Skip to content

The one where we counted sockets and took control

Hi-vis jackets, a convincing story, and zero questions asked. We walked into C-Suite offices, photographed credentials, ran network scans, and lifted a corporate laptop - all without raising suspicion. Physical penetration testing proves the weakest security layer isn't your locks or badges. It's trust.

Worker in high-visibility jacket used as disguise during physical penetration testing engagement

In the bustling heart of London, the Swarm’s latest engagement began not with a bang, but with the familiar flash of hi-vis jackets and the quiet confidence of seasoned social engineers. Disguised as everyday contractors, blending seamlessly into the office environment with a simple story: we were just there to count sockets and switches.

The approach

We’d done our homework. Vishing calls gave us floorplans, staff routines, and the location of sensitive zones. Armed with that intelligence, we headed straight for floors six and seven.

The sixth floor housed the C-Suite. Restricted access. High value.

The only thing standing between us and the executive offices? A polite receptionist who waved us through without an escort, without ID checks, without a second thought.

Escalation

A locked corridor on the internal staircase down to floor five briefly slowed our advance. Rather than retreat, we went back to reception.

This time, we asked for broader access.

The result? Full building entry from floors three through seven. Freshly issued staff passes. No ID required.

The run of the house

With passes in hand, we moved unrestricted:

    • Observing staff and security protocols
    • Viewing sensitive documents left on desks
    • Photographing credentials and access points
    • Running network scans from a booked focus room

All without raising suspicion. Every layer of security fell to a well-timed question or a nod of assumed authority.

The breach

As operations drew to a close, two final moves proved the severity of the exposure:

  • A building entry pass quietly lifted from a desk, unnoticed.
  • A high-value, unlocked corporate laptop providing immediate access to their internal systems. We messaged our internal point of contact directly from the user’s Teams account, while the rightful owner searched the floor for their missing device.

What we proved

A convincing pretext, focused reconnaissance, and hi-vis jackets granted full access to executive floors, sensitive documents, and privileged systems.

No challenges. No questions asked. Not even a request for ID.

The weakest link wasn’t the locks, the badges, or the network security. It was trust. And trust, when misplaced, opens every door.

This engagement validated a fundamental truth: physical security controls only work when they’re enforced at every layer, by every person, every time.

What would an attacker find if they walked through your door today?

Don’t wait until someone who isn’t on your side tests how far confidence and a convincing story can go.

Take control of your security posture today with constant, targeted offensive security that tests every layer –digital, physical, and social – before real adversaries do.