performing-physical-intrusion-assessment

# Performing Physical Intrusion Assessment ## Overview Physical intrusion assessment evaluates an organization's physical security controls by attempting to gain unauthorized access to facilities, server rooms, and restricted areas. This includes tailgating employees, cloning RFID access badges, bypassing locks, deploying rogue network devices, and testing security guard procedures. Physical security testing is a critical component of full-scope red team engagements, as it often provides the most direct path to network access. MITRE ATT&CK maps physical access techniques under T1200 (Hardware Additions) and T1091 (Replication Through Removable Media). ## When to Use - When conducting security assessments that involve performing physical intrusion assessment - When following incident response procedures for related security events - When performing scheduled security testing or auditing activities - When validating security controls through hands-on testing ## Prerequisites - Signed authorization letter (carry at all times during assessment) - Emergency contact for client security team (24/7) - Get-out-of-jail letter signed by executive authority - Physical security testing toolkit - Body camera or documentation equipment - Disguise/cover identity materials (uniform, badge, clipboard) ## MITRE ATT&CK Mapping | Technique ID | Name | Tactic | |---|---|---| | T1200 | Hardware Additions | Initial Access | | T1091 | Replication Through Removable Media | Initial Access | | ...