During an onsite penetration test, the team identifies an interior office door secured by a typical pin-and-tumbler cylinder. The client specifically asks for a covert, least-destructive technique so that normal business operations are not interrupted and no visible damage is left behind. Which of the following approaches should the testers attempt first to meet the client's requirement?
Insert a specially cut bump key and tap it with a mallet while turning
Slip a flexible shim between the latch and the strike plate to depress the latch
Apply light torque with a tension wrench and lift pins individually with a pick
Use an electric snap gun to strike all pins and rotate the plug
Single-pin picking uses a tension wrench and a pick to lift each driver/key pin until every stack reaches the shear line, allowing the plug to rotate. When performed correctly it leaves no marks or functional damage, making it the most covert way to demonstrate the vulnerability. Bump keys and electric pick guns are faster but can leave dents or tell-tale impact marks. Latch shimming only works on spring-latch hardware and does not test the integrity of the cylinder itself.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a pin-and-tumbler cylinder?
Open an interactive chat with Bash
What tools are needed for lock picking?
Open an interactive chat with Bash
Why is brute force not recommended for unlocking a secure door?