Physical Security Test
We see physical security as an elementary part of corporate security. Here, information technology is making inroads alongside traditional physical issues. A modernization of physical security seems overdue.
We are passionate legal burglars and look forward to putting your systems to the test or to analyse your building plans and installed structural measures for possible physical access with you in a structured step-by-step manner.
Physical Security Walkthrough
In this assessment, we walk through your premises with you and determine both theoretical and practical burglary risks. If desired, especially non-destructive techniques can be tested together in person during the inspection in order to receive direct feedback on the probability of implementation. Which points are going to be analysed together is determined by you based on your own risk assessment, or can be based on the results from previous analyses of the building plans as well as theoretical physical attack scenarios that we determine during the project.
Physical Security Penetration Test
In this assessment, the possibility of physical access is tested in practice. The scope is defined in advance. Then the testers determine how they will achieve the set goals based on their experience. In traditional penetration testing, the scope can span from testing the technical weaknesses of the entire physical structure of the company to very specific assessments of individual devices, such as isolation locks.
Test of Video Surveillance, Alarms and Access Control
When you are implementing a new system or introducing these parts of your corporate security in your risk management, you will need an assessment of the risks in these subject areas. With this assessment, we support you in determining the theoretical and practical risks, starting with process flows and going on to hacking of devices and networks, such as access card systems and alarm systems.
Physical Red Teaming
When it comes to physical access to companies, a balanced interaction of physical security measures with those of the security awareness of employees and detection and reaction options of the security team is essential. With physical red teaming, we coordinate the scope and restrictions with you, create targeted attack plans and carry out attack simulations in which we actively infiltrate your company and not only test the physical security, but also the detection and reaction to our intrusion attempts.
Event announcement INSPIRE::CSO on 7 March 2025
On 7 March 2025, we cordially invite you to be inspired by exciting, practical presentations and discussions for new projects and goals for the next year and beyond.An exclusive event in a private atm...
Interview with “Der Standard” on Ethical Hacking and Red Teaming
More and more companies are having their internal security systems as well as their physical and digital safety precautions tested. “Der Standard” reports on the process and why it is important. ...
Kick-Off Panel for the 38th Alpbach Finance Symposium
The 38th Alpbach Finance Symposium took place in peaceful Alpbach in October 2024 and we are proud to have been invited to open the event, following the Austrian Finance Minister Magnus Brunner, for t...
References & Case Studies
Energy 
Interface Security
Energy
We carried out a grey box check for a large energy company that focused on the company's critical infrastructure. The goal was to identify entry points into the OT network from the Internet or the internal office network. Additionally, physical entry points were also considered.
By evaluating the firewall rules, several systems were identified that had access to the OT network. Although this did not allow direct access, for example via code execution vulnerabilities, several weaknesses were, however, still identified in the systems and the network separation. In addition, there was no further segmentation of the systems in the OT network. This means that access to one system in the OT network would be sufficient to reach all the systems in the OT landscape.
Several weaknesses were identified during the physical walk-through of the site, making it possible to breach several security zones and enter critical zones. Attackers could use this to enter the company's critical zones unnoticed from the public space.
Therefore, we recommended to further restrict the firewall rules, to make the systems only accessible via additionally secured connections and to segment the flat OT network. For the physical security of the site, we advised to place better barriers and to increase employee awareness through training.
Commerce 
Building Access Through Alternative Access Routes
Commerce
The task was to gain access to a large office building with reception desk. In preparation, a building plan from the architect with the exact rooms for the first two floors could be found on the Internet.
Five entrances and paths could be identified from the plan, allowing the reception desk to be bypassed. Most of these entrances were closed, but not locked, and could be opened with simple means.
Education 
Attack Preparation Through Public Floor Plan
Education
The room plans of an educational institution were publicly visible, which meant that critical rooms, such as server, heating or archive rooms, could be identified for the physical security penetration test.
On site, the rooms described were usually not locked and could be opened in a short time using simple means. Access to the server room was not possible, but access to the heating control and rooms with important documents was possible.
Our recommendation was to apply similar security measures as for the server and to design the public space plans according to a need-to-know principle.