A previous question of mine lead to this discussion which mentioned the subject of Document forgery.
I've seen many people (in videos) forge IDs and employee badges for such engagements so that seems fine as a test. However, if asked to present a more critical/serious document like a "Permission to Attack" slip (when caught), or asked by a police officer to present some ID, should we test them by first show them a forged "Permission to Attack" slip or ID and only show the real documents if caught?
If the customer wants you to focus on one specific task (e.g. bypassing locks, social engineering, etc.), then that's all you're authorized to do and all you are legally allowed to do.
If the customer wants you to use "anything that's legal", in order to best simulate a real attacker, them you can indeed present a forged permission to attack, possibly even with instructions added that you should be left alone during the engagement.
Why would you do that? In order to check if security personnel actually verifies of a Permission to Attack is valid or not. Otherwise an attacker could present a forged Permission to Attack and use this to gain entry to the company?
Never show law enforcement a forged document or lie to them about who you are or what you are doing. You are testing the company, not the law enforcement.
Or to put it in simple terms: When you talk to the police, you're no longer a pentester.
External links referenced by this document: