Blog

Latest Articles

Filter:
Power Out, Lock Open: What Happens to Your Access Control During a Power Failure
Newest Article 11.05.2026 14 min

Power Out, Lock Open: What Happens to Your Access Control During a Power Failure

One fuse pulled, four seconds, open door—no badge, no exploit, no alarm. Why Fail-Safe is legally mandated while simultaneously opening a full attack vector, and how you can manage both.

#PhysicalPentest #BuildingSecurity #FireSafety #FailSafe #FailSecure
04.05.2026 19 min
What is a Penetration Test? Definition, Process, Costs and the Difference to Vulnerability Scanning

What is a Penetration Test? Definition, Process, Costs and the Difference to Vulnerability Scanning

Firewall, SIEM, EDR – and still compromised. A penetration test is the only method that empirically proves whether your security measures hold up under real attack conditions. Everything you need to know: definition, types, process, costs and AI in 2026.

#Pentesting #CyberSecurity #CriticalInfrastructure #RedTeam #NIS2 #Penetrationtest #VulnerabilityScan
27.04.2026 15 min
The Man Who Was Never There: Why Orphaned Access is the Most Dangerous Gap in Your Security Architecture

The Man Who Was Never There: Why Orphaned Access is the Most Dangerous Gap in Your Security Architecture

A badge from an employee who left two years ago. Still active. Still valid. Still unnoticed. Offboarding failure isn't an HR problem—it’s a complete access vector spanning badges, AD, Cloud, and VPN.

#PhysicalPentest #RedTeam #IdentityLifecycle #Offboarding #ActiveDirectory #NIS2 #KRITIS
21.04.2026 12 min
Through the Wall: Why Your Fences are Useless if the Backdoor is Open | CER & Pentest

Through the Wall: Why Your Fences are Useless if the Backdoor is Open | CER & Pentest

Fences look great in annual reports. In reality, physical security often fails due to forgotten roof hatches or simple human politeness. Discover why your building envelope has more "hacker highways" than you think, and how the new CER Directive makes physical resilience a legal requirement.

#PhysicalPentest #CER #CriticalInfrastructure #BuildingSecurity #Tailgating #Resilience
13.04.2026 13 min
Before they even open the door, they already know your building: Remote Recon to Physical Breach

Before they even open the door, they already know your building: Remote Recon to Physical Breach

An attacker doesn’t need a crowbar. They need LinkedIn, Shodan, and 48 hours. How OSINT is becoming the most dangerous tool in physical pentesting—and what you can do about it.

#SocialEngineering #PhysicalPentest #BuildingSecurity #OSINT #RedTeam #RemoteRecon #SecurityAudit
07.04.2026 15 min
Title: REX Sensor Blind Spot: Why Your Emergency Exits are Your Building’s Most Dangerous Entrances

Title: REX Sensor Blind Spot: Why Your Emergency Exits are Your Building’s Most Dangerous Entrances

You secure the main entrance with biometrics and mantraps – while leaving the back door wide open through a poorly calibrated motion sensor. How a 4-second laser pointer attack on a REX sensor bypasses entire security architectures.

#PhysicalPentest #BuildingSecurity #RedTeam #REXSensor #RequestToExit #PIRSensor
30.03.2026 13 min
The Wiegand Bottleneck: Why Physical Security Fails Without End-to-End Encryption

The Wiegand Bottleneck: Why Physical Security Fails Without End-to-End Encryption

A lock is only as strong as the protocols behind it. The Saflok exploit proved that proprietary "security by obscurity" is dead. We explore the broader landscape of physical security vulnerabilities, demonstrating how tools like the Proxmark3 expose the flaws in millions of corporate perimeters and why the shift to end-to-end encryption (OSDP & EV3) is no longer optional.

#PhysicalPentest #RFID #Saflok #MIFARE #OSDP #Wiegand #Proxmark
25.03.2026 15 min
NIS2, KRITIS Umbrella Act & Physical Security: Concrete Steps for Critical Infrastructure Operators

NIS2, KRITIS Umbrella Act & Physical Security: Concrete Steps for Critical Infrastructure Operators

NIS2 has been in effect since December 2025; the KRITIS Umbrella Act followed in January 2026. For the first time, both demand verifiable physical security measures—with personal liability for executive management. A roadmap for affected operators.

#CER #CriticalInfrastructure #Resilience #NIS2 #KRITIS #Compliance
16.03.2026 11 min
10 Minutes for 100 Million – Why Your Helpdesk might be Your Biggest Security Gap

10 Minutes for 100 Million – Why Your Helpdesk might be Your Biggest Security Gap

A massive IT security budget won't save you if your helpdesk is tricked over the phone. We analyze the MGM hack, the psychology of social engineering, and show you how to bulletproof your team against vishing attacks.

#Vishing #SocialEngineering #MGMHack #Pentesting #Awareness #CyberSecurity #Helpdesk
PAGE 1 / 1

About Access Granted

Address
Albert-Einstein-Straße 1, 95028 Hof
E-Mail
hello@access-granted.de
Phone
+49 9281 5918506

Useful Links

Pentest Portfolio

Think like an Attacker, Act as a Partner

© AccessGranted X GmbH