Practical Physical Exploitation Online

Master the methodology behind professional physical security assessments. From scoping and sales to post-exploitation reporting. Learn the complete engagement lifecycle at your own pace.

$500 | 8 Hours | 19 Modules | Self-Paced Video

Coming Soon View Curriculum

What's Included

19 Video Modules

8 hours of structured content across 6 sections. Each module runs 15-40 minutes and stands alone.

14 Downloadable Materials

Templates, checklists, and reference guides you can use on real engagements immediately.

Lifetime Access

Buy once, access forever. Revisit any module as your practice evolves.

$500 In-Person Credit

Complete the online training and receive a $500 credit toward the 3-day in-person training.

Hardware Integration

Every module teaches methodology through the Doppelganger ecosystem and ATLAS platform.

Capstone Exercise

Build a complete physical pentest plan against a fictional target facility with self-assessment rubric.

Course Breakdown

6 sections, 19 modules, approximately 8 hours of video content. Designed to be consumed in order, but each module stands alone.

Section 1: The Business of Physical Pentesting

3 Modules | 1h 15m

1.1 - Why You Keep Losing Deals

Common mistakes in scoping physical engagements. How to determine client intent on the first call. Assessment types and when to recommend each. Fixed fee pricing strategy.

1.2 - Scoping, Pricing & LOE

Baseline level of effort by engagement type. Variables that increase LOE. Practitioner count. Hour breakdowns for every phase. Building a statement of work.

1.3 - Authorization, Access & Kickoff

Writing a bulletproof LOA. The who/what/when/where/signature framework. Legal landmines. Kickoff call structure and final alignment before going on-site.

"In the live class, you run a full scoping exercise and write an LOA against a real target facility before the breach."

Section 2: Reconnaissance & Intelligence

3 Modules | 1h 30m

2.1 - Digital OSINT for Physical Targets

Social media recon methodology. Identifying dress codes, badge designs, operating hours from public sources. Building a pretext from what you find.

2.2 - Geospatial Recon & Reference Graphics

Aerial map analysis. Street view exploitation for camera placement and chokepoint identification. Building annotated reference graphics with labeled buildings and entrances.

2.3 - On-Site Surveillance & ATLAS Recon

Dynamic vs static analysis. Operational security awareness. Introduction to ATLAS project management: mapping entry points, cameras, barriers, and personnel.

"In the live class, you conduct real on-site surveillance against the target facility, build your RG from scratch in ATLAS, and use your recon output to plan the breach."

Section 3: Physical Security Systems

3 Modules | 1h 20m

3.1 - RFID & Access Control Fundamentals

125kHz vs 13.56MHz technologies. HID Prox, Indala, iCLASS reader identification. How to identify what you're looking at from a parking lot.

3.2 - Wiegand, RFID Attacks & Downgrade Techniques

26-bit Wiegand format deep dive. Downgrade attacks. Vampire taps. Brute forcing and why you should avoid it. Preventative controls.

3.3 - Detective & Deterrent Measures

Video surveillance systems. Active vs passive monitoring. Signal-based detection. Magnetic locks, REX/PEX sensors, anti-piggybacking, and mantraps.

"In the live class, you identify these systems on a real facility, determine which attacks apply, and execute against them under time pressure."

Section 4: Tooling & the Doppelganger Ecosystem

4 Modules | 1h 30m

4.1 - The Doppelganger Ecosystem & ATLAS

The full platform: Core, Stealth/SDR v2, MFAS v2, Development Board. ATLAS as the hub with native Proxmark3 over Bluetooth. The complete operational workflow.

4.2 - Badge Cloning & Card Writing

Long-range reader capabilities. Chokepoint selection. Writing captured card data with Proxmark3. GPS-tagged card reads for evidence.

4.3 - Badge Replication & Pretexting

Replication kits. Remote badge recon from social media. Badge aging techniques. Cover story development. Matching details to the target environment.

4.4 - Bypass Tools

Under the door tool, double door tool, slim jim, CO2 REX sensor bypass gun, SEREPICK lock pick set, plug spinner, air wedge. When each tool applies.

"In the live class, you use these tools against real doors, real locks, and real access control systems with instructor guidance."

Section 5: Planning & Execution Methodology

3 Modules | 1h 15m

5.1 - Threat Profiling & Prioritization

Compiling recon into attack path options. The prioritization matrix: effort vs risk. Choosing the path of least resistance within authorization boundaries.

5.2 - Scenario Development & Ops Planning

Building a full attack scenario with timeline and cover story. Tool loadout decisions. Using ATLAS for operational planning. TAK integration for team coordination.

5.3 - Execution Principles

Intent review before every action. Tailgating psychology. Interior reconnaissance once inside. Real-time action logging in ATLAS. When to abort.

"In the live class, you build your scenario, brief it to your team, and execute the breach against a real facility with security personnel and role players."

Section 6: Post-Exploitation & Reporting

3 Modules | 1h 10m

6.1 - Post-Exploitation & Business Impact

Demonstrating business impact once inside. Evidence collection methodology. Knowing when to call the client in real-time vs documenting for the report.

6.2 - Writing the Report

Executive summary structure. Attack scenario narrative with timestamped entries. The defendable timeline. Exporting ATLAS data to JSON for SPEAR reporting.

6.3 - Capstone: Build Your Attack Plan

Guided exercise against a fictional target facility. Build a complete physical pentest plan: reference graphic, prioritization matrix, scenario, tool loadout, and reporting outline.

"You have built the plan. In the live class, you execute it. Three days, real building, real guards, real consequences."

Hardware Integration Throughout

The Doppelganger ecosystem and ATLAS platform are taught as the operational standard, not pitched as products. Students learn the methodology through these tools, and every module naturally demonstrates the hardware in context. By the time you finish the course, you know exactly what each tool does, when to use it, and how ATLAS ties everything together.

Browse the Store

Online to In-Person Pipeline

1

Complete the Online Training

Master the methodology at your own pace

2

Apply Your $500 Credit

Automatic credit toward in-person enrollment

3

Execute the Breach

3 days, real building, real guards

View In-Person Training

Downloadable Course Materials

14 professional templates and reference guides included with your purchase

Authorization Letter Questionnaire (fillable template)
Authorization Letter Template (fillable)
Client Scoping Questionnaire Template
Statement of Work Example
Reference Graphic Template (annotated satellite image)
Recon Checklist (remote + on-site)
Prioritization Matrix Template (effort vs risk)
Scenario Development Worksheet
Example Physical Pentest Report (sanitized)
Capstone Exercise Dossier (fictional target)
RFID Technology Quick Reference Card
Wiegand Format Reference Sheet
ATLAS Quick Start Guide
Recommended Tool Loadout Checklist