🛡️ Sherlocked Security – Physical Penetration Testing

Your Buildings Have Firewalls Too – Test Them

📄 1. Statement of Work (SOW)

Service Name: Physical Penetration Testing
Client Type: Enterprises, Data Centers, Banks, Government, R&D Facilities
Service Model: On-site Assessment + Breach Simulation + Awareness + Reporting
Compliance Coverage: ISO 27001 (A.11), PCI-DSS (Requirement 9), NIST 800-53 (PE family), HIPAA
Testing Types:

Unauthorized Entry Attempts
Social Engineering at Entry Points
Badge Cloning & RFID Testing
Tailgating Simulation
Restricted Area Access
Dumpster Diving & Info Retrieval
Physical Security Control Review

🧠 2. Our Approach (with Visual)

🏢 Secure Facilities | 👥 Educated Staff | 📋 Verified Controls

AI Visual Flow:
[Reconnaissance] → [Social Engineering Planning] → [Entry Simulation] → [Access Control Bypass] → [Evidence Collection] → [Exit Plan] → [Awareness Debrief] → [Final Reporting]

Color Code:

Planning: #223843
Execution: #8b0000
Debrief & Closure: #004d40

🧪 3. Methodology (with Visual)

[Client Approval & Scope] → [Recon] → [Entry Attempt] → [Social Engineering / Badge Bypass] → [Restricted Area Access] → [Artifact Collection] → [Exit & Debrief] → [Reporting & Training]

Visual Flow Phases:

🔹 Blue = Planning & Recon
🔸 Red = Intrusion Execution
✅ Green = Debrief & Risk Mitigation

📦 4. Deliverables to the Client

🧾 Physical Security Breach Report
🎥 Photos / Videos / Screenshots of Entry
🧠 Social Engineering Tactics Used
🗂️ List of Breached Access Points
🧰 RFID/Biometric Weaknesses
🔐 Recommendations Matrix (technical + procedural)
🎓 Awareness Session for Security & Admin Teams
🏆 Physical Security Assessment Certificate

🤝 5. What We Need from You (Client Requirements)

✅ Written approval & scope definition
✅ Emergency contact (for any escalation)
✅ Facility floor plan (optional)
✅ Staff shift schedule (optional for realism)
✅ No-objection letter (for law enforcement clarity)
✅ List of critical zones (if targeting specific areas)

🧰 6. Tools & Technology Stack

🪪 RFID/NFC/BLE cloners
🎭 Fake ID badges, uniforms
🔐 Lockpicking tools (non-destructive use)
📸 Hidden cameras for PoE
🗃️ Dumpster retrieval kits
📋 Mobile reporting dashboard

🚀 7. Engagement Lifecycle (Lead → Closure)

1. Scoping → 2. Recon & Planning → 3. Onsite Simulation → 4. Entry & Access Attempt → 5. Debrief on Findings → 6. Reporting → 7. Awareness Training → 8. Final Sign-Off

🌟 8. Why Sherlocked Security? (Our USP)

Feature	Sherlocked Advantage
🕵️ Ethical Intrusion Experts	Ex-military and certified red teamers
📸 Real-World Evidence	Visual proof of physical breach
📋 Layered Control Testing	Badge, biometric, escort, signage
📚 Awareness Debriefs	Train guards, admin, staff
🔁 Retest & Fix Support	Post-fix validation round included

📚 9. Real-World Case Studies

🏢 Unauthorized Data Center Access

Objective: Test perimeter and data floor entry
Attack Path: Uniform disguise + fake delivery pretext
Result: Reached server racks without ID
Fixes Recommended:

Escort-only zones
Delivery desk redesign
Badge policy revamp

🗑️ Dumpster Dive in R&D Facility

Findings:

Printed source code pages
Employee rosters
Internal passwords on sticky notes
Fixes:
Secure document shredders
Clean desk policy enforcement
Staff sensitization workshops

🛡️ 10. SOP – Standard Operating Procedure

Scope & written approval
Pre-visit reconnaissance
Entry method planning
Badge/social test prep
On-site simulation (entry + artifact collection)
Exit and secure evidence
Report with visual proof & fixes
Awareness session (guards/admin)

📋 11. Sample Physical Security Test Checklist (Preview)

Perform reconnaissance of target facility.
Evaluate external perimeters and access points.
Attempt badge cloning or tailgating.
Test security guard responses and logging.
Bypass locks or access control systems.
Plant test USBs or rogue devices internally.
Assess security cameras and blind spots.
Access restricted areas or server rooms.
Document physical evidence (photos/videos).
Provide detailed risk report and mitigation steps.

# 🛡️ Sherlocked Security – Physical Pen