Physical attack techniques: lock picking/bypass (credit card shimming, bump key), tailgating (following authorized person), RFID cloning (Proxmark3 copies badge), USB drop, hardware implant (network tap, keylogger), social engineering security guards.
Physical pen testing requires very specific written authorization including: target locations, date/time windows, permitted techniques, emergency contact for challenged testers. Always carry authorization letter. Many physical pen testers are detained by security or police — authorization protects you legally.