The presentation discusses the legal and ethical implications of a penetration testing project gone wrong and the importance of clear communication and scoping with clients.
- The presentation recounts a penetration testing project that resulted in the testers being arrested and charged with burglary and trespassing.
- The charges were eventually dropped, but the incident highlights the legal and ethical implications of penetration testing and the importance of clear communication and scoping with clients.
- The presentation emphasizes the need for scoping calls to clarify the scope of the project and avoid miscommunications.
- The presenters also stress the importance of recording calls and documenting all communication with clients.
- The presentation concludes with a call to action for the cybersecurity community to advocate for a good samaritan law to protect penetration testers from legal repercussions when working in good faith.
The presenters describe the overwhelming support they received from the cybersecurity community after their arrest, including hundreds of messages and offers of help from colleagues and strangers alike.