Back Services/ Physical Security Test

Physical Security Test

We see physical security as an elementary part of corporate security. Here, information technology is making inroads alongside traditional physical issues. A modernization of physical security seems overdue.

We are passionate legal burglars and look forward to putting your systems to the test or to analyse your building plans and installed structural measures for possible physical access with you in a structured step-by-step manner.

Physical Security Walkthrough
In this assessment, we walk through your premises with you and determine both theoretical and practical burglary risks. If desired, especially non-destructive techniques can be tested together in person during the inspection in order to receive direct feedback on the probability of implementation. Which points are going to be analysed together is determined by you based on your own risk assessment, or can be based on the results from previous analyses of the building plans as well as theoretical physical attack scenarios that we determine during the project.

Physical Security Penetration Test
In this assessment, the possibility of physical access is tested in practice. The scope is defined in advance. Then the testers determine how they will achieve the set goals based on their experience. In traditional penetration testing, the scope can span from testing the technical weaknesses of the entire physical structure of the company to very specific assessments of individual devices, such as isolation locks.

Test of Video Surveillance, Alarms and Access Control
When you are implementing a new system or introducing these parts of your corporate security in your risk management, you will need an assessment of the risks in these subject areas. With this assessment, we support you in determining the theoretical and practical risks, starting with process flows and going on to hacking of devices and networks, such as access card systems and alarm systems.

Physical Red Teaming
When it comes to physical access to companies, a balanced interaction of physical security measures with those of the security awareness of employees and detection and reaction options of the security team is essential. With physical red teaming, we coordinate the scope and restrictions with you, create targeted attack plans and carry out attack simulations in which we actively infiltrate your company and not only test the physical security, but also the detection and reaction to our intrusion attempts.

News

NEWS: 2025-10-07

ISO/IEC 27001 Audit 2025

Last year, we embarked on a journey to confirm our commitment to keep the highest standards. This applies not only to the service we provide to our customers through our offense services, but also to ...

NEWS: 2025-08-08

Stealth Implant Development – Bachelor Thesis Project at FH OÖ Hagenberg

Developing a stealth implant to maintain controlled access within a target network represents a technical and key challenge for red team assessments, but it is feasible. Andreas demonstrated this in h...

NEWS: 2025-07-16

IKT Security Conference 2025

HACKNER Security Intelligence was once again represented with a booth at the IKT Security Conference, from June 25th to 26th, and in the ACSC (Austrian Cyber Security Challenge) by our colleague Marti...

See all news

References & Case Studies

Energy

Interface Security

Security Concept Review

We carried out a grey box check for a large energy company that focused on the company's critical infrastructure. The goal was to identify entry points into the OT network from the Internet or the internal office network. Additionally, physical entry points were also considered.

By evaluating the firewall rules, several systems were identified that had access to the OT network. Although this did not allow direct access, for example via code execution vulnerabilities, several weaknesses were, however, still identified in the systems and the network separation. In addition, there was no further segmentation of the systems in the OT network. This means that access to one system in the OT network would be sufficient to reach all the systems in the OT landscape.
Several weaknesses were identified during the physical walk-through of the site, making it possible to breach several security zones and enter critical zones. Attackers could use this to enter the company's critical zones unnoticed from the public space.

Therefore, we recommended to further restrict the firewall rules, to make the systems only accessible via additionally secured connections and to segment the flat OT network. For the physical security of the site, we advised to place better barriers and to increase employee awareness through training.

Commerce

Building Access Through Alternative Access Routes

Physical Security Test

The task was to gain access to a large office building with reception desk. In preparation, a building plan from the architect with the exact rooms for the first two floors could be found on the Internet.

Five entrances and paths could be identified from the plan, allowing the reception desk to be bypassed. Most of these entrances were closed, but not locked, and could be opened with simple means.

Education

Attack Preparation Through Public Floor Plan

Physical Security Test

The room plans of an educational institution were publicly visible, which meant that critical rooms, such as server, heating or archive rooms, could be identified for the physical security penetration test.

On site, the rooms described were usually not locked and could be opened in a short time using simple means. Access to the server room was not possible, but access to the heating control and rooms with important documents was possible.

Our recommendation was to apply similar security measures as for the server and to design the public space plans according to a need-to-know principle.