Case Study
Regional Bank: Physical & Social Ingress in 24 Minutes
Financial ServicesOrg size: 1–5k employeesFocus: Physical & Social Engineering3-week engagement
Demonstrated on-prem workstation access in under 24 minutes from arrival, identifying weak badge verification and visitor logging practices.
Challenge
A regional bank with multiple branches wanted to understand how quickly a motivated attacker could move from the public lobby into sensitive areas without triggering alarms or obvious security events.
Approach
- • Performed pretext and OSINT work to identify likely entry points, branch layouts, and staff routines.
- • Executed on-site ingress at a primary branch using a low-friction vendor pretext and cloned badge access where possible.
- • Pivoted from lobby to staff areas, gaining proximity to unlocked workstations and pivot-ready network jacks.
- • Documented all observed physical, human, and process weaknesses with timestamps, photos, and clear remediation steps.
Outcomes
- • Demonstrated lobby-to-workstation access in under 24 minutes from first entry, without challenge from staff.
- • Drove improvements to visitor management, badge verification, and workstation lock policies across branches.
- • Enabled the security team to build realistic training and tabletop scenarios based on observed attack paths.