Comment by sandworm101

6 years ago

>>> Mr. Demercurio told the deputies that part of the job was to “check out law enforcement response time,” the documents say

HA! There is nothing that cops like more than to participate in random timed response tests. I cannot imagine anything worse that one could ever say to a cop. Even if it is true, do not ever admit that you are "testing" police, not to the overworked, under-staffed and generally frustrated officers who are stuck working the night shift.

14 comments

sandworm101

ineedasername 6 years ago

Well, it may be necessary to tell them, but there needs to be a backstop in place, a contract to wave around, proper identification, a live phone number to call to get confirmation, etc. The cops will still be pissed, if you weren't careful in following their instructions when they caught you then you might find yourself tasered and soaked in someone's urine (hopefully your own, I guess) But you wouldn't be, as these two are, getting charged with felony burglary.

austinheap 6 years ago
You're 100% correct. Having done multiple red teams I would never attempt to break into a building without 1) the CEO on call, 2) a notarized statement of work identifying my and the client's identity, and 3) notarized authorization from the landlord.
If a client refuses any of these then the physical pillar is quite simply off the table.
- elif 6 years ago
  
  If the "physical pillar" is off the table, would you really feel confident giving any sort of certification of security?
  Kinda like a mechanic saying "I checked the brakes, this car will definitely go for 100k miles without a breakdown"
sandworm101 6 years ago

You tell them you were testing security. You tell them you were testing the alarm system. You DO NOT tell them that you are measuring their response time.

rolltiide 6 years ago

And the police just throw them into the system and say not my problem

0xDEFC0DE 6 years ago

>I cannot imagine anything worse that one could ever say to a cop.

From the physical pentests I've heard about (never done it myself), they tend to get cordial with LE if they get caught.

This might change that if we find out that the cops were less than friendly even after they showed the get-out-of-jail-free card/pentesting contract.

olliej 6 years ago

... especially when they are trigger happy and don’t experience consequences for shooting people

qzx_pierri 6 years ago
you didn’t need to take it there
- WaxProlix 6 years ago
  
  GP made a point of talking about how overworked and aggrieved the cops tend to be, which is a talking point among thin blue line types; I didn't necessarily read anything into their statement other than maybe wondering about how true it is (IME cops more-or-less tend to be well compensated and work reasonable hours, due to strong unions and cultural priorities) -- but I can see where someone would read more into it.
  
  1 reply →
- journalctl 6 years ago
  
  Too bad the people who got shot aren’t here to offer up their opinions.
  
  1 reply →
- tomp 6 years ago
  
  Why not? Cops with guns would be my main concern if I were doing any kind of physical pentesting...
- orange-juice 6 years ago
  
  What are your thoughts on killing cops?