As written by Stephanie Carruthers
The Social Engineering Capture The Flag (SECTF) is a competition that is held at DEF CON. The competition is comprised of two parts, an information gathering phase and live call phase. A target company is randomly assigned and the information gathering stage begins with research of the company (by only using open-source intelligence and no physical contact) followed by writing a report based on information found. The second phase takes place during DEF CON, the contestants make live calls to the target companies to try and gather as many flags as possible.
The flags are based on various groups of information such as: general I.T. information, vendor information, and employee information. The flags themselves are all seemingly innocuous information, such as “what operating system is in use”. However, an attacker could take that information to the next level and create a targeted attack based on that operating system.