Black Teaming Methodology

About

Black Teaming Methodology is a practical reference for authorized physical security testing, social engineering, and black team operations. It exists to describe the work as an end-to-end method instead of treating it like a loose collection of tricks.

Why BTM Exists

Physical security testing is often explained badly. In many places it is reduced to generic pentest language, isolated bypass tricks, or war stories that do not tell clients or operators how the work should actually be scoped, executed, and reported.

BTM is meant to give operators and clients a shared structure for reconnaissance, planning, initial access, access expansion, persistence, exit, and reporting. That matters because the work becomes easier to scope, easier to execute cleanly, and easier to explain when the method is explicit.

The goal is not to remove improvisation. The goal is to give the work enough structure that improvisation happens on top of a method instead of in place of one.

Who Is Behind Black Teaming Methodology

BTM is created and maintained by John-André Bjørkhaug.

Placeholder portrait for John-André Bjørkhaug

John-André Bjørkhaug

Creator of BTM

John-André Bjørkhaug is a Norwegian penetration tester and red team operator with more than 17 years of experience across internal infrastructure, social engineering, physical security, IoT and OT, and full-scale red team engagements.

He is educated as an electrical engineering background, which shows up clearly in the way he approaches physical systems and access-control technology. John has worked on several hundred security assessments.

He has been active in the Norwegian security community for years, has spoken at events such as DEF CON, BSides LV, Disobey, HackCon and many more. He also runs the HackCon lockpick village.

What BTM Tries To Improve

BTM tries to make physical testing easier to plan, easier to explain to customers, and easier to report in a way that captures the full chain from reconnaissance to outcome.

That means less emphasis on isolated tricks and more emphasis on realistic operator workflows, evidence quality, control failure chains, and clear reporting that the client can actually use.