Let's Get Physical - All you wanted to know about performing Physical Pentests

In a physical penetration test, the tester attempts to enter a building while bypassing existing access controls; this is done to assess existing security measures. The exact objective and allowed actions to achieve it can vary, including both the methods of entry and the activities conducted once inside. Some actions, such as jumping fences or entering dangerous areas, especially in hazardous environments like factories, may be out of scope. Physical penetration tests often incorporate a social engineering component, such as learning the names of key company positions and employees to blend in through namedropping. In this talk, we explore aspects to consider when performing a physical penetration test, and the focus areas during each stage of the assessment: Preparation, Execution and Analysis. We will take a look at organization and equipment, how to find the most promising entry method and time of day, and lastly discuss some pointers on analyzing the success of the assessment. https://its-now.science