{"id":29170,"date":"2019-09-19T01:45:32","date_gmt":"2019-09-19T01:45:32","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\/"},"modified":"2019-09-19T01:45:32","modified_gmt":"2019-09-19T01:45:32","slug":"remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\/","title":{"rendered":"Remember that security probe that ended with a sheriff cuffing the pen testers? The contract is now public so you can decide who screwed up"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2017\/03\/20\/burglar.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>The infosec duo cuffed during an IT penetration test <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/www.theregister.co.uk\/2019\/09\/13\/pentest_arrest_coalfire\/\">that went south<\/a> last week are out of jail, though not necessarily out of the woods.<\/p>\n<p>Both Florida man Justin Wynn, 29, and Gary Demercurio, 43, of Seattle, are out on bond following their arrest in the small hours of last Wednesday on burglary allegations.<\/p>\n<p>If you need a quick catch up: Wynn and Demercurio, of computer security biz Coalfire, were hired by the US state of Iowa to test the IT defenses of its court system. During such tests, contractors typically play the role of hackers trying to break into an organization&#8217;s networks or offices to steal or tamper with data and equipment, and then draw up a report on their findings and methods so that the customer can plug any gaps in its security.<\/p>\n<p>As part of this assessment process, the pair decided to physically slip into the county courthouse of Dallas, Iowa, at night and see what equipment they could access. However, both were nabbed by county sheriff Chad Leonard, who accused the duo of third-degree burglary. It is <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/www.desmoinesregister.com\/story\/news\/crime-and-courts\/2019\/09\/18\/iowa-courts-dallas-county-courthouse-coalfire-contract-judicial-branch-test-security-ia-crime-arrest\/2356047001\/\">claimed<\/a> that even though the professionals told Leonard they were on a job, and put him in contact with a state official who said the men should be set free, the lawman detained them nonetheless.<\/p>\n<p>&#8220;I advised them that this building belonged to the taxpayers of Dallas county and the state had no authority to authorize a break-in of this building,&#8221; Leonard wrote in an email obtained by the Des Moines Register.<\/p>\n<p>Wynn and Demercurio were booked into jail, and released later that day after posting bail and without any formal charges filed. An attorney for Demercurio told <em>El Reg<\/em> this evening that prosecutors in the US state have yet to announce whether they will pursue charges against the infosec pair.<\/p>\n<p>For his part, Wynn seems to be taking the affair in his stride&#8230;<\/p>\n<blockquote class=\"twitter-tweet\" readability=\"3.8\">\n<p lang=\"en\" dir=\"ltr\">*whistles inconspicuously*<\/p>\n<p>\u2014 Red Team Wynns (@RTWynns) <a href=\"https:\/\/twitter.com\/RTWynns\/status\/1172296024607645697?ref_src=twsrc%5Etfw\">September 12, 2019<\/a><\/p><\/blockquote>\n<p>Earlier today, the Iowa Judicial Branch and Coalfire issued a joint statement setting out their separate versions of events leading up the collaring of Wynn and Demercurio in the early hours of September 11. Contracts and other paperwork describing the probe were also publicly shared for all to see, albeit with redactions.<\/p>\n<p>Coalfire said it believed, from the wording of its contract, that its employees were allowed to physically break into the courthouse as part of the $75,000 IT penetration test Iowa had commissioned. However, the court officials said they had a different interpretation of the penetration test contract: while it was agreed that physical penetrations were authorized, officials didn&#8217;t agree with Coalfire on the scope of these probes.<\/p>\n<p>The primary rub right now seems to be that the contract states that all tests must be carried out during business hours \u2013 6am to 6pm Mountain Time, Monday to Friday \u2013 though this can be varied with a change order. There is no sign of such a change order in the released paperwork, though all of the appendices are missing from the bundle, so if one exists, it may be in there somewhere. Remember that Wynn and Demercurio were nabbed at shortly after midnight.<\/p>\n<p>&#8220;Coalfire and State Court Administration believed they were in agreement regarding the physical security assessments for the locations included in the scope of work,&#8221; the two sides said in their <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/www.iowacourts.gov\/announcements\/state-court-administration-statement\/\">joint press release<\/a>, which includes the contracts and other materials.<\/p>\n<p>&#8220;Yet, recent events have shown that Coalfire and State Court Administration had different interpretations of the scope of the agreement.<\/p>\n<p>&#8220;Together, Coalfire and State Court Administration continue to navigate through this process. To that end, the Iowa Judicial Branch and Coalfire will each be conducting independent reviews and releasing the contractual documents executed between both parties.<\/p>\n<p>&#8220;State Court Administration has worked with Coalfire in the past to conduct security testing of its data and welcomed the opportunity to work with them again. Both organizations value the importance of protecting the safety and security of employees as well as the integrity of data.&#8221;<\/p>\n<p>So, essentially, it seems, the state&#8217;s court administrators were under the impression the Coalfire team would only try to enter its offices, in order to access computers on the network, during the day. Demercurio and Wynn, however, were under the impression they could make their move at any hour.<\/p>\n<p>The rules of engagement, for what it&#8217;s worth, allow for &#8220;limited physical bypass&#8221; at three locations, including the Dallas County Courthouse: think tailgating clerks through doors, picking locks, and so on. This may or may not cover sneaking in at night while in possession of, as the sheriff alleged, burglary tools.<\/p>\n<p>Look, clearly these guys aren&#8217;t burglars: judging by the above statements, this is a pen-test during which the rules got lost in translation. Likely, we will not have the full story until prosecutors decide on whether to press charges, and the two infosec bods are at liberty to share their side of the story. \u00ae<\/p>\n<p class=\"wptl btm\"><span>Sponsored:<\/span> <a href=\"https:\/\/go.theregister.co.uk\/tl\/1858\/-7799\/beyond-the-data-frontier?td=wptl1858\">Beyond the Data Frontier<\/a><\/p>\n<p>READ MORE <a href=\"http:\/\/go.theregister.com\/feed\/www.theregister.co.uk\/2019\/09\/19\/iowa_pentester_update\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Both sides have different interpretations of the rules The infosec duo cuffed during an IT penetration test that went south last week are out of jail, though not necessarily out of the woods.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":29171,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-29170","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Remember that security probe that ended with a sheriff cuffing the pen testers? The contract is now public so you can decide who screwed up 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Remember that security probe that ended with a sheriff cuffing the pen testers? The contract is now public so you can decide who screwed up 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2019-09-19T01:45:32+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/09\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"648\" \/>\n\t<meta property=\"og:image:height\" content=\"471\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Remember that security probe that ended with a sheriff cuffing the pen testers? The contract is now public so you can decide who screwed up\",\"datePublished\":\"2019-09-19T01:45:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\\\/\"},\"wordCount\":854,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/09\\\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\\\/\",\"name\":\"Remember that security probe that ended with a sheriff cuffing the pen testers? The contract is now public so you can decide who screwed up 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/09\\\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up.jpg\",\"datePublished\":\"2019-09-19T01:45:32+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/09\\\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/09\\\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up.jpg\",\"width\":648,\"height\":471},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Remember that security probe that ended with a sheriff cuffing the pen testers? The contract is now public so you can decide who screwed up\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Remember that security probe that ended with a sheriff cuffing the pen testers? The contract is now public so you can decide who screwed up 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\/","og_locale":"en_US","og_type":"article","og_title":"Remember that security probe that ended with a sheriff cuffing the pen testers? The contract is now public so you can decide who screwed up 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2019-09-19T01:45:32+00:00","og_image":[{"width":648,"height":471,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/09\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Remember that security probe that ended with a sheriff cuffing the pen testers? The contract is now public so you can decide who screwed up","datePublished":"2019-09-19T01:45:32+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\/"},"wordCount":854,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/09\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\/","url":"https:\/\/www.threatshub.org\/blog\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\/","name":"Remember that security probe that ended with a sheriff cuffing the pen testers? The contract is now public so you can decide who screwed up 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/09\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up.jpg","datePublished":"2019-09-19T01:45:32+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/09\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/09\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up.jpg","width":648,"height":471},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/remember-that-security-probe-that-ended-with-a-sheriff-cuffing-the-pen-testers-the-contract-is-now-public-so-you-can-decide-who-screwed-up\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Remember that security probe that ended with a sheriff cuffing the pen testers? The contract is now public so you can decide who screwed up"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/29170","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=29170"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/29170\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/29171"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=29170"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=29170"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=29170"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}