Physical red team attacks are something we are passionate about at Cyber Advisors. Ever wonder how we open doors we don’t have access to?
The Bypassing Doors blog series will demonstrate easy-to-use tools and techniques that can be utilized to bypass your organization’s interior and exterior doors. In this part 1 post, we will go through a simple overview of the Under The Door Tool (UTDT).
The UTDT is perfect for any doors that make use of a lever style door handle. This is usually always the case with commercial buildings, as lever-style handles are the most common doorknob style that meets ADA requirements.
The image below displays how the UTDT works, it’s quite simple and most pentesters include these in their pentesting toolkit. One would insert the tool underneath the door, then work it over the lever handle by maneuvering the tool in different directions. Lastly, just pull on the cable which opens the door handle – viola! Access is that easy.
This tool can be made with supplies from local hardware stores, such as Home Depot, with a rolled rod and string. Here is a quick video that shows the UTDT in action:
There are multiple prevention options that can be implemented to prevent the Under The Door Tool. These options include the following:
Kick / Toe plates need to be adjusted to minimize any gap below the door. This prevents the tool from being inserted underneath.
Similar to the kick plate, the door shoe will need to be adjusted to prevent anything from being shoved under the door.
A handle surround prevents the UTDT from accessing the interior handle, deterring one from pulling lever handles down/open.
More physical pentesting tools and overviews are being published soon, so stay tuned for part 2!
Cyber Advisors specializes in providing fully customizable cyber security solutions & services. Our knowledgeable, highly skilled, talented security experts are here to help design, deliver, implement, manage, monitor, put your defenses to the test, & strengthen your systems - so you don’t have to.
Read more from our technical experts...