Comprehensive Physical Security Audit Checklist

R3zk0n · October 2, 2025

Evasion   Exploitation   Network   Security
Contents

    1. Door and Lock Inspection

    Hinge Inspection

    • Hinges on the Outside of Door: Check if the hinges are visible and accessible from outside the door.
    • Hinges Have Exposed Screws: Inspect if the heads of screws on the hinge plates are visible.
    • Hinge Pin Isn’t Fixed: Determine if it’s possible to easily remove the hinge pin.
    • No Interlocking Protection When Closed: Open the door and inspect if there’s an interlocking mechanism when the door is closed.

    Latch Inspection

    • Door Gap: Look for a gap between the door and the frame where a tool could be inserted.
    • Latch Type: Identify the type of latch that secures the door.
    • Demonstrate Latch Loiding: Demonstrate if the latch can be manipulated using a simple tool or a card.
    • Test for Dead Latch: Check if there’s a dead latch in place that might prevent latch loiding.
    • Test for Latch Guard: Inspect if there’s a latch guard (protective metal sheet) installed.

    2. Lock Bypassing Techniques

    Over the Door (Film) Attack

    • Door Handle Type: Check if pulling the handle upwards opens the door.
    • Door Gap: Inspect if there’s a sufficient gap (at least 1mm) between the door and the frame to allow a film to be inserted.

    Under the Door Tool

    • Door Handle Type: Confirm if the door uses a lever-style handle that can be operated by pulling down.
    • Demonstrate Under the Door Tool Use: Demonstrate if a tool can be inserted under the door and manipulated to operate the handle.

    Over the Door Tool

    • Door Handle Type: Confirm if the door uses a lever-style handle that can be operated by pulling down.
    • Demonstrate Over the Door Tool Use: Demonstrate if a tool can be inserted over the door and manipulated to operate the handle.

    Padlock Shimming

    • Padlock Type: Confirm if the padlock uses a simple locking mechanism susceptible to shimming.
    • Demonstrate Padlock Shimming: Demonstrate if a shim can be made from an aluminum can and used to unlock the padlock.

    3. Other Bypassing Techniques

    Going Over/Under Wall in Crawl Space

    • Assess Potential Crawl Spaces: Determine if someone can bypass a locked door by going over or under the wall through a crawl space.

    Triggering Sensors

    • Test Sensor Response: Test if you can trigger the door sensors using simple tools like cardboard or spray.

    4. Social Engineering

    Observing Tailgating Practices

    • Observe Entrance and Exit Points: Observe if someone can gain unauthorized access to the building by following closely behind another person.

    5. Wireless and Network Security

    Wireless Testing

    • Network Discovery: Identify all wireless networks available in and around the premises.
    • Encryption Strength: Determine the encryption standards and their strength for each wireless network.
    • Intrusion Detection: Check if the network has intrusion detection or prevention systems (IDS/IPS) in place.
    • Test For Rogue Access Points: Use a Wi-Fi analyzer to identify unauthorized or rogue access points.

    Internal Network Testing

    • Network Mapping: Identify all devices, servers, and network equipment on the```markdown internal network.
    • Firewall Rules: Test the firewall rules for any unnecessary open ports or services.
    • Intrusion Detection: Check if the network has intrusion detection or prevention systems (IDS/IPS) in place.
    • Test For Rogue Devices: Use a network scanner to identify unauthorized devices on the network.

    6. Building and Perimeter Security

    Building Exterior

    • Visibility: Inspect if there are any obstructions (like trees or bushes) that could provide cover for an intruder.
    • Lighting: Check if the exterior of the building is well-lit, especially around entrances and exits.
    • Security Cameras: Confirm if there are security cameras installed, and if they cover all exterior areas of the building.

    Perimeter Fencing

    • Fence Condition: Inspect if the fence is in good condition, without any gaps or damage that could allow access.
    • Fence Height: Check if the fence is high enough to deter intruders.
    • Gates: Confirm if gates are secure and in good working order.

    Building Entrances

    • Access Control: Check if there are access control measures in place (like key cards or biometric scanners).
    • Visitor Management: Confirm if there is a system for managing visitors, like a sign-in process and visitor badges.
    • Emergency Exits: Check if emergency exits are secure from the outside, while still allowing for safe evacuation.

    7. Physical Security Policies and Procedures

    • Security Policies: Confirm if there are clear policies in place for physical security, and if they are communicated to all staff.
    • Security Training: Check if there is regular training for staff on security procedures and how to respond to security incidents.
    • Incident Reporting: Confirm if there is a clear process for reporting security incidents, and if it is followed.

    8. Security Personnel

    • Security Staff: Check if there are security staff on-site, and if they are visible.
    • Security Patrols: Confirm if security staff conduct regular patrols of the building and grounds.
    • Response to Incidents: Check if security staff are trained to respond to security incidents, and if they know how to escalate issues when necessary.

    9. Alarm Systems

    • Alarm System: Confirm if there is an alarm system in place, and if it is in good working order.
    • Alarm Response: Check if there is a clear process for responding to alarms, and if it is tested regularly.

    10. Secure Areas

    • Secure Areas: Check if there are areas within the building that require additional security measures.
    • Access to Secure Areas: Confirm if access to these areas is controlled and monitored.
    • Security of Sensitive Information: Check if measures are in place to secure sensitive information, like locking file cabinets and shredding documents.

    11. Fire and Safety Measures

    • Fire Safety: Confirm if there are fire safety measures in place, like fire extinguishers and smoke detectors.
    • Safety Signage: Check if there is clear signage for things like emergency exits and hazardous areas.
    • First Aid: Confirm if there are first aid kits available, and if staff are trained in first aid.

    12. Environmental Controls

    • Climate Control: Check if there are measures in place to protect against environmental threats, like flooding or extreme temperatures.
    • Power Supply: Confirm if there is a backup power supply in case of a power```markdown outage.
    • Disaster Recovery: Check if there is a disaster recovery plan in place, and if it is tested regularly.

    13. Door Frame Spreading

    • Door Frame Strength: Check the strength and integrity of the door frame. A weak or damaged frame can be more susceptible to spreading.
    • Door Frame Gap: Measure the gap between the door and the frame. A larger gap can make it easier to insert a tool for spreading.
    • Door Frame Material: Identify the material of the door frame. Certain materials, like wood or aluminum, may be more vulnerable to spreading than others, like steel.
    • Demonstrate Door Frame Spreading: If possible and with proper authorization, demonstrate how a tool like a halligan bar can be used to spread the frame and open the door.

    14. Magnetic Lock System Bypass

    • Magnetic Lock Strength: Check the strength of the magnetic lock. A stronger magnet will be more difficult to bypass.
    • Power Supply: Confirm if the magnetic lock is dependent on a continuous power supply. If so, it may be vulnerable to power outages or deliberate power cuts.
    • Backup System: Check if there is a backup system in place in case of power failure.
    • Access Control System: Inspect the access control system associated with the magnetic lock. If it’s weak or compromised, the magnetic lock can be bypassed.
    • Demonstrate Magnetic Lock Bypass: If possible and with proper authorization, demonstrate how a magnetic lock can be bypassed. This could involve disrupting the power supply or exploiting weaknesses in the access control system.

    Remember, the effectiveness of these methods will depend on the specific REX system and other security measures in place. Regular security audits and updates to security systems can help mitigate these risks.

    ===========================================================================================

    Non-destructive firefighter videos are a great source of DIY tools and techniques:

    https://www.youtube.com/watch?v=HqhKiiONja0

    https://www.youtube.com/watch?v=DEz7oJ6Jl2Q

    https://www.youtube.com/@CoastalFireTrainingLLC

    Great talk on latch slipping:

    https://www.youtube.com/watch?v=pmsKo3ydrRg

    This talk covers attacks and defences:

    https://www.youtube.com/watch?v=4YYvBLAF4T8

    Common bypasses:

    https://www.youtube.com/watch?v=7Lsm4l3mRqw

    You mostly just need to identify if these are doable..

    Under door tool usage and diy:

    https://www.youtube.com/watch?v=T2rxlzdqu1g

    Over the door trick:

    https://www.youtube.com/watch?v=byYGPO4ptxs

    Hinge attack:

    https://www.youtube.com/watch?v=nJu_-Iuppc0

    Diy bypass tools:

    https://www.youtube.com/watch?v=EzL72_OzMK0

    Under door tool from brass wire:

    https://www.youtube.com/watch?v=TCalV8HqnIM

    Customizable UDT:

    https://www.youtube.com/watch?v=gdkCsC90RMc

    J tool:

    https://www.youtube.com/watch?v=1ciqsCJD3f0

    Rapping:

    https://www.youtube.com/watch?v=pU9MB5XPsp4

    Shimming:

    https://www.youtube.com/watch?v=c2DcfJLquOk

    Impressioning, copying and decoding:

    https://www.youtube.com/watch?v=ChbyaXBKNY8

    https://www.youtube.com/watch?v=4rCUK5K6wwY

    DYI:

    https://www.youtube.com/watch?v=egtn7swD_Jg

    https://www.youtube.com/watch?v=Nzb1L-DSzaA

    Twitter, Facebook