Physical Penetration Services

Physical Penetration Testing, CTF, Red team


Physical penetration testing aims to highlight the areas within an organisation that can be besieged by malicious attackers. A combination of telephone scams, phishing emails and login credential harvesting can discover weaknesses within an existing security policy or operation of a business. This information is later used in person to gain access and replicate a real physical assault on your building.

The assessments will discover weaknesses before a criminal would exploit these gaps in security. A well experienced and trained consultant will use a combination of attack vectors to develop a tailored attack based on the defined scope of works that will culminate in an assessment based on your organisation.

Different scenarios can be created to test for access to a secure area, to test the effectiveness of security or to analyse your organisations’ resilience to terrorism. Typical Penetration Tests include:

•Gaining access to a private section of a high street bank, planting small remote access tools.

•Bypassing traffic security to park an unchecked car at a security sensitive event.

•Gaining access to a companies head office and accessing workstations, planting remote audio/video equipment.



CTF – Capture The Flag Style Engagements

“Object Orientated Penetration testing is the way forward”

– MK, Xiphos Research Ltd.


Companies can assign a ‘flag’ or target within their organisation and our social engineering assessment will try to gain access to it. The client can specify what kind of attacks will be deemed in scope and gets the options to exclude potentially damaging activities such as lock picking or direct employee interaction.

This style of testing works well if you are concerned about someone gaining access to a sensitive area, a specific computer or something of financial value.

  • You’re always in control – Prior discussion to potential concerns are defined with a scoping stage.
  • Define an area, Computer, Task, Person, Building – the list is endless!
  • Complex scenarios are utilised with prior planning and knowledge of your organisation.
  • Ideal for measuring counter-terrorism security controls



Consultant Led Red team Engagement

A team of two or more consultants will physically try to gain access to your building, office or place of interest.

Onsite physical access will be tested using methods agreed by you. Lock-picking, Wireless network attacks, tailgating, impersonation and complex scenarios may be used as agreed.

• Pretexting, elicitation, diversion theft and complex fraud strategies are used.

• Replicated staff Identification

• On-site access systems tested

• Rouge network access – Can we plant a dropbox, can we exfiltrate data?

• Removal of assets


Where this differs dramatically from CTF style engagements is Red team Engagements actively look to discover weaknesses. We are not told what to look for, we tell you what we can do.

No two assessments are the same and our priority is meeting the requirements of our clients. You will be in total control at every step of this rather offensive testing method. We know how to do this without error or disturbance within your working environment.



Make contact today to discuss any of these options.

Further reading can be found in our informational PDF Download_PDF