Security News > 2020 > August > NCC Group admits its training data was leaked online after folders full of CREST pentest certification exam notes posted to GitHub

British infosec biz NCC Group has admitted to The Register that its internal training materials were leaked on GitHub - after folders purporting to help people pass the CREST pentest certification exams appeared in a couple of repositories.

CREST offers a certification called CRT: CREST Registered Tester.

The revelation of the internal company docs have provoked a debate in Britain's tight-knit infosec community about the nature of the relationship between NCC and CREST. An NCC Group spokeswoman told The Register that the files were "a combination of old NCC Group internal training materials and content that has either been incorrectly attributed to NCC Group or which is unconnected to NCC Group." She also confirmed that NCC CISO Dominic Beecher had posted on GitHub asking the person who shared them to get in touch.

CREST's spokeswoman added: "We can confirm that neither the 'crestnda' nor the 'crestapproved' replies on GitHub were posted by CREST and that these accounts are not affiliated with us in any way. We are continuing to investigate this incident."

NCC's spokeswoman added to El Reg: "We take our membership of CREST, the integrity of the CREST Code of Conduct, and our related obligations very seriously and comply with our obligations as a CREST member. We are currently reviewing the materials that have been posted, and are working closely with CREST.".

News URL

https://go.theregister.com/feed/www.theregister.com/2020/08/11/ncc_group_crest_cheat_sheets/