alt Hacker NewsThey had written authorization from the state court and verbal confirmation from state court officials. They didn't know there would be a pissing match between the judicial branch and the sheriff.
They had written authorization from the state court and verbal confirmation from state court officials. They didn't know there would be a pissing match between the judicial branch and the sheriff.
But afaik this wasn't a state courthouse; it's a county courthouse. Legally, obviously, the state has authority and they were in the right, but functionally this is really good advice: if you're doing a penetration test of a space, you functionally need to clear it with the people who are responsible for the security of that space, and whom you might encounter defending it.
Frankly, I would not have taken this gig unless you had verbal confirmation that the Sheriff knows about it and has signed off. If you're entering a red team situation where the State wants to assess the security of their county courthouses, but doesn't want the local authorities to know its happening because they don't trust them: That is not a situation you want to be in the middle of, they gotta sort that out.