Our Services

Close Access Cyber Operations

Physical proximity enables cyber effects that remote operations cannot reach. Four tiers of close access capability, white-labeled under your brand, with compliance-ready deliverables for your client's audit.

FOOTPRINT

Site Intelligence & Targeting

Remote and on-site reconnaissance and physical security assessment to identify attack vectors before anyone touches a door.

LOE: 3-5 daysBest for: Gap analysis, engagement scoping
  • OSINT collection and third-party access mapping
  • Pattern-of-life observation and shift analysis
  • Security system and access control identification
  • Drone-based aerial mapping and entry point identification
  • Perimeter assessment and RF environment survey
  • Proximal attack surface mapping (systems exploitable from adjacent spaces, parking areas, or public zones without building entry)

THRESHOLD

Physical Penetration Test

Hands-on physical penetration testing and close-proximity exploitation, from badge cloning and lock bypass to wireless attacks conducted without entering the building.

LOE: 1-2 weeksBest for: Compliance-driven annual testing
  • Social engineering and pretext development
  • Access control exploitation — credential cloning, long-range capture, badge replay and relay attacks
  • Lock and barrier bypass techniques
  • Close access cyber reconnaissance — exposed network infrastructure, wireless enumeration, attack surface analysis
  • Close-proximity wireless exploitation and IoT device exposure
  • Compliance-mapped findings (PCI, HIPAA, SOC 2, ISO, NIST RMF, CMMC)

STRONGHOLD

Objective-Based Red Team Operation

Full-spectrum red team operations combining close access cyber techniques against high-value targets with kill-chain reporting from approach to objective.

LOE: 2-4 weeksBest for: Mature programs, joint cyber-physical ops
  • Network infrastructure targeting
  • Live implant deployment (drop box, rogue AP, cellular bridge) with remote access validation and partner handoff
  • Close access cyber operations — credential harvesting, Wi-Fi exploitation, lateral movement, domain-level objective demonstration
  • Advanced PACS exploitation — encrypted credential analysis, reader-controller interception, head-end targeting
  • OT/ICS assessment — protocol identification, segmentation testing, controlled impact demonstration
  • Off-cycle operations (nights, weekends, holidays)
  • Multi-framework compliance mapping

CADENCE

Continuous Assessment Program

Continuous penetration testing program with quarterly on-site assessments, remediation validation, and annual security posture reporting.

LOE: Annual retainerBest for: Ongoing compliance and audit support
  • Rotating quarterly assessments with varied vectors
  • Remediation validation and re-testing
  • Social engineering benchmarking over time
  • Close access threat updates — new techniques, OT/ICS protocol coverage, and emerging attack vectors incorporated each cycle
  • New facility assessments and ongoing advisory

How We Work

Invisible to your client.

1

Partner Scoping

Your cybersecurity firm brings us in early. We help define the close access scope, ROE, and compliance mapping.

2

Reconnaissance

OSINT collection, site observation, access control identification, and targeting package development.

3

Execution

We operate under your brand, your ROE, and your communication protocols. From inside the building or from the parking lot, the client sees your name only.

4

Deliverables

Compliance-mapped finding cards, operation narratives, and remediation guidance — in your template or ours.

Ready to add close access capability?

Tell us about your engagement and we'll scope the right tier for your client's compliance requirements.

Start a Partnership