Skip to main content
SE

We are supporting Coalfire

By October 30, 2019No Comments

We are supporting CoalfireIf you haven’t read the post from Coalfire’s CEO, Tom McAndrew, you should. It is here: https://www.coalfire.com/News-and-Events/Press-Releases/Coalfire-CEO-Tom-McAndrew-statement

TechRepublic’s report tells us that in 2019 so far, there is a 54% increase in breachesover 3,800 so far this year. It is this exact reason we see intelligent companies increasing their spending, efforts, and time focusing on securing their people, perimeter, networks, and everything in between.  That is exactly what two Coalfire pentesters were doing.

We personally had the privilege of having Justin Wynn as a student in our Advanced Practical Social Engineering class this summer. He was honorable and followed our motto to “always leave them feeling better for having met you.”  When we look at how Justin and Gary handled this pentest, that motto seems to have been followed.

After gaining access to the Judicial Branch Building at the Dallas Iowa County, they left a business card, left everything intact, and exited the building. The next day, they were greeted with a “congratulations text” from their point of contact. The next night, they went to test the Courthouse facility and found that some employees left the door openit was midnight. Instead of using this as part of their test (to be honest I would have), they closed the door, locked it, and proceed to perform their test as if the building was secure. After gaining access, they purposefully tripped the alarm to test the reaction times.

Upon greeting the deputies, they gave their authorization letter and had their state contacts on the phone. All of this was verified and they were just about to be released when Sheriff Chad Leonard arrived and arrested them. Now, Justin and Gary are being charged with criminal trespass.

In a time when law enforcement should be partnering with companies like Coalfire and other pentest groups, this is very disheartening indeed.

Like other companies in this space, Social-Engineer will be sending a support letter to the State of Iowa and Dallas County calling on their reason to drop these charges.

Christopher Hadnagy

CEO, Social-Engineer, LLC

Leave a Reply

Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now