• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

War Room

Shells from above

RSM logo

  • Home
  • About
  • Blog
  • Talks/Whitepapers
  • Tools
  • Recreation

Physical

Bypassing Common Physical Security Perimeter Controls

November 18, 2015 By Ken Smith

http://www.pennmedicine.org/perelman/images/renderings/lobby_desk.jpg

On a recent physical penetration test, I encountered a curious, but not uncommon, scenario. The target organization sat spread across multiple, disconnected floors in a shared, third party-owned high rise.  The large first floor lobby was a public space and included a central guard desk (which really only functioned as an information kiosk). The target did include a reception ... READ MORE

Intro to IMINT

June 25, 2015 By RSM Author

*All images were obtained from Google maps and are to be used for educational reason only* I used to play Eye Spy all the time when I was younger.  It made car rides go faster, gave me and my friends something to do while waiting in the ice cream line, and as I recently discovered, the game also provided me with a bit of career prep. Imagery Intelligence (IMINT) is ... READ MORE

Physical Penetration Tests – SOPs and Planning

June 4, 2015 By Andy

This post describes some of the factors that a team should take into account while planning and executing a physical penetration test. As a disclaimer, some may find the heavy use of military jargon alarming.  Such language is not intended to suggest or encourage an adversarial relationship between the security professionals and their clients; rather, it’s the simple result ... READ MORE

Physical Recon TTPs – Urban Environment

February 17, 2015 By Ken Smith

The importance of onsite recon is too often overlooked when discussing physical penetration tests. Map analysis and OSINT are both essential to building cover stories and understanding your targets. And of course, the actual act of breaking-in yields the best stories. Onsite recon, however, bridges the gap between the two and should never be rushed or ignored. Different sites ... READ MORE

Taking One For The Team: The “Double Tailgate” Approach for Physical Pentests

January 23, 2015 By RSM Author

When it comes to physical pentests, there are a variety of different approaches and techniques used depending on the environment and situation. While most people are familiar with the concept of tailgating in order to gain access to restricted areas, the double tailgate can be useful when the point of entry has tailgating detection mechanisms in place. The scenario where ... READ MORE

Request to Exit Sensor Bypass

November 6, 2014 By RSM Author

(Originally published by @coldfusion39) When performing Physical Attack and Penetration Tests, we occasionally find ourselves on the wrong side of a locked door.  The exterior or public side, of these doors is often controlled by an Access Control System utilizing either a Prox or iClass card reader. Due to various fire codes and regulations, the secured side of these doors ... READ MORE

  • « Go to Previous Page
  • Go to page 1
  • Go to page 2

Primary Sidebar

Categories

  • Defense
  • Forensics
  • Offense
  • Physical
  • R&D

Most Viewed Posts

  • DLL Injection Part 1: SetWindowsHookEx 10.8k views
  • Sophos UTM Home Edition – 3 – The Setup 10.8k views
  • Leveraging MS16-032 with PowerShell Empire 10k views
  • Bypassing Gmail’s Malicious Macro Signatures 9.8k views
  • How to Bypass SEP with Admin Access 8.9k views

Footer

  • RSS
  • Twitter
  • Tools
  • About
  • RSM US LLP

+1 800 903 6264

1 S Wacker Dr Suite 800
Chicago, IL 60606

Copyright © 2023 RSM US LLP. All rights reserved. RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit for more information regarding RSM US LLP and RSM International.