In the Physical Challenge category, problems are focused on simulating technical skills that a consultant might have to use on an asssessment. Two major skills that come in handy are knowledge about lockpicking and security cameras.
Lockpicking
Lockpicking is something of both an art and a science. The scientific part is easy to understand as illustrated by this fantastic graphic from Business Insider:
As you can see, picking a combination lock is simply about pushing all the pins in the proper place. Thanks to manufacturing tolerances, there is a little bit of wiggle room for getting them in the exact location. It takes a bit of an artistic touch to keep tension on the lock but still sensitive enough to poke each pin individually. Although this set is not very durable for real engagements, this is an excellent practice set to begin to grasp the fundamentals:
https://www.amazon.com/Kwok-Transparent-Unlocking-Tools-12pcs/dp/B01MY2VF8R/ref=pd_lpo_60_bs_t_2?_encoding=UTF8&psc=1&refRID=5F2D0T8F73JPHNVZRSXJ
As you can see, the lock is completely transparent which lets you use your eyes to judge whether or not the pins are sticking. Eventually you should be able to do it without looking, but this is a nice tool to help with the fundamentals.
Warded Locks
Another type of lock is known as a warded lock. These appear to have many different layers called wards that are designed to only allow a specific type of key to pass through:
Although different, these locks are also defeatable. Since the wards are designed to act as barriers to block the wrong key, one technique to bypass this control is by using a paper clip or bobby pin to turn the lock. These are small enough to slip past each of the wards and if bent at an angle, will have enough leverage to be able to make the lock turn. For more difficult locks, it’s possible to use a specific type of skeleton key. These are completely smooth on both sides except for a small notch on the end which allows the key to bypass all of the wards and turn the lock.
Security Cameras
When assessing a building’s security, it’s important to have a clear awareness of where cameras are placed and what they are looking at. There are two main types of cameras – directional and PTZ. Directional cameras look like a long tube like the following:
These provide good visibility in a particular direction and have a very specific target that they are watching. For example, directional cameras might be appropriate in a parking garage where they can be pointed at the license plates of oncoming cars.
The other main type of camera, PTZ, stands for Pan-Tilt-Zoom and look like circular globes:
These cameras can see a wider area and can be moved in different directions (hence the name). Most PTZ cameras can be viewed and controlled remotely through a web interface – however, it’s critical to make sure that the default passwords on these devices have been changed. One of the largest cyberattacks in the world, the Mirai botnet, automatically took over devices like internet-connected cameras that had passwords like “password”, “1234567” and “admin”.
