2026-06-04 –, Track 1
If you can open the server room door, you don’t need exploits.
In this talk, we demonstrate nine real-world ways attackers bypass a server room door and achieve full compromise—no malware, no zero-days, no phishing required. Firewalls, EDR, and IAM become irrelevant the moment physical access is gained.
This is not theory. These are techniques used in actual red team engagements across Europe. We show how attackers exploit trust, abuse operational gaps, and chain physical access into full compromise. These techniques go beyond tailgating.
We also cover how modern attackers accelerate these intrusions using AI—automating OSINT to map targets and using deepfake voice pretexting to convincingly talk their way through restricted access points.
If your threat model stops at the network edge, this talk will break it.
Everyone talks about bypassing EDR. Almost nobody talks about bypassing the door that renders EDR useless.
This session is a practitioner-led breakdown of how attackers compromise organisations by gaining physical entry. First we will introduce you to our real-world server room door. Then we present nine distinct, field-tested techniques that allow entry into such critical areas—each of which we have used during real red team engagements. Identifying such vulnerabilities efficiently is one of the key tenets of door assessment that gets repeated on every job!
Once inside, the path to full compromise is trivial: console access, hidden camera or microphones, network implants, stolen documents. We show how these attacks actually unfold in the real world, including how small, “acceptable” deviations from policy accumulate into systemic failure.
These are not edge cases—they are repeatable patterns.
Finally, we introduce the role of AI in physical intrusions. Attackers are already using automated OSINT to profile targets at scale and deepfake voice technology to impersonate trusted personnel, lowering the barrier to successful pretexting.
This talk focuses on what works, why it works, and why most organisations are not prepared for it.
Jiří is a security consultant with over 20 years of experience in IT, management, and ethical hacking. He specialises in Red Team operations and physical security assessments, simulating real-world attacks to uncover weaknesses in organisational security. He has first-hand experience of successful intrusions into international corporations, banks, and government institutions.
He works as an independent consultant and trainer. Across Europe, he conducts physical penetration tests, provides security consulting services to large organisations, and trains professionals in ethical hacking and Covert Methods of Entry. His work combines deep technical expertise, hands-on experience from real engagements, and the ability to transfer practical knowledge to other security specialists.
I am a Red Team Operator and Physical Penetration Tester with over 20 years experience. I started my career as a Unix DB Admin before lured to world of Enterprise Solutions. I spent many years working for Blue Chip companies in IT before discovering my true passion, security. I continued to work for those Blue Chip companies but also working in Formula 1, Industrial Control Systems, Telcos and Pharmaceutical companies. I now focus on Physical Security!