Practical Physical Exploitation Online
Master the methodology behind professional physical security assessments. From scoping and sales to post-exploitation reporting. Learn the complete engagement lifecycle at your own pace.
$500 | 8 Hours | 19 Modules | Self-Paced Video
What's Included
19 Video Modules
8 hours of structured content across 6 sections. Each module runs 15-40 minutes and stands alone.
14 Downloadable Materials
Templates, checklists, and reference guides you can use on real engagements immediately.
Lifetime Access
Buy once, access forever. Revisit any module as your practice evolves.
$500 In-Person Credit
Complete the online training and receive a $500 credit toward the 3-day in-person training.
Hardware Integration
Every module teaches methodology through the Doppelganger ecosystem and ATLAS platform.
Capstone Exercise
Build a complete physical pentest plan against a fictional target facility with self-assessment rubric.
Course Breakdown
6 sections, 19 modules, approximately 8 hours of video content. Designed to be consumed in order, but each module stands alone.
Section 1: The Business of Physical Pentesting
3 Modules | 1h 15m
1.1 - Why You Keep Losing Deals
Common mistakes in scoping physical engagements. How to determine client intent on the first call. Assessment types and when to recommend each. Fixed fee pricing strategy.
1.2 - Scoping, Pricing & LOE
Baseline level of effort by engagement type. Variables that increase LOE. Practitioner count. Hour breakdowns for every phase. Building a statement of work.
1.3 - Authorization, Access & Kickoff
Writing a bulletproof LOA. The who/what/when/where/signature framework. Legal landmines. Kickoff call structure and final alignment before going on-site.
"In the live class, you run a full scoping exercise and write an LOA against a real target facility before the breach."
Section 2: Reconnaissance & Intelligence
3 Modules | 1h 30m
2.1 - Digital OSINT for Physical Targets
Social media recon methodology. Identifying dress codes, badge designs, operating hours from public sources. Building a pretext from what you find.
2.2 - Geospatial Recon & Reference Graphics
Aerial map analysis. Street view exploitation for camera placement and chokepoint identification. Building annotated reference graphics with labeled buildings and entrances.
2.3 - On-Site Surveillance & ATLAS Recon
Dynamic vs static analysis. Operational security awareness. Introduction to ATLAS project management: mapping entry points, cameras, barriers, and personnel.
"In the live class, you conduct real on-site surveillance against the target facility, build your RG from scratch in ATLAS, and use your recon output to plan the breach."
Section 3: Physical Security Systems
3 Modules | 1h 20m
3.1 - RFID & Access Control Fundamentals
125kHz vs 13.56MHz technologies. HID Prox, Indala, iCLASS reader identification. How to identify what you're looking at from a parking lot.
3.2 - Wiegand, RFID Attacks & Downgrade Techniques
26-bit Wiegand format deep dive. Downgrade attacks. Vampire taps. Brute forcing and why you should avoid it. Preventative controls.
3.3 - Detective & Deterrent Measures
Video surveillance systems. Active vs passive monitoring. Signal-based detection. Magnetic locks, REX/PEX sensors, anti-piggybacking, and mantraps.
"In the live class, you identify these systems on a real facility, determine which attacks apply, and execute against them under time pressure."
Section 4: Tooling & the Doppelganger Ecosystem
4 Modules | 1h 30m
4.1 - The Doppelganger Ecosystem & ATLAS
The full platform: Core, Stealth/SDR v2, MFAS v2, Development Board. ATLAS as the hub with native Proxmark3 over Bluetooth. The complete operational workflow.
4.2 - Badge Cloning & Card Writing
Long-range reader capabilities. Chokepoint selection. Writing captured card data with Proxmark3. GPS-tagged card reads for evidence.
4.3 - Badge Replication & Pretexting
Replication kits. Remote badge recon from social media. Badge aging techniques. Cover story development. Matching details to the target environment.
4.4 - Bypass Tools
Under the door tool, double door tool, slim jim, CO2 REX sensor bypass gun, SEREPICK lock pick set, plug spinner, air wedge. When each tool applies.
"In the live class, you use these tools against real doors, real locks, and real access control systems with instructor guidance."
Section 5: Planning & Execution Methodology
3 Modules | 1h 15m
5.1 - Threat Profiling & Prioritization
Compiling recon into attack path options. The prioritization matrix: effort vs risk. Choosing the path of least resistance within authorization boundaries.
5.2 - Scenario Development & Ops Planning
Building a full attack scenario with timeline and cover story. Tool loadout decisions. Using ATLAS for operational planning. TAK integration for team coordination.
5.3 - Execution Principles
Intent review before every action. Tailgating psychology. Interior reconnaissance once inside. Real-time action logging in ATLAS. When to abort.
"In the live class, you build your scenario, brief it to your team, and execute the breach against a real facility with security personnel and role players."
Section 6: Post-Exploitation & Reporting
3 Modules | 1h 10m
6.1 - Post-Exploitation & Business Impact
Demonstrating business impact once inside. Evidence collection methodology. Knowing when to call the client in real-time vs documenting for the report.
6.2 - Writing the Report
Executive summary structure. Attack scenario narrative with timestamped entries. The defendable timeline. Exporting ATLAS data to JSON for SPEAR reporting.
6.3 - Capstone: Build Your Attack Plan
Guided exercise against a fictional target facility. Build a complete physical pentest plan: reference graphic, prioritization matrix, scenario, tool loadout, and reporting outline.
"You have built the plan. In the live class, you execute it. Three days, real building, real guards, real consequences."
Hardware Integration Throughout
The Doppelganger ecosystem and ATLAS platform are taught as the operational standard, not pitched as products. Students learn the methodology through these tools, and every module naturally demonstrates the hardware in context. By the time you finish the course, you know exactly what each tool does, when to use it, and how ATLAS ties everything together.
Browse the StoreOnline to In-Person Pipeline
Complete the Online Training
Master the methodology at your own pace
Apply Your $500 Credit
Automatic credit toward in-person enrollment
Execute the Breach
3 days, real building, real guards
Downloadable Course Materials
14 professional templates and reference guides included with your purchase