About This Session
Physical penetration testing remains one of the most misunderstood and inconsistently executed disciplines in offensive security. While mature frameworks exist for network and application testing, physical engagements are too often treated as improvisational exercises: poorly documented, difficult to reproduce, and resulting in deliverables that read more like war stories than actionable intelligence.
This talk walks through the complete lifecycle of a physical penetration test using a composite case study drawn from real-world enterprise engagements. From scoping and passive reconnaissance through pretext development, on-site execution, real-time documentation, and final reporting, each phase is examined through the lens of a structured, repeatable methodology.
Attendees will see how planning decisions directly impact operational success, why real-time capture of findings is critical to report fidelity, and where most teams lose the thread between field discoveries and final deliverables. The talk addresses common challenges including managing OPSEC during documentation, coordinating between field operators and remote command elements, and translating physical access findings into business risk language.
Whether you're an operator sharpening your tradecraft, a security leader evaluating testing vendors, or a consultant elevating engagement quality, this session provides a practical blueprint.

