This is probably my favorite part of a pentest. Doing the physical recon. As a U.S. Army Combat Veteran, I have learned a lot about physical reconnaissance and how to apply it outside of the battle field.

When doing physical recon, you should look for physical ways to penetrate the target. Look for ways to get in to the building, the network closets, the network/server racks, etc… Try a door, if it’s unlocked that’s one step closer to the end goal.

Another thing I like to do, since I have a background in networking, is carry a RS232 console cable and if I am able to get entry into an IDF/MDF, I will plug into the closest switch or router to the door and see if the engineer left the console logged in. If so I can do a ton of different things.

When you do conduct physical recon, and enter a target… make DAMN sure that you have a way out and a Get Out of Jail Free Card… or your Letter of Authorization.