PenTest Magazine Publishes Physical Penetration Testing Article by RedTeam Security's Jeremiah Talamantes

Share Article

While great advances in Firewall, IPS and DLP technology have enabled most organizations to thwart data breaches, still many IT security budgets don’t include enough funds to address physical security concerns, if at all. Get an in-depth look into how a Physical Penetration Test is developed and executed.

Pentest Magazine has published an article by RedTeam Security titled, "Formulating and Performing a Sound Physical Penetration Test." The article focuses on planning and conducting a Physical Penetration Test for an organization. The content covers everything from writing the Rules of Engagement (RoE), equipment selection, reconnaissance, RFID cloning, social engineering, evading guards, bypassing mantraps and creating diversions.

"According to Verizon’s 2013 Data Breach Investigations Report, physical security accounted for 35% of threat actions in 2012. This was a noticeable increase from only 10% in 2011. Having strong network access controls, VPN, code review, electronic pentests and cryptographic controls are well and fine, if carried out correctly. However, these controls will not stop an attacker who can physically enter the premises and access systems and data directly. Simply stated, vulnerabilities in an organization’s physical security pose significant threats that are often understated or ignored by many IT security teams. As a result, physical security flaws exist in company infrastructure that threatens their very livelihood."

Subscribe to the RedTeam Security LABS newsletter to receive a free copy of the Pentest Magazine issue at -

Jeremiah Talamantes is a Managing Partner and Security Researcher for RedTeam Security Corporation, an information security consulting firm based in Minneapolis, MN USA. He is a CISSP, CEH, CHFI and CCISO and has been an Information Security expert for over 15 years. His security research has resulted in numerous 0-day discoveries and he leads RedTeam Labs where he writes regularly on information security topics. Some of the main topics of his most recent work involve advanced penetration testing, application security and security research.

RedTeam Security is a small, privately held information security services firm located in the Warehouse District of downtown Minneapolis, MN. We specialize in Application Penetration Testing, Network Penetration Testing, Physical Penetration Testing, Social Engineering, Ethical Hacking and Compliance services(PCI, HIPAA).

RedTeam Security
Email: info(at)redteamsecure(dot)com
Phone: 612-234-7848

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Jeremiah Talamantes
since: 03/2009
Follow >
RedTeam Security
since: 12/2009
Like >
RedTeam Security

Visit website