Black Teaming Methodology
BTM is a seven-phase framework for authorized operations involving physical access, people, and physical security controls.
BTM focuses on physical operations and the human and procedural failures around them. If a physical foothold leads to internal technical reachability through a live network port, meeting room infrastructure, wireless access, or exposed access-control management systems, that transition can be documented when it is in scope. Deeper internal validation should then follow the client's approved internal pentest or wireless testing method. Supporting references are collected under External Links.
The Seven Phases
Each phase has a clear job.
- 1. Reconnaissance: Gather remote and physical intelligence about people, routines, entry points, identity cues, and access control technology.
- 2. Planning: Turn that intelligence into a practical plan for initial access, expand-access, and persistence while preserving room for improvisation.
- 3. Initial Access: Gain the first confirmed entry to the target environment.
- 4. Expand Access: Use the first foothold to reach additional areas, higher privilege, and higher-value systems or assets.
- 5. Persistent Access: Determine whether access can be repeated or maintained through reliable mechanisms.
- 6. Exit: Leave the environment in a controlled way, recover equipment, and preserve evidence.
- 7. Reporting: Turn the engagement into a complete customer-facing report with narrative, findings, and remediation guidance.