Our consultants use the Crime Prevention Through Environment Design (CPTED) methodology when assessing on-site physical security measures.
Design and assessment methodology:
Our testing tool of choice is the Proxmark3, the Proxmark3 is the swiss-army-knife of tools when it comes to RFID hacking. We can analyse and assess several commercial systems; Low frequency access controlled systems are by far the easiest to clone and attack. High frequency tags and badges vary in degree in difficultly depending on the manufacturer and implementation of the system. We have cracked the cryptography of a number of default cards and manufacturers and can consult on a number of solutions.
This is mainly of concern for small business and startups that used shared office space, but can include medium to large enterprises concerned about espionage. We can assess the strength of your door/desk locks and some commercial safes. We can make you aware of the different types of attack and provide guidance on how to alter your environments and change types of locks to lower the risk of physical attacks.In addition to our technical and practical approach, to perform real-world attacks to properly assess and demonstrate the strength of your physical security implementation. Below are some images of our tools used in these engagements: