Physical Penetration Testing

A physical penetration test assesses all physical security controls, including locks, fences, security guards, cameras, and other security measures to evaluate a business's physical security posture. Our specialist will attempt to gain physical access to sensitive locations such as data centres, server rooms, and network closets through all means possible. Our toolkit includes, but is not limited to: drone reconnaissance, lockpicking, social engineering, sensor bypassing, and RFID/badge cloning.

Our Methodolody

All testing performed under physical penetration testing are based on the NIST SP 800 - 115 Technical Guide to Information Security Testing and Assessment, OWASP testing Guide (v4) plus other customized testing frameworks.

PLANNING

Customer goals are gathered and rules of engagement obtained.

DISCOVERY

Perform scanning and enumeration to identify potential vulnerabilities, weak areas and exploit.

ATTACK

Confirm potential vulnerabilities through exploitation and perform additional discovery upon new access.

REPORTING

Document all found vulnerabilities and exploits, failed attempts, company strengths and weaknesses.

Thorough Testing

Activities performed during physical penetration testing include but not limited to:

  • Reconnaissance and information gathering

  • Social Engineering

  • Impersonating

  • Piggy backing

  • Lock picking

  • Sensor bypassing

  • Badge Cloning

  • Other testing depends on specific customer content and footprint