Public Key Infrastructure (PKI) provides a large attack surface for the pentester. While attacking PKI directly may seem like a juicy target, using the information freely provided by PKI is of much more value than attempting to compromise well protected and monitored servers. This talk will demonstrate the information disclosure that is present in PKI implementations of large organizations in the private and public sector. It will explore the use of that information for purposes of social engineering, phishing, and network recon/profiling. Users have been groomed to accept anything that is signed or encrypted. Misusing the trust that users place in PKI is the new yellow padlock icon!