🛡️ Sherlocked Security – Physical Penetration Testing
Your Buildings Have Firewalls Too – Test Them
📄 1. Statement of Work (SOW)
Service Name: Physical Penetration Testing
Client Type: Enterprises, Data Centers, Banks, Government, R&D Facilities
Service Model: On-site Assessment + Breach Simulation + Awareness + Reporting
Compliance Coverage: ISO 27001 (A.11), PCI-DSS (Requirement 9), NIST 800-53 (PE family), HIPAA
Testing Types:
- Unauthorized Entry Attempts
- Social Engineering at Entry Points
- Badge Cloning & RFID Testing
- Tailgating Simulation
- Restricted Area Access
- Dumpster Diving & Info Retrieval
- Physical Security Control Review
🧠 2. Our Approach
🏢 Secure Facilities | 👥 Educated Staff | 📋 Verified Controls
[Reconnaissance] → [Social Engineering Planning] → [Entry Simulation] → [Access Control Bypass] → [Evidence Collection] → [Exit Plan] → [Awareness Debrief] → [Final Reporting]
🧪 3. Methodology
[Client Approval & Scope] → [Recon] → [Entry Attempt] → [Social Engineering / Badge Bypass] → [Restricted Area Access] → [Artifact Collection] → [Exit & Debrief] → [Reporting & Training]
📦 4. Deliverables to the Client
- 🧾 Physical Security Breach Report
- 🎥 Photos / Videos / Screenshots of Entry
- 🧠 Social Engineering Tactics Used
- 🗂️ List of Breached Access Points
- 🧰 RFID/Biometric Weaknesses
- 🔐 Recommendations Matrix (technical + procedural)
- 🎓 Awareness Session for Security & Admin Teams
- 🏆 Physical Security Assessment Certificate
🤝 5. What We Need from You (Client Requirements)
- ✅ Written approval & scope definition
- ✅ Emergency contact (for any escalation)
- ✅ Facility floor plan (optional)
- ✅ Staff shift schedule (optional for realism)
- ✅ No-objection letter (for law enforcement clarity)
- ✅ List of critical zones (if targeting specific areas)
🧰 6. Tools & Technology Stack
- 🪪 RFID/NFC/BLE cloners
- 🎭 Fake ID badges, uniforms
- 🔐 Lockpicking tools (non-destructive use)
- 📸 Hidden cameras for PoE
- 🗃️ Dumpster retrieval kits
- 📋 Mobile reporting dashboard
🚀 7. Engagement Lifecycle (Lead → Closure)
1. Scoping → 2. Recon & Planning → 3. Onsite Simulation → 4. Entry & Access Attempt → 5. Debrief on Findings → 6. Reporting → 7. Awareness Training → 8. Final Sign-Off
🌟 8. Why Sherlocked Security? (Our USP)
| Feature | Sherlocked Advantage |
|---|---|
| 🕵️ Ethical Intrusion Experts | Ex-military and certified red teamers |
| 📸 Real-World Evidence | Visual proof of physical breach |
| 📋 Layered Control Testing | Badge, biometric, escort, signage |
| 📚 Awareness Debriefs | Train guards, admin, staff |
| 🔁 Retest & Fix Support | Post-fix validation round included |
📚 9. Real-World Case Studies
🏢 Unauthorized Data Center Access
Objective: Test perimeter and data floor entry
Attack Path: Uniform disguise + fake delivery pretext
Result: Reached server racks without ID
Fixes Recommended:
- Escort-only zones
- Delivery desk redesign
- Badge policy revamp
🗑️ Dumpster Dive in R&D Facility
Findings:
- Printed source code pages
- Employee rosters
- Internal passwords on sticky notes
Fixes: - Secure document shredders
- Clean desk policy enforcement
- Staff sensitization workshops
🛡️ 10. SOP – Standard Operating Procedure
- Scope & written approval
- Pre-visit reconnaissance
- Entry method planning
- Badge/social test prep
- On-site simulation (entry + artifact collection)
- Exit and secure evidence
- Report with visual proof & fixes
- Awareness session (guards/admin)
📋 11. Sample Physical Security Test Checklist (Preview)
- Perform reconnaissance of target facility.
- Evaluate external perimeters and access points.
- Attempt badge cloning or tailgating.
- Test security guard responses and logging.
- Bypass locks or access control systems.
- Plant test USBs or rogue devices internally.
- Assess security cameras and blind spots.
- Access restricted areas or server rooms.
- Document physical evidence (photos/videos).
- Provide detailed risk report and mitigation steps.
📬 Contact Us or 📅 Book a Consultation