2020 Nomination for Most Epic FAIL
Certifications issued by CREST, an accreditation body recognized by the British government are a must if you want to get serious about cyber in the UK. The secrecy and apparent difficulty of the tests had created a cloud of mystery around the certification for outsiders for a long time. But not anymore: NCC Group streamlined the certification process by creating step-by-step guides, prefilled tests and even mockup labs for their people. We are not sure whether it was an insider, or some penetrator, who was generous enough to share the “pass on 1st try” materials on GitHub. And while handling of similar NDA violations should be straightforward in other cases, NCC isn’t only one of the largest teams worldwide, but CREST’s previous chairman - who stepped down for the time of the still ongoing investigation - also works for them.