Scroll Top

Physical Security Testing

Course Description

Learn how attackers are covertly gaining physical entry into your environment to steal data, access systems, deploy network implants and listening/video devices. We will teach you the TTPs the attackers are using to incorporate into your Red Team engagements or perform audits on your own.

Over 3 days of immersive and hands-on training we will teach you the skills you need to be able to perform physical security engagements as part of a blue team or red team in a legal, safe, and professional manner.


  • Roles of locks in society
  • Ethics & Laws of Physical Security
  • Physical Recon (remote and up close)
  • Door Assessment
  • Locking Picking
  • Lock bypassing
  • Decoding keys & Locks
  • Field Key generation
  • Door bypassing
  • Window bypassing
  • Essential Alarm Bypassing
  • Master Keying and Keyed Alike systems
  • Access Control Systems
  • ID Badge cloning attacks
  • PACS Reader attacks
  • Weaponizing Readers
  • Social Engineering

Each student will leave with a comprehensive tool kit containing everything they need to get started in this up-and-coming area of Red Teaming, Penetration Testing and Consultancy.

Course contents

Day 1 Locks & Picking

  • Introduction
  • Role of Lock
    • Ethics & laws
  • Types of Entry
  • Pin Tumbler Lock
    • What they are
    • How they work
  • Lock Picks & Turning tools
  • How to pick + LAB
  • Plug Spinner + DEMO
  • Raking + LAB
  • Pick Resistant Keyways & Security Pins
  • Lock & Key decoding + LAB
  • Lishi DEMO
  • Other Locks
    • warded + DEMO
    • cruxiform
    • dimple + DEMO
    • Wafer + LAB
  • Bumping + LAB
  • Impressioning
    • Pin Tumbler
    • Foil Impressioning + DEMO
  • Key Duplication/Origination
    • Cutting to code
    • Copying
    • Lishi Pliers
    • Hand Filing
    • 3D Printing
    • Mold & Cast + DEMO
  • Key Control

Day 2 – Bypassing

  • Destructive Entry
  • Combination Locks + LAB
  • Keyboxes + DEMO
  • Padlock Shims + LAB
  • Overlift attacks + DEMO
  • Sesame Locks + DEMO
  • Tension decoding + DEMO
  • Unshielded locks + LAB
  • Bypass Driver + DEMO
    • wafer breaker
  • Door Bypasses
    • pencil
    • latch loiding
    • Adams Rite + 2 DEMO
    • Thumbturn bypass
    • UDTs
    • Crash Bars
    • Thumbturn Flipper
    • Windows
    • Mailbox
    • Garages
    • Hinges
    • Seeing behind doors
  • Master Keying
    • Anykey Lock

Day 3 – PACS

  • Components
  • How they work
  • Push-t-exit & REX
  • Door Sensors
  • Wiegand
  • Credentials
  • Attack Tools
  • Cloning Credentials + LAB
  • Attacking Readers
    • Mifare + DEMO
    • Loclass
  • Attacking Controller Comms
    • WifiTool
    • ESPKey
    • Mellon
    • Removing Readers
    • OSPD2
  • Weaponizing Readers
  • Keypads
    • UV Powder
    • Thermal Camera
  • Key entry systems
  • Common Keys
  • Recon
  • Social Engineering
  • Running a Job


No specific prior knowledge required

Hardware/Software Requirements

Students will need to bring a computer where they can install software, an Android phone is useful and a willingness to get hands on!

Trainer Biography

Chris Cowling is a Red Team Operator and Physical Penetration Tester with over 20 years’ experience. He started his career as a Unix DB Admin before being lured to world of Enterprise Solutions. He spent many years working for Blue-Chip companies in IT before discovering his true passion, security. He continued to work for those Blue-Chip companies but also working in Formula 1, Industrial Control Systems, Telcos and Pharmaceutical companies. For 14 years he has been part of the Nullsecurity collective. Hacking WiFi, SDR and RFID slowly led him to the world of Physical Security which he has embraced with a new-found energy. Whilst performing engagements across Europe he has tried to build a community to meet the ever-growing demand in the market and environment that differs greatly from that of the US which provides the primary source of information in this area. He does this all whilst being a proud father or 2 (just don’t let them near your locks), BBQ Pit Master and retired Rugby Player.

Twitter: @Tatramaco

Jiří Vaněk has over 20 years of experience in IT, holding positions as a Manager, Security Consultant, and Ethical Hacker. He has led several Red Team engagements, relishing in physical intrusions, and even experiencing the thrill of being caught during one. Additionally, he founded and led a security team at Unicorn, the largest software house in the Czech Republic, transforming it into one of the top three information security service providers in the country. Currently operating as a freelancer, he conducts physical security engagements across Europe, participate in Red Teams, and provide consultancy services for large companies. He is also a co-founder of the Red Teamers Academy.

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.