During an onsite penetration test, the team identifies an interior office door secured by a typical pin-and-tumbler cylinder. The client specifically asks for a covert, least-destructive technique so that normal business operations are not interrupted and no visible damage is left behind. Which of the following approaches should the testers attempt first to meet the client's requirement?
Use an electric snap gun to strike all pins and rotate the plug
Apply light torque with a tension wrench and lift pins individually with a pick
Slip a flexible shim between the latch and the strike plate to depress the latch
Insert a specially cut bump key and tap it with a mallet while turning
Single-pin picking uses a tension wrench and a pick to lift each driver/key pin until every stack reaches the shear line, allowing the plug to rotate. When performed correctly it leaves no marks or functional damage, making it the most covert way to demonstrate the vulnerability. Bump keys and electric pick guns are faster but can leave dents or tell-tale impact marks. Latch shimming only works on spring-latch hardware and does not test the integrity of the cylinder itself.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the process of single-pin picking?
Open an interactive chat with Bash
Why are bump keys and electric pick guns less covert than single-pin picking?
Open an interactive chat with Bash
What types of locks can be bypassed using latch shimming, and why doesn't it apply here?