Joe Sarkisian

Like, I'm not going to give them the answer. I'm not going to coach them to it. I want to see how they handle this.

Like, I'm not going to give them the answer. I'm not going to coach them to it. I want to see how they handle this.

I have a 30-minute client call with another client I need to take. So I want to be over here. I'm like, you know what? You take the reins on this. It's the beginning of the test. What can go wrong? So I'm on the call and he's doing his thing. And I don't know, like five, 10 minutes go by, I'm on this call. And I started noticing there's a lot of, like, phones ringing in adjacent offices.

I have a 30-minute client call with another client I need to take. So I want to be over here. I'm like, you know what? You take the reins on this. It's the beginning of the test. What can go wrong? So I'm on the call and he's doing his thing. And I don't know, like five, 10 minutes go by, I'm on this call. And I started noticing there's a lot of, like, phones ringing in adjacent offices.

Sorry.

Sorry.

I get off my call. I'm like, I'm sorry, what's going on? He's like, everything's down. We can't reach anything. The core, oh my God, nothing works. We're like, okay. So to the junior guy, whatever you're doing, stop. So he stops. Maybe like five, 10 minutes go by and things kind of quiet down. We check in with the point of contact. He's like, yeah, whatever that was, don't do that ever again.

I get off my call. I'm like, I'm sorry, what's going on? He's like, everything's down. We can't reach anything. The core, oh my God, nothing works. We're like, okay. So to the junior guy, whatever you're doing, stop. So he stops. Maybe like five, 10 minutes go by and things kind of quiet down. We check in with the point of contact. He's like, yeah, whatever that was, don't do that ever again.

He's obviously upset, understandably so. So in the process of figuring out what happened, I'm talking to the junior tester, and I say, what were you doing? What kind of test were you doing? He's like, you know, I was running Responder, whatever. Okay, cool. Well, what else were you doing? Well, you know, I figured I'd save time, and I would run, you know, like a port scan.

He's obviously upset, understandably so. So in the process of figuring out what happened, I'm talking to the junior tester, and I say, what were you doing? What kind of test were you doing? He's like, you know, I was running Responder, whatever. Okay, cool. Well, what else were you doing? Well, you know, I figured I'd save time, and I would run, you know, like a port scan.

Like, okay, what would you use for that? And he says, well, I always use MassScan. And I'm like, okay, not Nmap? He's like, no, no, no, mass scan's faster.

Like, okay, what would you use for that? And he says, well, I always use MassScan. And I'm like, okay, not Nmap? He's like, no, no, no, mass scan's faster.

I'm like, oh, I'm aware mass scan is faster. show me the command you ran with Mascan. So he shows me the command you ran with Mascan, and when you run Mascan, you have the option of how many packets per second you want to run that at. He had added like two or three zeros to the default, which means he was blazing across all of their submats running Mascan and doing a port scan.

I'm like, oh, I'm aware mass scan is faster. show me the command you ran with Mascan. So he shows me the command you ran with Mascan, and when you run Mascan, you have the option of how many packets per second you want to run that at. He had added like two or three zeros to the default, which means he was blazing across all of their submats running Mascan and doing a port scan.

And that is what brought their network to its knees for five to ten minutes, is that he was careless and If you want to kind of step back from that, I was careless as the quote-unquote tester in the room at that point in time.

And that is what brought their network to its knees for five to ten minutes, is that he was careless and If you want to kind of step back from that, I was careless as the quote-unquote tester in the room at that point in time.

So we end up with like this big call. He didn't necessarily like break anything. He just slowed the network down to a crawl because he was shoving so much traffic through it that nothing else could get where it needed to go. So the CIO, chief information officer on the call, a lot of big muckety mucks. And basically they're like, tell us why we shouldn't fire you from this right now, essentially.

So we end up with like this big call. He didn't necessarily like break anything. He just slowed the network down to a crawl because he was shoving so much traffic through it that nothing else could get where it needed to go. So the CIO, chief information officer on the call, a lot of big muckety mucks. And basically they're like, tell us why we shouldn't fire you from this right now, essentially.

And we had to go through the whole rigmarole with them and explain like, look, you know, It was a typo on a screen. We didn't do it on purpose. We're very sorry. We won't do it again. Yada, yada, yada. And luckily, like, they came around. But I'm pretty sure we don't have pen testing work at that bank anymore. So, yeah, that was not fun. We've had to change our procedures since that's happened.

And we had to go through the whole rigmarole with them and explain like, look, you know, It was a typo on a screen. We didn't do it on purpose. We're very sorry. We won't do it again. Yada, yada, yada. And luckily, like, they came around. But I'm pretty sure we don't have pen testing work at that bank anymore. So, yeah, that was not fun. We've had to change our procedures since that's happened.