On a recent physical penetration test, I encountered a curious, but not uncommon, scenario. The target organization sat spread across multiple, disconnected floors in a shared, third party-owned high rise. The large first floor lobby was a public space and included a central guard desk (which really only functioned as an information kiosk). The target did include a reception ... READ MORE
Physical
Intro to IMINT
*All images were obtained from Google maps and are to be used for educational reason only* I used to play Eye Spy all the time when I was younger. It made car rides go faster, gave me and my friends something to do while waiting in the ice cream line, and as I recently discovered, the game also provided me with a bit of career prep. Imagery Intelligence (IMINT) is ... READ MORE
Physical Penetration Tests – SOPs and Planning
This post describes some of the factors that a team should take into account while planning and executing a physical penetration test. As a disclaimer, some may find the heavy use of military jargon alarming. Such language is not intended to suggest or encourage an adversarial relationship between the security professionals and their clients; rather, it’s the simple result ... READ MORE
Physical Recon TTPs – Urban Environment
The importance of onsite recon is too often overlooked when discussing physical penetration tests. Map analysis and OSINT are both essential to building cover stories and understanding your targets. And of course, the actual act of breaking-in yields the best stories. Onsite recon, however, bridges the gap between the two and should never be rushed or ignored. Different sites ... READ MORE
Taking One For The Team: The “Double Tailgate” Approach for Physical Pentests
When it comes to physical pentests, there are a variety of different approaches and techniques used depending on the environment and situation. While most people are familiar with the concept of tailgating in order to gain access to restricted areas, the double tailgate can be useful when the point of entry has tailgating detection mechanisms in place. The scenario where ... READ MORE
Request to Exit Sensor Bypass
(Originally published by @coldfusion39) When performing Physical Attack and Penetration Tests, we occasionally find ourselves on the wrong side of a locked door. The exterior or public side, of these doors is often controlled by an Access Control System utilizing either a Prox or iClass card reader. Due to various fire codes and regulations, the secured side of these doors ... READ MORE