Posted on July 07, 2015 by Rift Recon
Get ready to start yelling at your television.
I’m going to make a guess here. Heist flicks, caper films, con-man stories…you eat them up. Even the bad ones. You’ve fancied yourself a master thief, you just lack some of the required skills (and would like to avoid the inside of a jail cell).
So maybe you aren’t cut out for a life of crime, but that doesn’t mean you won’t eagerly lap up a rerun of Ocean’s 11, or an episode of Leverage, or something else along those lines.
I’m the same way, but this weekend I found myself shaking my head in disgust during a particular scene of a break-in. The scene where they had to pick a lock.
Why was I shaking my head? Because I know how to pick locks, and they were doing it wrong.
I’m just beginning, and I’ve never had to pick a lock in a high-pressure situation, but I know enough to know when a character isn’t using the right tools. Soon, you will too.
Not everyone is a security expert, and everyone started from somewhere. Me, I’m starting from scratch, and I’m inviting you, the reader, along for the ride. You’ll learn as I learn. I’ll point you in the directions of resources, how-to vids, and equipment that you can buy, repurpose, or make yourself. We can share in the triumphs and the frustrations, and hopefully this can serve as your jumping-off place for a brand-new set of skills. So let’s get started.
To start, let’s get our supplies together. I’m using a set of HPC PIP13 Lockpicks from Rift Recon. As for locks, I’ve just got a handful of door locks and padlocks from the bottom of a drawer. If you don’t have any of those, just look for “lock set” on eBay or Craigslist, and pick up a dozen or so. Every lock picks differently, so having more than one set is a definite plus. Pickers who want to see exactly what they are doing can try picking up a clear plastic lock, which allows you to see inside the lock mechanism.
Before you dive in, it’s worth knowing a little bit more about how locks work. For that, I suggest going the same route I did, and looking at a few different resources:
The first is a series of YouTube videos by lockpicker Schuyler Towne. I suggest watching all of them, but if you are really itching to get started, take a look at episode #4. This will explain exactly how locks work.
The second is the LSI Guide to Lock Picking (LSI stands for Locksport International). It’s laid out like a comic book, with informative illustrations and a conversational style. When you navigate to page 9, you’ll see why lockpicking works (tension and mechanical tolerances).
Confused? That’s okay. Now that we have a little bit of information under our belts, it’s time to pick up your tools.
Before we get started with picking the lock, let’s figure out how many pins are in it. It’s ridiculously simple…just grab any flat tool (I usually use the diamond pick) and insert it into the keyway. Push up, all the way to the top, and then hold the lock up to your ear. Making sure the pick stays flat, slowly slide it out of the lock.
Hear that click? That’s a pin dropping into place. Count the clicks, and you’ve counted the pins. Three clicks? Three pins. Five clicks? Five pins. One click? You get the picture.
Test out all your locks. Find the lock with the least number of pins, and let’s get started!
The first tool you’ll need is a tension tool, which looks like this:
This tool puts tension on the lock, simulating the turn of the key. I like to put my tension tool at the base of the keyhole, and then, while holding the lock in the webbing between the thumb and forefinger of my left hand (I’m right-handed), I put a little bit of pressure on the shaft of the tension tool with my finger tip. The pressure on the tension tool will cause one of the pins in the lock to bind. This is great.
Now, grab your pick. To begin with, I prefer the diamond-tipped pick, because I feel like it offers a little bit more control. Insert it in the keyhole just above the tension tool, and gently tap up. You should feel the pins bounce a little bit (they are spring-loaded, after all). As you test the pins, you should feel one that doesn’t bounce quite as easily as the rest. That’s your binding pin. Tap up on it gently, and as it pushes the driver pin above the shear line, you’ll feel the lock spin just a hair.
One pin down, just a few more to go!
Once you’ve gotten one pin in place, feel around for the next binding pin. Repeat the process from the previous paragraph, and one-by-one you’ll slowly move all the driver pins up above the shear line. When the last one clicks into place, the lock will spin a significant amount, and voilà! You’ve just picked your first lock!
At the beginning, it will be a lot harder and more frustrating than it looks / sounds. But keep at it, and soon you’ll be ready to move on to some more advanced techniques. We’ll talk about those next time!- Aaron Autrand is a trainee at Rift Recon. He is a novice lockpicker who is just trying to stay one step ahead.
Posted on February 05, 2015 by Rift Recon
Rift Recon is to offer their first large-scale urban escape and evasion training of the New Year to those attending InfoSec Southwest in Austin, TX on April 8th-10th.
“We’re talking about an entirely new terrain with entirely new challenges. The Austin playing field will be unparalleled to what any Art of Escape participant has experienced before.”
San Francisco, CA February 4th, 2015
As the InfoSec Southwest (ISSW) conference approaches, San Francisco security company Rift Recon bolsters its arsenal of cutting-edge knowledge in anticipation. In addition to the lecture tracks, ISSW has a number of specialized and in-depth training courses available before the conference begins. Rift Recon’s renowned urban escape and evasion course, The Art of Escape (AOE), is being offered as one of those trainings. It will be Rift’s inaugural ISSW intensive, and the first Art of Escape course of the New Year.
Art of Escape ISSW participants can expect to garner skills such as how to pick, bypass, and open locks, open handcuffs, duct tape, and rope, as well as effectively utilize social engineering and active confidence schemes to their advantage. This three-day-long intensive, led by head trainer Brian O'Shea and Rift Recon CEO Eric Michaud, will close with a realistic abduction simulation designed to put the students’ newfound knowledge into practice. The students will have to gain the trust of their captors, break free of their restraints, escape by gaining access to restricted or unauthorized areas without detection, and much, much more.
“We’re talking about an entirely new terrain with entirely new challenges,” remarked O’Shea, who develops the abduction simulation programming, “The Austin playing field will be unparalleled to what any Art of Escape participant has experienced before.”
Potential AOE players should keep in mind that each course is pre-registration only until the attendance threshold indicated is met. Once the attendance threshold is met, pre-registrants will be contacted with full registration and tuition payment instructions. You can learn more about The Art of Escape at ISSW, as well as pre-register, by clicking through to the official training listings page.
“Since this will be the first Art of Escape training of the new year, we’re excited to be able to apply all of our attention and resources to blowing it out of the water,” said Michaud. “We’re aware that we’re developing a curriculum for industry insiders as opposed to the general public, and that creates a unique opportunity to produce brand new material.”
InfoSec Southwest is an annual information security and hacking conference held in Austin, Texas, one of the most interesting and beautiful cities in the United States. By addressing a broad scope of subject-matter, InfoSec Southwest is intended to both provide a comprehensive and valuable forum to all participants as well as fill a gap for our local attendees left by the other few conferences held here in Texas which are all focused on a narrower scope of subject matter or a narrower slice of audience demographic. Visit http://2015.infosecsouthwest.com for more information and registration instructions.
About Rift Recon:
Rift Recon is a premiere cyber and physical security agency comprised of researchers, former military and private security detail contractors, and computer and hardware hackers that equips its clients from a suite of exclusive services, including specialized consulting, trainings, hardware tampering and forensics work, software development, assessment reports, tool creation, and team outfitting. Visit http://www.riftrecon.com, find them on Facebook, or follow @RiftRecon on Twitter for more information.
Posted on December 11, 2014 by Rift Recon
It seems like just yesterday that Rift Recon ran its first Art of Escape training in San Francisco, and yet last weekend marked the fourth Bay Area urban escape and evasion course. An entirely new group of enthusiastic, determined students embarked on three days of growth and development, with a healthy dose of apprehension mixed in! Executive Assistant Arianna Travaglini sat down with Art of Escape trainers Eric Michaud and Brian O'Shea to talk about the latest installment of Rift Recon’s most popular class.
A: Eric, this is your sixth Art of Escape training, and Brian’s fourth. You both have seen a lot of faces come and go. What stood out about this round?
E: The students’ backgrounds, for one. We had engineers in this class, a lawyer, someone in sales for a major corporation, and many more. Usually we’ve been seeing a majority of tech and security industry folks with a sprinkling of outliers. This group was more diverse.
B: It was also the most gender-balanced class we’ve taught thus far, and I feel like that worked to everyone’s advantage. The skills that we teach are applicable to anybody regardless of gender, but unfortunately there’s a unique vulnerability to being a woman in our world. We were thrilled to be able to address the needs and bolster the overall competency of more than a few female students.
A. Did either of you have any concerns when the class began, or throughout the weekend? Anything you saw this particular group struggling with?
E: This class was definitely the most initially truculent group we’ve had thus far. They were wary, and they didn’t make it easy to win them over. Usually you have one or two individuals like that, not the class as an entity. Brian and I figured that we would need to get more hands-on with them to earn their trust, so we cut back on the rote lecturing and increased the demonstrative exercises. It opened them right up.
B: I noticed that the few engineers we had in class had some difficulty wrapping their heads around the concept of “social engineering”. It’s a non-quantifiable skill, being more in the nebulous realm of manipulation, so there are no easily-identifiable “steps” to it. For people who think in a very linear, categorical way, this can prove challenging. In mastering it, you have to apply your own personality, which then becomes the lens you look at it through.
A. What do you feel this class excelled at?
E: Because they were all from such diverse backgrounds, once they acted as a cohesive group they were able to leverage each other to pick up the lessons we were teaching with ease. One person’s strength fed another’s weakness.
B: I feel that they excelled at overall situational awareness. In past classes, people really jumped on mastering the individual skillsets: the lockpicking, escaping restraints, etc. But this class was constantly looking for danger and people manipulating them around every corner, thinking strategy first and tactical later instead of the other way around. This disposition definitely helped them excel during Saturday’s Field Training Exercise.
A. Speaking of which, let’s talk about Saturday’s Field Training Exercise - that’s the best part! What surprised and/or delighted you about that day?
E: I was really impressed with the students’ intuition. For example, we lied to them at the onset: we told them we’d be conducting entry interviews and de-briefing them at a hotel, and that the abduction would take place afterwards on the street. In reality, we had interrogators ready to subdue them at the hotel. A few students were genuinely taken aback, but many were prepared for such a trick, even citing ahead of time that they “felt something was off”. These instincts were especially encouraging, and many students evaded capture by pursuers throughout the day while relying on said intuition.
B: Earlier Eric mentioned how the students were already leveraging each others’ strengths and weaknesses in the classroom; well, one of our teams was able to do that in the field in an extraordinary way. They assessed each others’ abilities up front - the woman was the faster runner, and the man was better at hiding - and they made a plan for how they would respond under duress. If pursued by a chaser, they decided to split up - he would draw pursuers away from her so that she could succeed, effectively sacrificing himself. This kind of difficult decision making directly mirrored real-life hostage responses. To them, the exercise was unequivocally authentic.
- Arianna Travaglini
Executive Assistant at Rift Recon
Photo Credit: Eddie Codel
Posted on July 16, 2013 by Shopify API
For a mere 96 pounds you could be the proud owner of what looks like a compact pickset - the German made Pick Set ZIEH-FIX Pick Needle Set “Novum” But upon further examination it turns out this pickset is not what it appears to be at all. This is a manual Electronic Pick Gun (EPG).
That is to say, it has 13 different interchangeable tips (3 of each) and one common handle, and ALL of these tips are designed for raking, strong up and down motions. NONE of these tips are designed for the slower techniques used with most manual lockpicks. Also, these 39 tips will likely fit into your EPG that you may currently own.
So what makes this different than your EPG, no batteries… It’s man powered, if you will. Other than the 39 pick tips (13 different types) you will receive 1 tension wrench, 1 allen wrench and 1 brass handle.
To use this tool, you loosen the knurled nut on the brass handle and insert one of the pick tips, then you must tighten the knurled nut as tight as you can and insert the tip into any lock you wish to open. And rapidly shake this tool, up and down until the lock succumbs to your tireless efforts. You should use quite a bit for force when shaking the tool, the tips may seem weak but they are made of Hardened stainless steel, so they can take a beating… Plus you have 3 of each so it’s ok to break one.
If you were to ask my personal opinion of this tool I would have to rate it a solid 3.5 out of 5. I don’t rake much so I would love to have a few normal hooks with the set, but when raking this tool does work great. It is quieter than an EPG or manual pick gun, also smaller and overall more covert but of course requires more effort from the user.
The picks are strong for what they are and you have the largest variety of rakes in any one set that I have ever seen. But my biggest complaint is that there is only ONE tension wrench. I always say the tensor is as important (if not more) than the pick, not every lock fits 1 tensor… So add yourself a couple more tensors and you have yourself a nice, quick, covert rake set.
These tools can be found at Amazon and a few other locksmith tool retailers.
Posted on July 08, 2013 by Shopify API
As we draw closer to the official launch of Rift Recon on July 27th, staff here at Rift have been discussing which written resources we utilize in our daily work to get the job done. From that conversation, we drew up an initial list - and then realized that our readers, friends and clients might like to see it. We hope that by sharing our list, you’ll find the books and other resources we recommend as useful as we have.
Here we present, for your edification and inspiration - Rift’s page of recommended Books, Journals, and Other Resources. This page is a continuously growing list curated by Rift Recon staff, and we’ll be sure to post here when we add new items.
We at Rift Recon strongly believe that inspiration doesn’t happen in a vacuum, and sharing knowledge only increases our wider community’s overall wealth of knowledge - and this, in turn, ultimately benefits all of us. We hope you enjoy this list. If you have questions, or want to make suggestions for us to review and add, don’t hesitate to email us: [email protected]
CEO & Founder
Rift Recon tailors its clients from a suite of exclusive security service providers, in order to meet their specialized needs in software or hardware, utilities for cyber/physical security assessment, tool creation and team outfitting, as well as specialized trainings, and expert referrals.
Our team meets and verifies all equipment needs from solid standards to exotic tooling, and deftly handles client needs for cyber and physical security specialist placement.
Rift operates across a variety of security disciplines including product security, physical security, hardware/software research, and development (including middleware, electronic devices and kits). We also cater to professionals who are striving to meet their own clients’ various cyber and physical security needs.
Our client range spans independent trainers, corporations, to high net worth individuals. We consult red teams, independent cyber or physical security contractors, product security teams, and companies that require exacting, and/or executive-grade assessment reports.
Rift provides a suite of services.
Rift Recon excels at identifying and recruiting top-level talent, and holds a strong track record for meeting our clients’ unique physical security needs.
Discreet and methodical, Rift stands as the premiere company in the world positioned to expertly source, secure, or innovate and manufacture hardware to meet the exacting - often critical - software and hardware security needs of its clients.