Services
Physical-led security testing
Physical-led testing that shows how real threats gain access, persist, and create impact—not whether controls are documented.
We validate how determined adversaries exploit physical environments and human behaviour. Where explicitly authorised, we also demonstrate the downstream exposure that physical compromise can create. Every engagement is intelligence-led, discreet, and tailored to each organisation's risk profile.
We are not a compliance checklist service. We simulate realistic attack paths and translate exposure into clear, actionable risk decisions.
Physical Intrusion Testing
Validating how physical access is realistically achieved — and what it enables
We test whether perimeter measures, access controls, and onsite security prevent unauthorised entry under real-world conditions—without relying on checklist assumptions.
We identify credible attack paths into facilities and restricted areas and validate what physical access enables in practice. Where explicitly authorised, we demonstrate post-entry exposure to evidence escalation potential and material risk.
This service helps organisations understand:
- How physical access could realistically be achieved
- Where controls fail under pressure or routine conditions
- What physical presence enables in practice
- Which weaknesses represent genuine risk, not theoretical gaps
Social Engineering & Human Access Testing
Assessing how trust, routine, and authority undermine controls in practice
Social Engineering and Human Access Testing focuses on the human element of security — often the most effective and least visible attack vector. These engagements assess how staff, contractors, and on-site security respond to realistic adversary behaviour in everyday operational environments.
Testing is conducted professionally and ethically. The objective is to identify where trust, routine, and social pressure override process. We do not single out individuals; we assess systemic weaknesses in controls, training, and environment.
- How human behaviour bypasses formal controls
- Where process and training break down in practice
- How social pressure enables access or escalation
- Which human risks materially affect security posture
Adversary Simulation
Demonstrating how individual weaknesses combine into real-world impact
Adversary Simulation shows how a capable attacker would plan, adapt, and progress over time. We begin with physical access and human trust—then validate how those footholds can develop into meaningful organisational risk.
Engagements combine reconnaissance, intrusion, and social exploitation to identify chained attack paths that would not be visible through isolated testing. Where explicitly authorised, operations may include validation of internal exposure following physical compromise.
- Visibility of credible end-to-end attack paths
- Evidence of how weaknesses cascade across domains
- Clear understanding of impact, not just access
- Executive-level reporting and decision support
Deliverables
Executive Summary
Decision-grade overview: what was possible, why it mattered, and priority fixes for board and leadership.
Evidence Pack
Timeline, photographs, observations, and artefacts aligned to objectives. Reproducible and defensible.
Attack Path Narrative
How weaknesses chained together to enable access and impact — not a list of findings in isolation.
Remediation Plan
Practical steps mapped to likelihood reduction and containment. Testable and prioritised.
Leadership Debrief
Concise walkthrough for stakeholders with Q&A and agreed next actions.
Safety & Governance
All engagements are governed by clear rules of engagement to maintain safety, legality, and proportionality.
- Defined objectives, constraints, and excluded areas
- Named points of contact and escalation routes
- Safe words, stop conditions, and immediate abort criteria
- Controlled onsite windows and deconfliction planning
- Evidence handling and confidentiality expectations
Engagement Principles
Every BlackTrace engagement is built on the same foundations.
- Objective-led and proportionate
- Discreet, low-disruption execution
- Evidence-led findings with clear traceability
- Prioritised remediation that reduces real risk
- Stakeholder-ready communication and debrief