• Home
  • About CSA
    • Defense
    • Offense
    • FAQ
  • Learn
    • Getting Started in Cyber Security
    • Weekly Meetings (Zoom)
    • Past Meetings
    • Are you curious?
      Do you like Puzzles?
    • Capture the Flag (CTF)
  • News
  • Events
    • Calendar
    • Meetings
    • Competitions
      • NCL Competition
  • Join CSA
  • Contact
CSA: Cyber Security Association @ BYU-IdahoCSA: Cyber Security Association @ BYU-Idaho
  • Home
  • About CSA
    • Defense
    • Offense
    • FAQ
  • Learn
    • Getting Started in Cyber Security
    • Weekly Meetings (Zoom)
    • Past Meetings
    • Are you curious?
      Do you like Puzzles?
    • Capture the Flag (CTF)
  • News
  • Events
    • Calendar
    • Meetings
    • Competitions
      • NCL Competition
  • Join CSA
  • Contact

Pen Testers Who Got Arrested Doing Their Jobs Tell All

Pen Testers Who Got Arrested Doing Their Jobs Tell All

August 5, 2020 Posted by editorX

Coalfire’s Gary De Mercurio and Justin Wynn share the details of their physical penetration-testing engagement gone wrong, as well as recommendations for protecting all red teamers.

When they first scanned the cardkey to the front entrance of the Dallas County Courthouse in Iowa, red-team experts Gary De Mercurio and Justin Wynn didn’t hear the requisite click of a lock disengaging. It was after midnight on Sept. 11, 2019, the last leg of their penetration-testing engagement for the state of Iowa’s Judicial Branch, and they got their first big surprise of that now-infamous evening.

“Justin grabs the door and we look at each other, and I said, ‘Did it work?’ and he’s like, ‘No, it’s open,'” recalls De Mercurio, a senior manager at Coalfire. “The door was locked, but they hadn’t latched it all the way.”

So the two social engineering and physical pen-test experts could get a more accurate take on the entrance security, Wynn closed the door and they started all over again with the cardkey, this time with the door locked. De Mercurio then slid a plastic cutting board retrofitted with a handy notch into the doorjamb and used it to unlatch the door. The pair figured they had somewhere between 20 to 30 seconds from then until the building alarm would sound, so they executed the usual next step in the physical testing process: checking the strength of the alarm’s passcode settings by first typing in the system’s default code as well as easy-to-guess combinations.

Once the alarm sounded, the pair went back to work looking for other potential vulnerabilities in the courthouse while waiting to see if the authorities would respond. … Read the full story here:  Pen Testers Who Got Arrested Doing Their Jobs Tell All


Latest Updates

  • Join Us (Spring 2021)! May 18, 2021
  • Apple pays 20 year old white-hat hacker and his team $288,000 for 3 months of work. October 10, 2020
  • Security Opportunity “What’s really changed three years after Equifax breach?” September 14, 2020
  • HELP WANTED ‘We are outnumbered’ September 7, 2020
  • The Big Tesla Hack September 5, 2020

CSA Mission Statement

Our mission is to enhance student learning and professional growth by providing opportunities for students to better prepare themselves academically and professionally. We accomplish this through competitions, learning activities, special guest speakers, student and alumni networking, and providing groups to study for cyber security related certifications.
- CSA Presidency
Join Button

© 2018-2023 · BYU Idaho - Cyber Security Association