CovertAccessTeam

Another Covert Access Team course wrapped up earlier this month. The office was warned about the engagement beforehand. The students still got in. Physical security work is about adaptation, not scripts. Course recap: covertaccessteam.substack.com/p/last-weeks-c… Enroll: covertaccessteam.com/covert-access-…

Brian sits down with Alex Cole, the creator of Fitted, a new physical security tool built around a problem every physical pen tester understands: finding repeatable ways to exploit real-world access control assumptions. Listen on Youtube: youtu.be/tENt9DesK9E?si…

Most new physical pentesters want to jump right into physical pentests. For beginners, that’s usually a mistake. That’s why we built the Physical Audit Certification Training. Audits help you learn the fundamentals. Join our next PACT course May 23-24: covertaccessteam.com/physical-audit…

Federal prosecutors say a crew in Michigan moved ~400 high-end vehicles worth around $40M through a coordinated theft and export pipeline. Local theft → staging lots → shipping containers → rail/freight → overseas. Read the full post: covertaccessteam.substack.com/p/gone-in-60-s…

🚨 Covert Access Team is offering free physical security penetration tests and audits to a limited number of European companies. 🚨 Interested? Email brian@covertaccessteam.com to learn how your company can be considered. #CyberSecurity #PenTesting #PhysicalSecurity

Most teams waste recon time. Not because they’re lazy—but because they don’t know what “done” looks like. Let's break down how we structure recon across OSINT, long range, short range, and embedded—and what you should accomplish before moving closer: covertaccessteam.substack.com/p/recon-playbo…

Another idiot gets into a high-security airport. A man breached the perimeter in broad daylight, made it onto a remote taxiway, climbed onto a parked U.S. Air Force C-130, and started striking the aircraft with a handheld tool before being stopped: covertaccessteam.substack.com/p/another-idio…

Funny, Strange & Face Palm Developments in the Strait of Hormuz We break down what’s being reported, what’s unclear, and why it matters: covertaccessteam.substack.com/p/funny-strang…

Solo operations change the game. No backup. No second set of eyes. If you get burned, it’s over. Recon, timing, decision-making—it all sits on you. That’s exactly why we built Strategic Operations for Lone Operators. Join us for our next course: covertaccessteam.com/strategic-oper…

Most people know about “Most Wanted” lists. Far fewer realize you can legally use OSINT to help locate some of those individuals—and in certain cases, that’s all agencies are asking for. Let's break down how to approach these cases the right way: covertaccessteam.substack.com/p/the-man-hunt…

Why “black team”? Simple: clarity. The industry uses “red team” to mean offensive work, but in practice that almost always means cyber. Physical intrusion work isn’t cyber, and treating it like it is leads to missed vulnerabilities. Full breakdown: covertaccessteam.substack.com/p/red-team-vs-…

Here’s the reality: Most organizations don’t need a physical pentest yet. Not because they’re secure—but because their security is so weak the result is obvious. That’s where physical audits come in. Join us for our next PACT course May 23-24 (virtual): covertaccessteam.com/physical-audit…

A single damaged pylon. That’s all it took to disrupt crude flow into one of Germany’s largest refineries. In this breakdown, we walk through what actually happened and why it matters: covertaccessteam.substack.com/p/a-single-pyl…

A records dispute in Dunwoody has raised questions about how access to camera systems is tracked—and who may be able to view live feeds. In this breakdown, we walk through what’s actually known: covertaccessteam.substack.com/p/dunwoody-rec…

“10 petabytes” is not a typo. A threat actor is claiming they pulled that much data out of a Chinese national supercomputing center. If it’s real, this isn’t just another breach headline. Let's walk through what’s being claimed & why it matters: covertaccessteam.substack.com/p/hacker-claim…

Cameras, alarms, access control, reinforced doors — all matter, but in the end, physical security comes down to one question: will someone actually show up and stop the threat? When police won’t act, your security is just expensive theater... covertaccessteam.substack.com/p/when-police-…

In this episode, Brian Harris breaks down why so many physical security assessments miss the real threat by defaulting to the same outsider-at-2-a.m. scenario, while ignoring theft, insider activity, sabotage, and simple destruction. covertaccessteam.substack.com/p/time-on-targ…

Public vs private black team work isn’t just a pay difference. It’s a completely different operating environment. In this breakdown, we get into the real trade-offs: covertaccessteam.substack.com/p/thoughts-on-…

Can you get authorized personnel to unlock a door for you without having to engage with them? That’s the problem FIT’D is built to solve — and it does it with a level of simplicity that’s hard to ignore. Take a closer look: covertaccessteam.substack.com/p/fitd-enters-…

A 20-year-old is accused of planting an IED at MacDill Air Force Base, then fleeing to China with help from his sister. The device didn’t detonate. But it also wasn’t found for nearly a week — despite a warning call: covertaccessteam.substack.com/p/chinese-sibl…