing, Alarms

Post by Psychlonic » Sat Jul 03, 2021 4:27 am

The method I'm familiar with is careful use of a longer but thinner neodymium magnet and an air wedge to slowly get it between the door and the frame without creating a gap large enough to cause the switch to move. The increase in area size makes up for the loss of thickness more than enough to satisfy the switch. Honestly, the method is probably ideal compared to the one he illustrated anyway as it can work on better switch set ups. It's worth noting that, as he states in the description, the bypass should only be done if you're certain the system is pretty simple as with most basic security systems. It's very conditional and if you want to learn more about the more complicated set ups check out the Magnasphere link above for their system and competing multi-switch products.

For more practical usage of the thinner magnet you can actually fit between the door and frame, I've been planning on testing a set up where the magnet is attached to a bracket of sorts that you can quickly mount to a door frame. That way when you've created just the smallest of gaps you can slide the magnet in and attach it semi-permanently to the frame allowing for hands-free problem solving elsewhere. But, said testing hasn't happened yet. As far as I know, no video of anything similar exists to better illustrate this. Sorry. :/ However, some day I'd like to perfect that particular method in tandem with a better over-the-door tool as I encounter rounded knobs more than flat handles in my area. Since I'd be playing around at the top of the door anyway, this would mean less crap I have to carry.
Knowledge alone is not power, it is the potential for power. That potential can only be unlocked through applying that knowledge and realizing the skill.

User avatar
Psychlonic
Member
Posts: 1202
Joined: Mon Oct 29, 2007 2:30 am
Location: Earth
Contact:

Re: YouTube Channel Dump: Pen Testing, Alarms

Post by Psychlonic » Thu Jul 08, 2021 6:40 pm

Circling back to alarms again today with how to jam simple DIY wireless alarms.

Disabling Wireless Alarms - Issue 1 - Simple Jamming

Code: Select all

https://www.youtube.com/watch?v=68M6IVNxjfg
This is a bit of a jump into the deep end for most but that's ok, your takeaway from this video should be the principle itself and that it can be done. You probably won't have a way of discerning the nature of an alarm system without having prior access to a building and during a night op you've probably never been inside of the building you want access to before. There are means of recon and gaining this information first, but for now simply observe their basic operating principles and one way it can be defeated.
Knowledge alone is not power, it is the potential for power. That potential can only be unlocked through applying that knowledge and realizing the skill.

User avatar
Psychlonic
Member
Posts: 1202
Joined: Mon Oct 29, 2007 2:30 am
Location: Earth
Contact:

Re: YouTube Channel Dump: Pen Testing, Alarms

Post by Psychlonic » Fri Jul 16, 2021 10:02 pm

Today I want to point to a novel attack on an exposed magnetic switch that you absolutely shouldn't use except under the most precise condition of having discrete, prior access and knowing exactly what type of switch you're up against.

Magnasphere stun gun test vs. the reed switch

Code: Select all

https://www.youtube.com/watch?v=3c1qKFeYErE
To translate what you're seeing, this attack welds a single normally-closed switch shut by supplying it with too much sudden power. This should be equally possible by using a higher power but more rapid source such as a powerful capacitor/bank. Both of these factors make this a useful candidate for a gray man attack on the inside of an area you can access outside of operations. Simply have your high power "switch kill device" hidden on you and when the opportunity presents itself, quickly remove the outer coating of the lines leading to the switch in a place nobody will notice and overload it.

My concern here might be that such an attack could potentially ruin other parts of the system and would be noticeable immediately upon arming the system. Still, I would wager that suspecting sabotage would be a secondary thought to just general hardware failure. Therefore, you either plan on operating immediately afterward or waiting it out and seeing if the attacked components are replaced during normal access times. If nothing happens, the switch is dead and nobody is the wiser.

Obviously, if you have no idea if the switch is normally open or closed then this is a useless attack for you anyway. What this means for most of us is remembering or snapping a picture of any nomenclature that can help you identify the nature of the switch.
Knowledge alone is not power, it is the potential for power. That potential can only be unlocked through applying that knowledge and realizing the skill.

Post Reply