Physical red team attacks are something we are passionate about at White Oak Security. Ever wonder how we open doors we don’t have access to?
The Bypassing Doors blog series will demonstrate easy-to-use tools and techniques that can be utilized to bypass your organization’s interior and exterior doors. In this part 1 post, we will go through a simple overview of the Under The Door Tool (UTDT).
The UTDT is perfect for any doors that make use of a lever style door handle. This is usually always the case with commercial buildings, as lever-style handles are the most common doorknob style that meets ADA requirements.
Under The Door Tool – UTDT
The image below displays how the UTDT works, it’s quite simple and most pentesters include these in their pentesting toolkit. One would insert the tool underneath the door, then work it over the lever handle by maneuvering the tool in different directions. Lastly, just pull on the cable which opens the door handle – viola! Access is that easy.
This tool can be made with supplies from local hardware stores, such as Home Depot, with a rolled rod and string. Here is a quick video that shows the UTDT in action:
How To Prevent Under The Door Bypass
There are multiple prevention options that can be implemented to prevent the Under The Door Tool. These options include the following:
Kick Plates & Toe Plates
Kick / Toe plates need to be adjusted to minimize any gap below the door. This prevents the tool from being inserted underneath.
Similar to the kick plate, the door shoe will need to be adjusted to prevent anything from being shoved under the door.
Door Handle Surround
A handle surround prevents the UTDT from accessing the interior handle, deterring one from pulling lever handles down/open.
More physical pentesting tools and overviews are being published soon, so stay tuned for part 2!
MORE FROM WHITE OAK SECURITY
White Oak Security is a highly skilled and knowledgeable cyber security testing company that works hard to get into the minds of opponents to help protect those we serve from malicious threats through expertise, integrity, and passion.