Top 5 Ways The Red Team breached and assessed the Physical Environment

1. Tailgate

Most of the time it’s easy enough to just walk in to a company, determined and stern. The path of least resistance is hard wired within us, follow this instinct and act like you’re supposed to be there.

2. Proximity Card Skimming and Long Distance Access Control Attacks

Using devices like the Proxmark you can start with the HID Prox and eventually copy and even modify other types of proximity cards.
Image from Bishop Fox

3. Social Engineer

Ah, the good old fake letter, solid pretext and a friendly call to the building before you even land , can have sold as as a security guard, or pest control. You arrive onsite, already verified with the right gear and the proper attire. Get on that LAN, and drop a device or grab some hashes and get Domain Admin before Lunch.

4. Physical Access Control Bypass & Lock Picking

Arguably obtaining as many universal or “bump-able ” keys is the name to this game. Simple non secure keys can be copied with a high resolution photograph and a 3d printer.

5. WiFi credential harvesting and Internal Network disclosure, badge identification and corporate mobile device



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Adam Toscher

Adam Toscher

Adam is a offensive security engineer and red team operator with over 20 years of experience in IT