Physical Penetration Testing
Hands-on training in physical security assessment techniques. Learn to identify vulnerabilities in access control, surveillance systems, and human factors through authorised testing methods.
This comprehensive course provides hands-on training in physical penetration testing techniques used by security professionals to assess and improve organisational security. Participants learn to identify vulnerabilities in physical security systems through authorised testing methods.
Topics include HID-based attacks using Rubber Ducky and OMG cable, RF security and credential cloning, technical surveillance countermeasures (bug sweeping), lock picking and bypass techniques, and professional security assessment and reporting.
The course also covers social engineering techniques including pretexting, tailgating, and impersonation, enabling participants to assess human factors in physical security.
Ethical Framework
All activities are framed within lawful, ethical engagement rules with strong emphasis on authorised testing only. Participants must sign an ethics agreement before commencing training.
Security Pen-Testing: Physical Premises Penetration Testing
A face-to-face course combining theory, demonstrations, and hands-on practical exercises in a controlled lab environment. Learn to think like an attacker to better defend organisational assets and physical infrastructure.
Certification: Participants who successfully complete all modules receive a CDU TAFE Certificate of Attendance in Physical Penetration Testing.
Training Modules
Pen-Test Fundamentals
Physical penetration testing lifecycle, scoping, rules of engagement, and legal/ethical/safety considerations for physical testing activities.
HID-Based Attacks
Keystroke injection techniques, Ducky Script syntax, and deploying payloads using Rubber Ducky and OMG cable for authorised testing.
RF Security and Credential Cloning
RF technologies in access control (LF/HF RFID, NFC), keyfob assessment, Faraday protection, and credential cloning techniques.
Technical Surveillance Countermeasures
Bug detection principles, conducting structured bug sweeps, and documenting surveillance countermeasure findings.
Lock Picking and Bypass
Lock mechanisms, non-destructive entry principles, and hands-on practice with bypass techniques on training equipment.
Social Engineering
Pretexting, tailgating, and impersonation techniques. Psychological principles and developing pretexts within ethical boundaries.
Assessment and Reporting
Physical security assessment frameworks, conducting walkthroughs using checklists, and drafting professional pen-test reports with actionable recommendations.
Knowledge Outcomes
Upon completion, participants will understand:
- Physical penetration testing lifecycle, scoping, and rules of engagement
- Legal, ethical, and safety considerations for physical testing activities
- HID-based attacks, keystroke injection, and Ducky Script syntax
- RF technologies in access control (LF/HF RFID, NFC, keyfobs/Faraday protection)
- Technical surveillance countermeasures and bug detection principles
- Lock mechanisms, bypass techniques, and non-destructive entry principles
- Physical security assessment frameworks and professional pen-test reporting
- Social engineering tactics and psychological principles used in physical penetration testing
- Pretexting, tailgating, and impersonation techniques within ethical and legal boundaries
Skills Outcomes
Upon completion, participants will be able to:
- Write and deploy Ducky Script payloads for authorised testing
- Perform RF credential assessment using appropriate tools
- Conduct structured bug sweeps and document findings
- Apply basic lock picking and bypass techniques on training equipment
- Conduct physical security walkthroughs using assessment checklists
- Draft professional security assessment reports with actionable recommendations
- Propose appropriate mitigations and security improvements
- Develop and execute social engineering pretexts for authorised security assessments
- Identify social engineering vulnerabilities and recommend security awareness measures
Career Pathway: This course prepares participants for roles in physical security assessment, corporate security consulting, red team operations, and security audit functions within government and enterprise organisations.
Entry Requirements
- Basic understanding of IT security concepts
- Commitment to ethical conduct and lawful use of techniques
- Signed acknowledgement of course ethics agreement
- Minimum age 18 years
Open to security professionals and those entering the field. Students can bring their own laptop device to class, however it is not essential for training.
Course Fees
Flat Fee (2026): $1,650.00
Includes all materials and equipment
Fees shown are indicative and subject to change annually. Payment plans may be available upon request.
Enquire About This Course
Quick Facts
Duration: 10 weeks
Schedule: Tuesdays 5-8pm
Location: Casuarina
Start: 3 February 2026
Fee: $1,650
Who Should Attend
This course is ideal for IT security professionals, corporate security officers, facilities managers responsible for physical security, and individuals seeking to enter the security assessment field.
Prior cybersecurity experience is beneficial but not essential. A commitment to ethical conduct is mandatory.
Related Courses
AI Cyber Essentials (1-day) AI Security Bootcamp (2-day) Online Cyber Safety Skills - Beginner All ICT Short CoursesCourse Enquiries
For more information about this course, start dates, or custom training for organisations:
Email: tafe.ict@cdu.edu.au Phone: 08 8946 7517 Course BookingICT, Cybersecurity and Digital Technology