Blog

Latest Articles

Filter:
OT Pentest: Why SCADA, PLCs and Industrial Plants Need a Different Security Logic
08.06.2026 15 min

OT Pentest: Why SCADA, PLCs and Industrial Plants Need a Different Security Logic

The PLC had been running for 22 years. Never patched, never tested — but reachable via VPN tunnel for three years. Four hours of passive analysis gave us full write access to a water utility's valve control system. OT security is not IT security with a different name.

#ICS #IndustrialSecurity #KRITIS #Modbus #NIS2 #OTPentest #PhysicalPentest #PLC #RedTeam #SCADA
Before He Lands, He Already Knows Every Corner: Drones as a Recon Tool in Physical Pentesting
01.06.2026 16 min

Before He Lands, He Already Knows Every Corner: Drones as a Recon Tool in Physical Pentesting

A pharmaceutical company in Bavaria. A Tuesday morning. A drone nobody noticed – and three weeks later, a traceless break-in through exactly the spot that had shown up as a blind spot on the thermal camera. Drones are not a future scenario. They are the recon tool of the present.

#BuildingSecurity #CER #CriticalInfrastructure #Drone #OSINT #PhysicalPentest #RedTeam #RemoteRecon
Shoulder Surfing 2.0: How Thermal Cameras, Telephoto Lenses, and Smartphone Photos Bypass Your Access Control
26.05.2026 16 min

Shoulder Surfing 2.0: How Thermal Cameras, Telephoto Lenses, and Smartphone Photos Bypass Your Access Control

Your PIN code glows on a thermal camera eight minutes after entry. Your badge photo is in a color printer in three clicks. How visual exposure becomes a complete attack vector – and the policies that prevent it.

#BadgePolicy #PhysicalPentest #RedTeam #ShoulderSufring #ThermalAttack
Welcome Inside: How Attackers Use Visitor Management as an Entry Point
18.05.2026 16 min

Welcome Inside: How Attackers Use Visitor Management as an Entry Point

He was registered as a visitor at 9:30. He was in the server room by 9:47. No ID was requested, no escort enforced, no log audited. Visitor management is designed as a service process in most organisations – friendly, frictionless, hospitable. That is precisely the problem.

#Awareness #BuildingSecurity #CER #CriticalInfrastructure #NIS2 #PhysicalPentest #Pretexting #RedTeam #SocialEngineering
Power Out, Lock Open: What Happens to Your Access Control During a Power Failure
11.05.2026 15 min

Power Out, Lock Open: What Happens to Your Access Control During a Power Failure

One fuse pulled, four seconds, open door—no badge, no exploit, no alarm. Why Fail-Safe is legally mandated while simultaneously opening a full attack vector, and how you can manage both.

#BuildingSecurity #FailSafe #FailSecure #FireSafety #PhysicalPentest
What is a Penetration Test? Definition, Process, Costs and the Difference to Vulnerability Scanning
04.05.2026 19 min

What is a Penetration Test? Definition, Process, Costs and the Difference to Vulnerability Scanning

Firewall, SIEM, EDR – and still compromised. A penetration test is the only method that empirically proves whether your security measures hold up under real attack conditions. Everything you need to know: definition, types, process, costs and AI in 2026.

#CriticalInfrastructure #CyberSecurity #NIS2 #Penetrationtest #Pentesting #RedTeam #VulnerabilityScan
The Man Who Was Never There: Why Orphaned Access is the Most Dangerous Gap in Your Security Architecture
27.04.2026 15 min

The Man Who Was Never There: Why Orphaned Access is the Most Dangerous Gap in Your Security Architecture

A badge from an employee who left two years ago. Still active. Still valid. Still unnoticed. Offboarding failure isn't an HR problem—it’s a complete access vector spanning badges, AD, Cloud, and VPN.

#ActiveDirectory #IdentityLifecycle #KRITIS #NIS2 #Offboarding #PhysicalPentest #RedTeam
Through the Wall: Why Your Fences are Useless if the Backdoor is Open | CER & Pentest
21.04.2026 12 min

Through the Wall: Why Your Fences are Useless if the Backdoor is Open | CER & Pentest

Fences look great in annual reports. In reality, physical security often fails due to forgotten roof hatches or simple human politeness. Discover why your building envelope has more "hacker highways" than you think, and how the new CER Directive makes physical resilience a legal requirement.

#BuildingSecurity #CER #CriticalInfrastructure #PhysicalPentest #Resilience #Tailgating
Before they even open the door, they already know your building: Remote Recon to Physical Breach
13.04.2026 13 min

Before they even open the door, they already know your building: Remote Recon to Physical Breach

An attacker doesn’t need a crowbar. They need LinkedIn, Shodan, and 48 hours. How OSINT is becoming the most dangerous tool in physical pentesting—and what you can do about it.

#BuildingSecurity #OSINT #PhysicalPentest #RedTeam #RemoteRecon #SecurityAudit #SocialEngineering
Title: REX Sensor Blind Spot: Why Your Emergency Exits are Your Building’s Most Dangerous Entrances
07.04.2026 15 min

Title: REX Sensor Blind Spot: Why Your Emergency Exits are Your Building’s Most Dangerous Entrances

You secure the main entrance with biometrics and mantraps – while leaving the back door wide open through a poorly calibrated motion sensor. How a 4-second laser pointer attack on a REX sensor bypasses entire security architectures.

#BuildingSecurity #PhysicalPentest #PIRSensor #RedTeam #RequestToExit #REXSensor
The Wiegand Bottleneck: Why Physical Security Fails Without End-to-End Encryption
30.03.2026 13 min

The Wiegand Bottleneck: Why Physical Security Fails Without End-to-End Encryption

A lock is only as strong as the protocols behind it. The Saflok exploit proved that proprietary "security by obscurity" is dead. We explore the broader landscape of physical security vulnerabilities, demonstrating how tools like the Proxmark3 expose the flaws in millions of corporate perimeters and why the shift to end-to-end encryption (OSDP & EV3) is no longer optional.

#MIFARE #OSDP #PhysicalPentest #Proxmark #RFID #Saflok #Wiegand
NIS2, KRITIS Umbrella Act & Physical Security: Concrete Steps for Critical Infrastructure Operators
25.03.2026 15 min

NIS2, KRITIS Umbrella Act & Physical Security: Concrete Steps for Critical Infrastructure Operators

NIS2 has been in effect since December 2025; the KRITIS Umbrella Act followed in January 2026. For the first time, both demand verifiable physical security measures—with personal liability for executive management. A roadmap for affected operators.

#CER #Compliance #CriticalInfrastructure #KRITIS #NIS2 #Resilience
10 Minutes for 100 Million – Why Your Helpdesk might be Your Biggest Security Gap
16.03.2026 11 min

10 Minutes for 100 Million – Why Your Helpdesk might be Your Biggest Security Gap

A massive IT security budget won't save you if your helpdesk is tricked over the phone. We analyze the MGM hack, the psychology of social engineering, and show you how to bulletproof your team against vishing attacks.

#Awareness #CyberSecurity #Helpdesk #MGMHack #Pentesting #SocialEngineering #Vishing

About Access Granted

Address
Albert-Einstein-Straße 1, 95028 Hof
E-Mail
hello@access-granted.de
Phone
+49 9281 5918506

Useful Links

Pentest Portfolio

Think like an Attacker, Act as a Partner

© AccessGranted X GmbH