Social-Engineer.org today announced the release of the Social Engineer Capture the Flag Report, collecting data from the fifth Social Engineer Capture the Flag (SECTF) contest, held at DEF CON 21. During one of the most prominent and popular annual events at DEF CON, a pool of 10 men and 10 women, from diverse backgrounds and experience levels, tested their social engineering abilities against 10 of the biggest global corporations, including Apple, Boeing, Exxon, General Dynamics and General Electric.
The SECTF is conducted to raise awareness of the ongoing threat posed by social engineering and to provide a live demonstration of the techniques and tactics used by the malicious attacker.
In the SECTF, contestants attempt to capture “flags” – specific piece of information that could be used to successfully penetrate their target companies. In the first segment of the competition, contestants were given two weeks to gather as much intelligence about their target using information obtained only through Google, LinkedIn, Flickr, Facebook, Twitter, the corporate websites and other internet sites. During this information-gathering phase, contestants could attempt to capture as many of the pre-defined flags as possible, but could not contact the company or its employees.
Contestants then performed a live call portion of the event during DEF CON 21. In this segment of the competition, social engineers used pretexts established in the information-gathering phase to telephone employees of the company to further elicit information.