Complete Guide
Intermediate

Physical Security Assessment

Physical security assessments evaluate the effectiveness of physical controls protecting an organization's assets, people, and information. This guide covers the methodology, tools, and techniques for conducting safe and legal physical assessments.

What You'll Learn

  • Physical reconnaissance techniques
  • Social engineering for physical access
  • Lock picking and bypass methods
  • RFID/NFC cloning and access control bypass

Guide Sections

01

Reconnaissance

Techniques for gathering intelligence about a target facility, including satellite imagery analysis and onsite observation.

02

Social Engineering

Techniques for tailgating, pretexting, and manipulating human factors to gain unauthorized physical access.

03

Lock Picking & Bypassing

Understanding mechanical lock mechanisms, picking techniques, and non-destructive bypass methods.

04

RFID & Access Control

Analyzing and cloning RFID/NFC credentials, Wiegand protocol, and bypassing electronic access control.

05

Physical Device Attacks

Deploying physical network implants (Dropbox, Keyloggers) to maintain persistence.

06

Documentation & Reporting

Best practices for documenting findings, photographing evidence, and writing reports.

07

Flipper Zero & RF Hacking

Complete guide to Sub-GHz attacks, RFID cloning, BadUSB payloads, and hardware hacking.

Essential Tools

Proxmark3

Docs

The industry standard tool for RFID/NFC analysis and cloning.

Flipper Zero

Docs

Multi-tool for radio protocols, access control systems, and hardware.

HackRF One

Docs

Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz.

Lock Picking Tools

Docs

Standard hook and rake picks, tension wrenches, and bypass tools.

Shove Knife

Docs

Bypass tool for latch-type locks on outward opening doors.

Under-door Tool

Docs

Tool to manipulate lever handles from the outside of a door.

⚠️ Legal Disclaimer

Physical security assessments must be performed with explicit written authorization. Unauthorized access to buildings, lock picking, and RFID cloning can result in criminal charges. Always carry your authorization letter during engagements.

Related Topics

Wireless Pentesting

Combine physical access with wireless attacks.

OSINT

Gather physical security intel before on-site assessments.

Internal Network

Use physical access to connect to internal networks.

IoT Pentesting

Test physical access control IoT devices.