Just finished up another fun SE/physical onsite pentest.
Physical security at this location was TIGHT. Some of the best I've ever seen. iClass SEOS with Elite Keys; downgrade disabled, Mantrap-style turnstiles with reverse-tailgate detection, ADA doors require manual unlock from security (Is that even legal?
). Two layers of 8 foot high anti-trespass fencing around the whole perimeter. Mirrored windows. Security cameras everywhere with 24-7 on-site monitoring.
ESPKey was basically my only shot at a technical/physical bypass. I couldn't get them to agree to let me try it, but I honestly wouldn't be surprised if they were actually using OSDP.
So I showed up carrying a cardboard box and security just buzzed me in.
