Physical Red Team / Physical Penetration (PRT)
Foundations of Physical Red Teaming — Lawful, Practical, Hands-On
Course Overview
Learn how professional red teams plan, reconnaissance, and execute lawful physical security assessments. A five-day, instructor-led course blending OSINT, surveillance, social engineering, access control testing and professional reporting — for security staff, new operatives and vetted professionals.
This five-day, practitioner-led course trains newcomers to become competent junior physical red-team operators within lawful, client-sanctioned environments. Through classroom theory, realistic roleplay and controlled fieldwork you’ll learn reconnaissance, surveillance, social engineering, badge & reception testing, secure team comms and professional AAR reporting — all taught with strict legal and safety boundaries.
Why This Course
Practical, scenario-based training on instructor-owned or client-sanctioned sites.
Progressive learning: Beginner → Intermediate → Applied field exercises.
Emphasis on ethics, documented ROE and remediations security teams can implement immediately.
Small class sizes, hands-on props (cutaway locks, mock access panels, training badges) and confederate roleplay
Course learning outcomes
By the end of the course you will be able to:
Prepare a lawful mission plan with PACE and clear Rules of Engagement.
Conduct public OSINT that supports a physical assessment without compromising ethics.
Run disciplined surveillance, keep professional observation logs and produce a defensible evidence pack.
Execute safe social engineering roleplays (reception, delivery and door-holding pretexts) in controlled settings.
Assess access control behaviour using trainer badges and recommend mitigations for tailgating and over-privileged visitor profiles.
Produce a professional After Action Report (AAR) with risk ratings and remediation steps.
Course outline — 5 day overview
Day 0 — ROE signoff, legal brief, OPSEC primer.
Day 1 — Foundations & OSINT: Law & ethics, OSINT for physical ops, approach mapping.
Day 2 — Surveillance & Covert Comms: Observation posts, hand signals, secure comms SOP, benign device detection.
Day 3 — Social Engineering & Badge Testing: Confederated roleplay (reception, delivery, door-holding), visitor badge sandbox tests.
Day 4 — Mechanical Security & Surveys: Cutaway locks, installation faults, CCTV blindspots, lighting audit.
Day 5 — Full Mission Simulation & AAR: Team mission under ROE, evidence pack, oral debrief to client panel.
Practical elements
Lock and entry bypass
Alarm identification
CCTV Identification
Access control systems
Building and obstacle scaling
Social engineering
Elicitation
Online target reconnaissance
ID badge cloning and attacks
Radio frequency reconnaissance
Installing covert audio/visual devices
Logistics & pricing
Typical class size: 6–12 delegates. Private course & bespoke client dates available.
Duration: 5 days, 09:00–17:00.
Location: Instructor training facility / client-sanctioned sites (UK & UK-based travel available).
Price: Contact us for current dates & pricing — group discounts available.
FAQs
Q: Is this course suitable for people with no prior experience?
A: Yes — the course is designed to take beginners through a progressive syllabus; advanced participants will be offered higher-difficulty practicals where appropriate.
Q: Will I learn how to open locks and bypass alarms?
A: No. We focus on non-destructive inspection, detection and remediation. Techniques that could be used to commit crime are deliberately excluded. Advanced, sensitive content for vetted professionals can be provided under strict contractual terms.
Q: Can we run the course on our client site?
A: Yes — we offer bespoke on-site delivery where we can run agreed, sandboxed exercises. Full ROE and site approval are required.
Q: Do you provide equipment?
A: We supply training props (locks, badges, roleplayers). Delegates should bring a notebook, phone for documentation (used within ROE) and suitable clothing for fieldwork.
Q: What vetting is required?
A: For standard public courses, ID and declaration of intent are required. Advanced modules or on-site client engagements may require additional vetting.