Scoping & Sales
Price, scope, and sell physical security engagements. Determine client intent, choose the right assessment type, and build a statement of work before boots hit the ground.
Legal Authorization
Write a bulletproof letter of authorization. Nail down the who, what, when, where, and signatures that keep the engagement legal, then run a kickoff that aligns everyone before go-time.
Remote Reconnaissance
Digital OSINT and geospatial analysis. Build pretext from public sources, map the target from aerial and street view, and organize annotated reference graphics in ATLAS before the breach.
On-Site Surveillance
Dynamic and static observation on the ground. Identify cameras, guard patterns, access control, and chokepoints while maintaining strict operational security.
Threat Profiling
Compile recon into a prioritization matrix. Rank attack paths by effort and risk, then develop scenarios with timelines, cover stories, and tool loadouts.
Badge Cloning
Long-range RFID credential capture, card writing with Proxmark3, and badge replication. Exploit the gap between legacy and modern access control systems.
Surreptitious Entry
Bypass tools, lock defeat, REX sensor exploitation, and tailgating psychology. Get through the door without triggering alarms or raising suspicion.
Post-Exploitation
Once inside, achieve and document objectives. Locate sensitive areas, demonstrate real impact, capture evidence of access, and exfiltrate cleanly without leaving a trace.
Reporting
Turn the engagement into deliverables that matter. Document findings, evidence, and attack narratives, and communicate risk and remediation in a way clients can act on.