SANS Stay Sharp Training - Live Online: Quickly sharpen your skills with 2-day management courses. Register now.
No classes scheduled at this time.


Please note that early bird discounts do not apply to Hosted courses.

Physical Penetration Testing

  ·  12 CPEs  ·  Laptop Not Needed

Physical security is an oft-overlooked component of data and system security in the technology world. While frequently forgotten, it is no less critical than timely patches, appropriate password policies, and proper user permissions. You can have the most hardened servers and network but that doesn't make the slightest difference if someone can gain direct access to a keyboard or, worse yet, march your hardware right out the door.

Those who attend this session will leave with a full awareness of how to best protect buildings and grounds from unauthorized access, as well as how to compromise most existing physical security in order to gain access themselves. Attendees will not only learn how to distinguish good locks and access control from poor ones, but will also become well-versed in picking and bypassing many of the most common locks used in North America in order to assess their own company's security posture or to augment their career as a penetration tester.


Day One

  • Why Physical Security Matters
  • Pin Tumbler Locks
  • Common Tools, Basic Opening Techniques
  • Pin Tumbler Locks (Tubular, Cross, Dimple)
  • Wafer Locks
  • Raking & Jiggling
  • Combination Locks (Shimming, Decoding)
  • Warded Locks
  • Lever Locks
  • Barrel Locks
  • Handcuffs & Gun Locks
  • Lock Bumping

Day Two

  • Pick Resistant Locks (keyways, pins)
  • Shim Resistant Locks
  • Side Pins
  • Side Bars (Medeco, Smart Key)
  • Mul-T-Lock overview
  • Rotating Disk overview
  • Magnetic Lock overview
  • Impressioning intro (filing, foil, casting)
  • Bump Countermeasures
  • Corporate Concerns (key control, master keying, fire access, elevators)
  • Electronic Locks (Cliq attacks, RFID cloning, access control sniffing)
  • Quick Bypassing for Pen Testers
  • Social Engineering for Pen Testers
  • Lockpicking Forensics
  • Legal Concerns
  • Details of Equipment and Tools



SANS Hosted are a series of classes presented by other educational providers to complement your needs for training outside of our current course offerings.

Course Syllabus

  • Penetration testers, security auditors, IT professionals responsible for infrastructure oversight.

This course begins at the complete novice level, no prior knowledge of lockpicking is necessary.

The cost of this class is inclusive of a $200 equipment fee. All students will leave fully-equipped to perform physical penetration engagements, conduct site survey assessments, exploit electronic access control systems, and continue their education and skill-building after the course. The security evaluation and attack tools that students retain at the conclusion include:

  • covert lock jigglers
  • tools for attacking warded locks
  • door bypassing tools
  • a bump key set
  • a shim blade lock decoding and lock bypassing
  • a comb pick for overlifting
  • a full set of practice locks with varying difficulty
  • lock disassembly tools and spare parts
  • a key measuring and pin measuring gauge
  • a CH751 key
  • a magnetic field detection probe
  • a covert Weigand protocol analyzer
  • a battery adapter for the protocol analyzer
  • a punchdown tool for installing the protocol analyzer
  • a small tactical equipment bag is also included to contain all of this field gear