Physical Security

1. Red Teaming Basics

2. OSINT Advanced

2.1 Keeping Anonymity

2.2 Big data


2.3 Ctf path Forensics and OSINT

2.4 Dark web and vpn operations


3. Social Engineering


Social Engineers' Playbook Practical Pretexting

3.1 Physical Social Engineering

Using social engineering as part of actual Red Team operations with the intent of tricking unsuspecting users is also well within the realm of Red Team. Tricking people is optional though. You can skip the phishing part and use seeded access, or intentionally creating remote access to a specific host or hosts, to make your operations less time consuming. This function is distinct from phishing assessments which are for end-user awareness measurement and training. Example: You’re tasked by the intel team to create a convincing whale phish to test against your C-suite. Skill Building: Check your spam folder for phishing samples, and try out @HackingDave’s Social Engineer Toolkit for the nuts and bolts.

3.2 Phishing


3.3 Privacy engineering path

3.4 Cyber anti-Forensics


4. Physical Attacks

Some Red Teams include physical within their scope of operations. This can be as simple as hiding a drop box somewhere on site, to a full on covert entry scenario. Don’t expect every organization to be excited about this. It’s a fun topic, but often not a risk organizations are interested in mitigating. Example: Network jacks in the headquarters lobby are on the internal LAN, and you need to demonstrate an attack against them.

4.1 Physical Security system bypassing

4.2 Badge Hacking

4.3 Physical Network Operations

  • Network Implants

  • LAN Tap Pro

  • LAN Turtle

  • Bash Bunny

  • Key Croc

  • Packet Squirrel

  • Shark Jack


Cameradar tool

Pentester backpack:

4.4 Embedded and Peripheral Devices Hacking

4.5 Lock picking

Awesome lockpicking repo

4.6 Physical Forensics and anti-Forensics


5. A complete physical penetration test

Misc videos