The security of your high-value assets and critical infrastructure relies on more than just digital encryption.
While millions are spent on firewalls, the physical perimeter remains the most direct route for an adversary to cause operational shutdown, theft of intellectual property, or catastrophic damage to infrastructure. At Mongoose, we provide the UK’s premier physical penetration testing service, delivered by an elite, in-house team of former UK Special Forces (Special Reconnaissance Regiment) personnel.
We apply the same level of analytical rigour and covert operational expertise to your corporate headquarters, R&D facilities, and industrial estates that is required in high-threat environments globally.
During a recent engagement for a major UK energy and gas distribution estate, we demonstrated the vulnerability of large-scale industrial logistics.
After conducting covert reconnaissance of the site’s HGV operations, our team identified that heavy vehicles underwent regular, external tyre inspections by a third party. Posing as a tyre inspector, complete with the correct equipment, PPE, and a credible pretext, our specialists successfully bypassed the primary security gatehouse. Once on-site, we moved freely across the estate, gaining access to restricted storage areas and critical infrastructure. We proved that an adversary could have caused a total operational shutdown without triggering a single alarm or technical alert.
Our team consists exclusively of former members of the Special Reconnaissance Regiment (SRR): the UK’s elite specialists in covert surveillance and reconnaissance. In their previous professional roles, these operators specialised in Covert Methods of Entry (CMOE) and Foot Surveillance within high-threat, hostile environments. By bringing this specific skill set to the commercial sector, we provide a level of adversarial realism that standard security consultants simply cannot match. They are trained to see the subtle procedural and physical gaps that others are not programmed to recognise.
The Intelligence Gap
Automated tools focus on "known-knowns"; common software signatures and unpatched services. They are incapable of:
Asset & Intellectual Property Exposure:
Could an intruder sabotage critical machinery, steal prototypes, or access sensitive physical documentation?
Operational Integrity & Business Continuity:
Testing the resilience of your facility against targeted threats or unauthorised personnel in restricted zones that could cause a total site shutdown.
Supply Chain & Third-Party Exploitation:
Identifying how regular interactions; deliveries, maintenance, and site services, can be leveraged as a "Trojan Horse" for unauthorised access.
Our physical engagements follow a strict operational lifecycle built upon industry-leading frameworks:
UK National Protective Security Authority (NPSA):
Following the STaMP (Surreptitious Threat Mitigation Process) for high-tier asset protection.
Food Defence Standards (TACCP & VACCP):
Validating the physical security controls required to prevent intentional contamination and food fraud.
PTES Section 2.4.1:
Adhering to the Penetration Testing Execution Standards for physical reconnaissance and exploitation.
OSSTMM & ISO/IEC 27001:2022
Applying the Open Source Security Testing Methodology Manual for physical security and validating the effectiveness of Annex A.7 physical controls.
We provide the technical depth required by IT teams and the strategic clarity needed by stakeholders.
Elite Personnel:
Our in-house team consists of former Special Reconnaissance Regiment (SRR) personnel. If our operators are trained to identify and exploit vulnerabilities in hostile environments globally, they are uniquely equipped to secure your corporate or industrial facility.
Specialised Reporting:
We don't just find holes; we provide a strategic roadmap for physical hardening, staff training, and procedural changes.
Strict Rules of Engagement:
Every audit is conducted with a focus on safety and legal compliance, ensuring our simulations remain professional and non-disruptive.
Why use former Special Forces for a physical audit?
Which industries should consider a physical penetration test?
What types of facilities do you test, and what happens once you are inside?
How long does a physical engagement take?
Ready to see the gaps others are missing?
Don't wait for a real adversary to find the pathway. Contact our team today to discuss a tailored manual assessment for your organisation.
