Physical Social Engineering

Overview

Physical social engineering targets facility access controls — door locks, badge readers, reception desks, and human gatekeepers. In authorized assessments, physical SE tests evaluate access control systems, employee challenge culture, and visitor management procedures.

Physical SE carries significant risk: testers may encounter law enforcement, security guards, or concerned employees. Always carry authorization letters on your person, have an emergency contact at the client, and establish a safe word for immediate de-escalation.

Topics in This Section

• Pretexting — creating believable identities and scenarios
• Tailgating & Piggybacking — gaining physical access through occupied entry points
• Badge Cloning — RFID/NFC badge duplication with Proxmark3

General Approach

1. Reconnaissance — study the facility, entry points, badge types, employee patterns
2. Pretext development — build a cover identity appropriate to the target
3. Authorization verification — confirm scope, carry authorization letter, set emergency contacts
4. Execution — attempt entry using agreed-upon methods
5. Documentation — photograph evidence, record timestamps, note security gaps
6. Debrief — report findings without naming specific employees who were bypassed