hpr-knowledge-base/hpr_transcripts/hpr1919.txt

Episode: 1919
Title: HPR1919: DerbyCon Interview with Paul Koblitz
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr1919/hpr1919.mp3
Transcribed: 2025-10-18 11:08:12

---

This episode of HPR is brought to you by Ananasthost.com.
Get 15% discount on all shared hosting with the offer code HPR15.
That's HPR15.
Better web hosting that's honest and fair at Ananasthost.com.
Hey, this is Zoak with Hacker Public Radio, doing another Derbycon interview.
I'm here with Paul Kobuts.
So Paul, who are you and what do you do, sir?
I am a senior security consultant for Trust & Sec, and I mainly focus on physical penetration
into buildings and social engineering.
So you get to break into stuff for a living?
Do you get to break into stuff for a living, and it's awesome.
And she'd probably point out that I did do some training with Paul and someone else recently
if I had just a before Derbycon started, so I got to see his bag of tricks and he's got
all the cool toys.
Do you want to tell us a bit about some of the physical penetration testing some social
engineering?
Obviously don't give away all these, well, please give away all the secrets, but just
a quick overview and maybe a top one or two tips for people how to do it and how to prevent
it.
Well, some of the tips I can give on how to do it is tailgating is always the best way
to get into a building.
If you can't tailgate, look for the obvious exposed latches because every single one of them
can be manipulated.
Some tips to avoid it are situational awareness, knowing who's behind you, knowing what they're
trying to do, knowing that you're being followed, and stopping that, and get your building
engineers to reconfigure the locks so they actually work.
Cool.
I've got some general tech questions.
I think pretty much all of us have numerous apps and desktop and gadget things, so what
can you not live without?
First of all, watch mobile app, can't you live without?
I cannot live without my games, so there you go, play them all the time.
I suppose if you got to wait outside for several hours waiting for someone to turn
up so you can tailgate them in, then you've got to do something to occupy your time.
What do you use for a desktop and can you live without it?
I have a gaming computer as a desktop computer.
If you're talking about my laptop, I have a Mac, and while I absolutely hated Macs when
I first started this job, I've grown to love it because of all the seamless transitions
between virtual machines and all that kind of stuff.
And you are the man of gadgets, as I said before, I did see some of your toys and some
unusual uses, shall we say?
I've explained how using electronic cigarette, you can actually blow smoke and it can confuse
some sensors.
And actually, if you've got door locks that open when a sensor is tripped, you can blow
this smoke through the door and actually get it to open and unlock the door for you.
So what gadget can't you live without?
I would most definitely say that the gadget I can't live without is the Lloyd that's in
my wallet at all times.
And that's for manipulating those latches on doors that have bad readers that I can't
get through.
And I can't tell you how many times I've used that to access a secure space.
I can just go in Amazon and buy one.
How much is it?
You can get one for about $10.
I'm not sure if they sell them on Amazon.
I know that they're selling downstairs in the lock picking place right now.
But honestly, I don't like that one because a TSA agent took it away from me because it
was metal.
So I created my own, I have an old hotel key.
What is the best advice you've ever received in your life to live life to its fullest?
Short and sweet.
I like that.
Right now, obviously, apart from a hacker public radio, which obviously is your favorite
podcast, what is your favorite security rated podcast?
I would definitely have to say that my favorite other than one you just mentioned is the trusted
SEC podcast, which we record every single week and it's always available.
And I highly recommend listening to it if you have not.
Obviously, HPR is a community run podcast and everyone can record something.
So when you do make your HPR podcast, obviously, what would you do a podcast on?
I would definitely do it on physical security, since that's what I'm best at, how to circumvent
controls that are in place and all that.
Although you've got the trusted SEC podcast, that kind of doesn't really count, does it?
No.
All right.
I'm my favorite question of all time.
What is your favorite text, Anderson?
Nano.
And why?
Because it's nano.
Fair enough.
I'm just going to wrap this up.
Last few questions again.
Who are you?
And where can people find you?
Again, my name is Paul Colwoods.
I work for trusted SEC in Dave Kennedy.
I can be found at trusted SEC.
I can also be found by my Twitter handle, which I'll spell it just to stay away from
obscenities.
And that would be P-H-4-Q-U-E, and I'll let you figure out what it might stand for.
Fake, surely.
And nothing else.
Nothing else.
And let's move on.
All right.
Well, Paul, thank you very much.
Again, this means so for Hacker Public Radio.
You've been listening to Hacker Public Radio at Hacker Public Radio dot org.
We are a community podcast network that releases shows every weekday, Monday through Friday.
Today's show, like all our shows, was contributed by an HPR listener like yourself.
If you ever thought of recording a podcast, then click on our contributing to find out
how easy it really is.
Hacker Public Radio was founded by the digital dot org pound and the Infonomicon Computer
Club, and is part of the binary revolution at binwreff.com.
If you have comments on today's show, please email the host at www.binwreff.com.
Just directly leave a comment on the website or record a follow-up episode yourself.
Unless otherwise stated, today's show is released on the creative comments, attribution,
share a like, 3.0 license.