BSidesCharm - 2017 - Joshua Rosenbl -I Went Phishing and Caught a Charge Maryland Law for Pentesters

I Went Phishing and Caught a Charge – Maryland Law for Pentesters A full penetration test can involve social and physical aspects as well as the expected digital ones. This talk introduces the basics of Maryland law with an eye toward keeping you (and your employees) out of jail. Are lockpicks legal? Can social-engineering your way past security be considered a crime? What limits are there on phishing an employee’s personal (BYOD) device? And if the police DO get called, some suggestions are given with regard to how to present your get-out-of-jail letter (B&E permission slip) to the officer. While this talk uses Maryland law as an example, many other states operate off of similar principles. Free-State peculiarities will be noted. Presenter: Joshua Rosenblatt Josh is an attorney, law-enforcement-officer, and all-around nerd. He is the law-instructor for the Baltimore Police Department and as a prosecutor previously served as the Division Chief responsible for founding the Baltimore State’s Attorney’s Crime-Strategies Unit. Josh also serves as adjunct professor in the University of Baltimore’s Forensic Science – High Technology Crime program teaching criminal and civil liability in the digital world. He thanks the DMCA for YouTube (though that’s about it), wonders if the Supreme Court will ever give up waiting for Congress to reform the CFAA, and holds CompTIA Net+ and Sec+ certs. But most of all, Samy is his hero. The opinions and musings expressed in his talks are not a reflection on the Baltimore Police Department, the Mayor and City Council of Baltimore, or anyone else (including, at times, himself).