When you’re eliciting, direct questions often put people on their guard. That’s why we teach students how to elicit WITHOUT questions. Instead, we train techniques like naivete, reciprocity & more. Intrigued? Join our Feb 22-23 elicitation course:

Malicious AI Models Found on Hugging Face – What You Need to Know Recent reports reveal that malicious AI models have been uploaded to Hugging Face, embedded with malware designed to execute unauthorized code on users’ systems. Read more:

New podcast episode out now! Ritu Gill is a master OSINT investigator with 17 years of experience in law enforcement and government work. She now runs her own OSINT consultancy and also serves as the President of the OSMOSIS Association. Substack |

Who’s going to be the one to snag our last available seat in the March Covert Access Training course? 🤔 Tag someone in the comments you think should go! About our CAT course:

Just because you didn’t (or couldn’t) test a potential attack vector doesn’t mean it shouldn’t be in the report you give to your client! In this blog post, we look at why it’s important to include potential attack vectors in your client reports:

What’s the best way to break into a building? 🤔 It depends! On a recent job, we discovered two completely different ways to access a client’s restricted floor. Route 1: the walking RFID. Route 2: the daredevil Read now:

In the early hours of January 25, 2025, the Drents Museum in Assen, Netherlands, became the target of a meticulously planned theft. In our latest blog post, we explore how they executed the heist and what physical pentesters can learn from this event:

How could an attacker cripple a continent’s power grid with a kite and a copper cable? Recent research demonstrates how an attacker could capture & analyze legitimate radio signals, then effectively replay or manipulate commands to take over:

Only a couple seats left in our Covert Access Training course March 24-28! And our June CAT course is ALREADY sold out. If you’re looking to up your covert entry skills in 2025, snag one of the last seats in our March course:

Look at this building 👇 See anything that makes it “irredeemably insecure”? That was the determination after a physical security audit was performed on this building (the former headquarters of MI6). Let's take a closer look:

If you’re looking to get into physical pentesting or auditing in 2025, our latest blog post is for you! From personal skills assessments to identifying security vulnerabilities everywhere you go, here’s our overview to getting started:

Our latest podcast episode has dropped! Our guests have DECADES of combined experience in OT security and share their thoughts on everything from current threats and trends to the threat squirrels pose to OT security. Spotify:

GIVEAWAY: Want to join our Elicitation Toolbox Training course in February FOR FREE? > Like this post for 1 chance to win > Tag a friend below for 2 chances to win > Subscribe to our newsletter for 3 chances to win: About ETT:

Think of someone you trust. Can you recall how you STARTED to trust them? 🗨️👇 In this post, we look at how to build trust quickly–a useful skill whether on a physical pentest or making a new friend! Read now:

We’ve sold out seats for our May 2025 Elicitation Toolbox Training! 🤯👏👏 We still have a few seats left for our February 22-23 ETT course. Learn more & enroll on our website:

How will your company be investing in your physical security in 2025?

What cultural differences make eliciting in your home country unique? Share your thoughts in the comments 🗨️👇 Elicitation across different cultures is one of the many topics we cover in our two-day Elicitation Toolbox Training course:

How do you spot security cameras when trying to navigate a target building undetected? 📸🤔 Share your preferred methods in the comments below! Check out a few of our favorite methods to spot security cameras before they spot us in our latest blog post:

Elicitation can be done in both physical and digital environments. Former student Ilias M. said he’ll be using the skills he learned from our elicitation course to improve the phishing campaigns he performs in his role as a pen tester. Learn more:

Bugs, glorious bugs! 🐛🐞🦗 These devices can be used on covert engagements to collect audio, video, or other data from a target environment without detection. They come in many forms but in this blog post, I’m going to talk about the humble cell phone: